Carrier-grade NAT

Carrier -grade NAT ( CGN ) ( dt: NAT on user-level ), also known as large-scale NAT (LSN ) is a design for an IPv4 network design which terminals ( mostly private networks ) endows with special private IPv4 addresses, to then through a NAT process on provider - level translate into public IPv4 addresses. This is to make a pool of a few IP addresses for many end users usable.

Carrier -grade NAT was developed as an interim solution to exploit efficient IPv4 addresses before IPv6 adoption can.

There was criticism of this approach, especially the following:

  • Like any type of NAT it breaks with the principle of direct communication without interruption
  • It has significant security, scalability and reliability problems
  • Investigations and records of law enforcement agencies are more difficult
  • It is impossible to offer a from a terminal behind a CGN, achieved under an IPv4 address, service
  • It does not solve the problem when a provider routable IP addresses are required (for example in hosting and housing section)

An application scenario can be described as NAT444 as customers connect to the server on the Internet passes through three different IPv4 networks ( each separated by a NAT). 's Own home network, the private network of the ISP and the Internet

CGN another scenario is dual-stack Lite, wherein the provider network is based on IPv6 and IPv4 only two different networks are passed through (also via NAT).

Address range

If an ISP CGN would like to use and this use private IPv4 addresses according to RFC 1918, there is a risk that clients may also use this area and give the customer router no more packets, the address space on both sides is equal.

This led to multiple providers at the ARIN ( IP address registry for North America ) approached and asked for allocation of new private IP addresses ( explicitly for CGN). ARIN referred here to the IETF before was defined via RFC 2860, that this is not a typical address assignment but a reservation for technical reasons.

The IETF RFC 6598 described thereon in a shared address space for use in CGN 's and NAT routers. ARIN returned the need for the allocation of IPv4 address space to IANA. This now blocked the address space 100.64.0.0/10.

Follow

  • Devices or software that try to determine whether an IPv4 address is public or private, must now be updated to recognize the new address range.
  • The allocation of additional private IPv4 address ranges for NAT translations takes away the pressure of the ever -smaller IPv4 address pool of the Internet providers and thus delays the IPv6 transition.
American Registry for Internet Numbers
167126
de