Let`s talk
Let`s talk
Contact Us
Time to break main
CGNAT myths
NFWARE BLOG
16/12/2020
Many service providers use Carrier-Grade NAT technology since the IPv4 problem is here for quite a long time. There are no available IPv4s, and the industry started a long road to IPv6. NAT allows sharing private IPv4 addresses among several subscribers, thus significantly saving ISPs costs.
However, some ISPs continue purchasing IPv4 on the market. We sometimes hear from others about stereotyped CGNAT complexity issues or NAT security and application problems. Let's try to go through these myths in more detail.
Is CGNAT too complicated?
Deploying CGNAT for the first time requires redesigning network architecture. An operator needs to find a place for a new solution, plan the IPv4 addressing, and think up how to connect the network element. Because all networks are different, this is a job for a service provider.
NFWare makes it easier with the support of our value-added resellers, who can provide a solution that works as "plug and play." NFWare partners review the network architecture and propose the deployment scenario. Service providers receive the pre-configured and ready-to-deploy solution and get help with all the needed integrations on-site or remotely.
Is CGNAT a threat to online crimes investigations?
Since with CGNAT, IP-address is no longer an identity of a user on the web, some people say that CGNAT impedes investigating online crimes. As an answer to that, there are acts that regulate user tracking.
NFWare CGNAT solution provides logging functionality fully aligned with requirements of every local regulator. The service provider has to track and store information about sessions and users to provide upon a request. Such information may include private to public IP address translation, port numbers, and others. NFWare vCGNAT provides logging of all NAT translations to an external Syslog, NetFlow, RADIUS or IPFIX logging server.
An alternative to logging is Deterministic NAT. It eliminates the need for logging because in this mode the subscriber's IP address is always mapped to the same external IP and port range. It is one of NFWare vCGNAT modes. With the help of this mode, log messages are not needed at all. Moreover, there is a lower ratio of Users/Public address, and users keep the same public address all the time.
NFWare CGNAT solution provides logging functionality fully aligned with requirements of every local regulator. The service provider has to track and store information about sessions and users to provide upon a request. Such information may include private to public IP address translation, port numbers, and others. NFWare vCGNAT provides logging of all NAT translations to an external Syslog, NetFlow, RADIUS or IPFIX logging server.
An alternative to logging is Deterministic NAT. It eliminates the need for logging because in this mode the subscriber's IP address is always mapped to the same external IP and port range. It is one of NFWare vCGNAT modes. With the help of this mode, log messages are not needed at all. Moreover, there is a lower ratio of Users/Public address, and users keep the same public address all the time.
Is it true that CGNAT negatively affects applications
and user experience?
Some legacy simple NAT solutions broke specific protocols such as FTP, SIP (Voice IP), IPsec VPNs, and IRC (Chat).
However, every modern Carrier-Grade NAT solution has the Application Layer Gateway (ALG) technology. It was designed to solve this problem. Other techniques - such as Endpoint-Independent Mapping (EIM), Endpoint-Independent Filtering (EIF), and Hairpinning - enable users to access applications without any issues. It works with the same quality of access as with a private IPv4 address.
Moreover, modern applications – Skype, WhatsApp, Youtube, and others – don't require the use of any special techniques because they are designed to work with a CGNAT technology in service providers' networks.
You can also look at our blog where you can find information about the test results of the impact of NFWare CGNAT on network applications.
However, every modern Carrier-Grade NAT solution has the Application Layer Gateway (ALG) technology. It was designed to solve this problem. Other techniques - such as Endpoint-Independent Mapping (EIM), Endpoint-Independent Filtering (EIF), and Hairpinning - enable users to access applications without any issues. It works with the same quality of access as with a private IPv4 address.
Moreover, modern applications – Skype, WhatsApp, Youtube, and others – don't require the use of any special techniques because they are designed to work with a CGNAT technology in service providers' networks.
You can also look at our blog where you can find information about the test results of the impact of NFWare CGNAT on network applications.
?
Conclusion
The myth that CGNAT provides any significant security, application issues, or deploying complexity problems needs to be put to rest. Carrier-Grade NAT has been a technology used by small and large service providers for many years in a row. It proves the efficiency in comparison with IPv4 purchasing and provides ISPs the flexibility to grow the business faster.
Firstly, Moving to CGNAT from private IPv4 addressing is an economic decision. Buying another block of IPv4 from one year to another is expensive, and it doesn't allow service providers to quickly increase the subscribers base. Return on investments in Carrier-Grade NAT comes in the first two years of deployment, allowing to stop the never-ending expenditures on IPv4-addresses.
Secondly, CGNAT is also a strategic decision. It allows ISPs to smoothly migrate to IPv6, the new version of IP protocol. With the spread of IPv6, service providers will have to support connectivity via both protocols simultaneously.
Firstly, Moving to CGNAT from private IPv4 addressing is an economic decision. Buying another block of IPv4 from one year to another is expensive, and it doesn't allow service providers to quickly increase the subscribers base. Return on investments in Carrier-Grade NAT comes in the first two years of deployment, allowing to stop the never-ending expenditures on IPv4-addresses.
Secondly, CGNAT is also a strategic decision. It allows ISPs to smoothly migrate to IPv6, the new version of IP protocol. With the spread of IPv6, service providers will have to support connectivity via both protocols simultaneously.
Are you looking for a CGNAT solution?
We can help! NFWare Virtual CGNAT is an acclaimed solution that enables over 100 ISPs to effectively address the IPv4 shortage issue. Kindly provide your email address, and we will get in touch with you to provide further information!
Learn more about NFWare Virtual CGNAT
Our industry-leading high-performance solution for ISPs that efficiently solves the IPv4 exhaustion problem
Related Content
Feel free to share:
Need assistance in understanding the nuances of the CGNAT solution?
Contact Us