Carrier-Grade NAT (CGN) is also known as LSN (Large Scale NAT). And in my opinion, it should be called LSN since there is nothing for CGN to be a carrier-grade. It is just a NAT. With CGN, Service Providers do NAT44 on the CPE from a private address to another private address (Well known /10 prefix which is allocated by IANA) and another NAT44 on the Service Provider network. That’s why you can hear CGN, LSN, Double NAT, or NAT444. All of them refer to the same thing.
Carrier-Grade NAT CGN and so many IPv6 topics are covered in great detail in my IPv6 Zero to Hero Course.
But with CGN you are not enabling IPv6. CGN is a way to solve the IPv4 depletion problem in a very problematic way. Companies are also using trade-market to purchase IPv4 public addresses. The average cost per IPv4 address is around 8-10$ currently. This might increase over time. And it would be wise to expect to see much bigger DFZ space by the time because of de-aggregation.
With CGN, IPv4 private addresses are shared among many customers and those shared addresses are NATed at the CGN node twice.
Difference between Customer NAT (Residential NAT) and SP NAT (CGN, LSN)
With Residential NAT, a single public IPv4 address represents one household, with SP NAT (CGN, LSN), a single public IPv4 address is shared across multiple households
With Residential NAT, 16-bit port space(65000 TCP and UDP ports) is for a single household but with SP NAT, 16-bit port space of the IP address is shared among multiple households.
CGN can be deployed either Inline or Offline. Inline CGN deployment is more common in Enterprise and Residential networks as network traffic pass through the NAT box.
Offline CGN removes the NAT from the primary data path and utilizes source routing mechanisms to send the traffic to the NAT boxes. Offline CGN is a more common deployment model in the SP networks
Carrier-Grade NAT - CGN Advantages
- It is well known NAT, two times NAT operation, customer and SP side, no IPv6 learning curve
- CPE – Customer NAT doesn’t need to change
- CPE doesn’t need to support IPv6
Carrier-Grade NAT - CGN Disadvantages
- CGN is an IP address sharing solution, many users share the same Public IP address, there are problems with it
- Some applications break, applications that can work with a single layer of NAT may not work with two layers of NAT
- Sharing addresses makes operations/troubleshooting harder
- How many ports should be assigned to each user? It is called Port Spray
- Many websites open 80-100 TCP connections (Newspapers), and some apps open hundreds of sessions (Google Map, etc.)
- Intense logging will be needed for the Lawful intercept
- Traceability of users behind Carrier-Grade NAT CGN
- CGN in forwarding path (Inline deployment) becomes a single point of failure
- Offline CGN deployment requires source routing which creates unnecessary complexity
- CGN IP address getting blacklisted due to address sharing (Not every user is innocent)
cgnat, carrier grade network address translation, big-ip carrier-grade nat course, network address translation, ip addresses, ip address translations, private ip addresses