News Stay informed about the latest enterprise technology news and product updates.

Is CG-NAT the short-term answer to IPv4 exhaustion?

IPv4 exhaustion has arrived, but IPv6 is not ready for primetime. Will ISPs and enterprises find a short-term solution in CG-NAT infrastructure?

As IPv4 addresses dry up, Internet service providers (ISPs) and enterprises are moving quickly to figure out how to handle the shortage until IPv6 infrastructure is built out. One answer may be investing in Carrier Grade NAT (CG-NAT) infrastructure —but what happens to the money spent once IPv6 emerges?

How CG-NAT can help

The solution to IPv4 exhaustion in the short term is to use fewer total IPv4 addresses by sharing them among different customers using CG-NAT technology, also called Large Scale NAT. This is similar to a home gateway NAT that enables address sharing among multiple devices in the home —only it works on a much larger scale.

The best strategy would be to use IPv4 CG-NAT networks while building an IPv6 infrastructure. Eventually, top content providers will offer their content over IPv6, allowing ISPs to gradually offload traffic from the CGN hardware. This way, ISPs will have a “cap-and-grow” strategy for their CGN infrastructure.

But moving toward an Ipv6 transition doesn't mean that CG-NAT infrastructure investment is a waste.  The Internet will not migrate to IPv6 overnight. In fact, current estimates call for up to a 20-year transition period, leaving little doubt that CGN infrastructures will be in place for a very long time. 

The adoption of IPv6 in the enterprise sector is generally occurring at an even slower pace than in the broadband and wireless ISP sector. That means it will be possible to leverage currently deployed NAT infrastructure to accommodate the needs of most enterprises.

CG-NAT infrastructure challenges

While CG-NAT offers a short-term solution to the IPv4 shortage problem, it doesn't come without challenges. The massive deployment of CG-NAT by broadband and wireless service providers will have an impact on enterprise and content provider network management operations. For example, the current practice of dealing with a denial of service (DOS) attack is to filter out the offending IPv4 address. In a world of CGNs, if this address is in the IPv4 public pool of a carrier-grade NAT, that approach could take out not only the offending party, but hundreds or thousands of other customers sharing the same IPv4 address.

How can we handle those DOS attacks more effectively and limit the scope of those black holes? Deep packet inspection (DPI) techniques may be able to find a signature of the attack and create more specific filters. An alternative solution is to collaborate with the CGN operator and apply source-based filtering before the packets get NATed by the CGN.

In conclusion, my belief is that CG-NAT technologies will be the transition solution for IPv4 address exhaustion. IPv6 deployment will occur naturally, especially as more websites offer more content over IPv6, leading to the “cap-and-grow” strategy for ISPs and CGN deployments while at the same time simplifying the network management and security in the Internet. Though the forthcoming assignment of the remaining IPv4 addresses may sound alarming, the current reality and future of the Internet will remain one of vibrant, robust growth. 

Alain Durand is director of software engineering at Juniper Networks.

A leader on IPv6 issues since 1993, Durand is the inventor of the Dual Stack-Lite (DS-Lite) network address translation (NAT) solution to allow IPv4 and IPv6 addressing to coexist on carrier networks and has authored numerous Request for Comments (RFCs) and Internet-Drafts. He now serves as the co-chair of both the IETF Softwires and Port Control Protocol (PCP) working groups, which focus on how applications will evolve to accommodate IPv4 address exhaustion and IPv6 address adoption.

Dig Deeper on Network Infrastructure

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.