Carrier-grade NAT

Carrier Grade NAT.

Carrier-grade NAT (CGN), also known as large-scale NAT (LSN), is an approach to IPv4 network design in which end sites, in particular residential networks, are configured with private network addresses that are translated to public IPv4 addresses by middlebox network address translator devices embedded in the network operator's network, permitting the sharing of small pools of public addresses among many end sites. This shifts the NAT function and configuration thereof from the customer premises to the Internet service provider network.

Carrier-grade NAT has been proposed as an approach for mitigating IPv4 address exhaustion.[1]

Critics of carrier-grade NAT argue the following aspects:

One use scenario of CGN can be described as NAT444,[3] because some customers' connections to public servers would pass through three different IPv4 addressing domains: the customer's own private network, the carrier's private network and the public Internet.

Another CGN scenario is Dual-Stack Lite, in which the carrier's network uses IPv6 and thus only two IPv4 addressing domains are needed.

Shared address space

If an ISP deploys a CGN, and uses RFC 1918 address space to number their customers, there is a risk that customer equipment already using RFC 1918 space will stop working. The reason is that routing and NAT will not work if the same addresses occur on both inside and outside network interfaces.

This prompted some ISPs to develop policy within ARIN to allocate new private address space for CGNs, but ARIN deferred to the IETF before implementing the policy indicating that the matter was not typical allocation but a reservation for technical purposes (per RFC 2860).

IETF created RFC 6598, detailing Shared Address Space for use in ISP CGN deployments and NAT devices that can handle the same addresses occurring both on inbound and outbound interfaces. ARIN returned space to the IANA as needed for this allocation.[4] The allocated address block is 100.64.0.0/10.[5]

Issues

Disadvantages

Carrier-grade NAT usually prevents the ISP customers from using port forwarding, because the network address translation (NAT) is usually implemented by mapping ports of the NAT devices in the network to other ports in the external interface. This is done so the router will be able to map the responses to the correct device; in carrier-grade NAT networks, even though the router at the consumer end might be configured for port forwarding, the "master router" of the ISP, which runs the CGN, will block this port forwarding because the actual port would not be the port configured by the consumer.[6]

In addition, in rare cases there might be an issue of bans based on IP addresses; in Wikipedia, for example, the system might block a spamming user by banning the IP address which represents them. If that user happens to be behind carrier-grade NAT, other users sharing the same public IP with the spammer will be mistakenly blocked.[6]

See also

References

External links

This article is issued from Wikipedia - version of the Wednesday, January 20, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.