Carrier-grade NAT
Carrier-grade NAT ( CGN ; German NAT at operator level ), also known as large-scale NAT ( LSN ) is a draft for an IPv4 network design that equips end stations ( mostly private networks ) with special private IPv4 addresses then translate these into public IPv4 addresses using a NAT procedure at operator level. This should make a pool of a few IP addresses usable for many end users.
description
Carrier-grade NAT was developed according to RFC 6264 as an interim solution in order to be able to use IPv4 addresses more efficiently before the introduction of IPv6.
The main criticism of this approach was:
- Like any type of NAT, it breaks with the principle of direct communication without interruption
- It has significant security, scaling, and reliability issues
- Investigations and records by law enforcement agencies are made more difficult
- As a rule, it is impossible to offer a service that can be reached under an IPv4 address from a connection behind a CGN
- It does not solve the problem if a provider needs routable IP addresses (for example in the hosting and housing area)
An application scenario can be referred to as NAT444 , as the customer connection to the server in the Internet crosses three different IPv4 networks (each separated by a NAT): the own home network, the private network of the Internet provider and the public Internet.
Another CGN scenario is Dual-Stack Lite , in which the provider network is based on IPv6 and only two different IPv4 networks are crossed (also via NAT).
Address range
If an ISP wants to use CGN and uses private IPv4 addresses according to RFC 1918 for this, there is a risk that customers will also use this area and the customer routers will no longer transmit packets, since the address range is the same on both sides.
This led to several providers approaching the ARIN (IP address allocation office for North America) and asking for new private IP addresses to be allocated (explicitly for CGN). ARIN referred to the IETF before it was determined via RFC 2860 that this is not a typical address assignment, but a reservation for technical reasons.
The IETF then described in RFC 6598 a shared address space for use in CGNs and NAT routers. ARIN returned the IPv4 address space required for the assignment to IANA. This now blocked the address space 100.64.0.0/10 .
consequences
- Devices or software trying to find out whether an IPv4 address is public or private must now be updated to recognize this new address range.
- The allocation of further private IPv4 address ranges for NAT translations takes the pressure of the ever smaller IPv4 address pool from the Internet providers and thus delays the IPv6 conversion.
See also
Individual evidence
- ↑ Assessing the Impact of NAT444 on Network Applications
- ↑ NAT444 (CGN / LSN) and What it Breaks
- ↑ Re: shared address space ... a reality! Retrieved September 13, 2012
- ↑ 100.64.0.0/10 - Shared transition space
Web links
- Understanding Carrier Grade NAT (English)
- IETF Request for Comments 6888: Common Requirements for Carrier-Grade NATs (CGNs) April 2013, (English)
- Assessing the Impact of Carrier-Grade NAT on Network Applications September 2013, (English)