Technical Whitepaper on Carrier Grade NAT (CGN) ZTE Confidential & Proprietary 1 Technical Whitepaper on Carrier Grade NAT (CGN) 1 Basic Principle and Product Form of CGN 1.1 Overview On February 3 rd , 2011, ICANN announced that the last five groups of IP addresses are allocated and no IPv4 address is available any more. June 8 each year is the IPv6 Day across the world. IPv4 addresses are used up, but IPv6 network construction is not completed. To protect the investment and save the cost, the carriers will not replace a tremendous amount of IPv4 devices with IPv6 or IPv4/IPv6 devices in a short term. The mass IPv4 application and service migration to IPv6 is also a large and complicated project. It involves not only the carriers but also numerous software/content and service providers. IPv4 and IPv6 will coexist for a very long period of time in the world. Carriers must solve the issues of IPv4 & IPv6 exchange visits and insufficient IPv4 addresses to reduce the effect on customer use and development. This provides a very broad stage for the development of a variety of NAT technologies, and CGN (Carrier Grade NAT) comes into being accordingly. CGN is the NAT in nature. It translates and maps addresses like ordinary NAT. It is divided into three types by address: NAT44, NAT64 and NAT46. NAT44 conducts the translation and mapping from IPv4 addresses to IPv4 addresses, NAT64 from IPv6 to IPv4, and NAT46 from IPv4 to Pv6. It is divided into three types by mapping: dynamic NAT, static NAT and PAT (dynamic address port mapping). Static NAT creates a fixed one-to-one mapping relationship between an internal private network address and an external public network address, while dynamic NAT creates a dynamic one-to-one mapping relationship between an internal private network address and an external public network address and there is no fixed correspondence between a private network
14
Embed
Technical Whitepaper on Carrier Grade ... - ZTE Corporation · Technical Whitepaper on Carrier Grade NAT (CGN) 2 ZTE Confidential & Proprietary address and a public network address.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Technical Whitepaper on Carrier Grade NAT (CGN)
ZTE Confidential & Proprietary 1
Technical Whitepaper on
Carrier Grade NAT (CGN)
1 Basic Principle and Product Form of
CGN
1.1 Overview
On February 3rd
, 2011, ICANN announced that the last five groups of IP addresses are
allocated and no IPv4 address is available any more. June 8 each year is the IPv6 Day
across the world. IPv4 addresses are used up, but IPv6 network construction is not
completed. To protect the investment and save the cost, the carriers will not replace a
tremendous amount of IPv4 devices with IPv6 or IPv4/IPv6 devices in a short term. The
mass IPv4 application and service migration to IPv6 is also a large and complicated
project. It involves not only the carriers but also numerous software/content and service
providers. IPv4 and IPv6 will coexist for a very long period of time in the world. Carriers
must solve the issues of IPv4 & IPv6 exchange visits and insufficient IPv4 addresses to
reduce the effect on customer use and development. This provides a very broad stage for
the development of a variety of NAT technologies, and CGN (Carrier Grade NAT) comes
into being accordingly.
CGN is the NAT in nature. It translates and maps addresses like ordinary NAT. It is
divided into three types by address: NAT44, NAT64 and NAT46. NAT44 conducts the
translation and mapping from IPv4 addresses to IPv4 addresses, NAT64 from IPv6 to
IPv4, and NAT46 from IPv4 to Pv6. It is divided into three types by mapping: dynamic NAT,
static NAT and PAT (dynamic address port mapping). Static NAT creates a fixed
one-to-one mapping relationship between an internal private network address and an
external public network address, while dynamic NAT creates a dynamic one-to-one
mapping relationship between an internal private network address and an external public
network address and there is no fixed correspondence between a private network
Technical Whitepaper on Carrier Grade NAT (CGN)
2 ZTE Confidential & Proprietary
address and a public network address. The difference between PAT and dynamic NAT is
that the PAT uses the combination of a public network IP address and port No. to map the
addresses of different hosts.
CGN products from different vendors are not identical in dynamic mapping policy and
filtering policy. Dynamic mapping policy and filtering policy are divided into three types
respectively. Three types of dynamic mapping policies are shown as below:
Endpoint-independent mapping (EIM): NAT depends on private network source IP
and source port. Even if destination address and destination port are different,
private network source IP and source port are always mapped to the same public
network source IP and source port. Even if destination address is different, the same
source IP has the same mapping result.
Address-dependent mapping (ADM): NAT depends on private network source IP,
source port and destination address, in other words, a private network source IP, a
source port and a specific destination address are mapped to a public network
source IP and a source port. Even if private network source IP and source port are
the same but destination address is different, they are mapped to different public
network address and port.
Address and port-dependent mapping (APDM): NAT depends on private network
source IP, source port, destination address and destination port, in other words, the
packet from a private network source IP and source port to the same destination and
port is mapped to a specific public network source IP and source port. Even if private
network source IP, source port and destination IP are the same but destination port
is different, different mapping table items are available.
There are also three types of filtering policies corresponding to the above CGN mapping
policies.
Endpoint-Independent Filter (EIF): CGN just filters the traffic which is not sent to the
internal address X:x (meaning address : port), and does not care about source
address and source port of the traffic.
Address-Dependent Filter (ADF): If the internal address X:x does not send the traffic
to the external address Y, CGN filters the traffic from the external address Y to the
internal address X:x. In other words, Y can send the traffic to X:x only after X:x sends
the traffic to Y.
Technical Whitepaper on Carrier Grade NAT (CGN)
ZTE Confidential & Proprietary 3
Address and Port-Dependent Filtering (APDF): If the internal address X:x does not
send the traffic to the external address Y:y, CGN filters the traffic from the external
address Y:y to the internal address X:x. In other words, Y:y can send the traffic to X:x
only after X:x sends the traffic to Y:y.
1.2 NAT444 CGN
NAT444 means two levels of IPv4 NAT, namely, IPv4 - NAT1 - IPv4 - NAT2 - IPv4. The
first-level NAT is between two private network IPv4 addresses, and the second-level NAT
is between private network IPv4 and public network IPv4. With NAT444, carriers can
reduce the demands for public network IPv4 addresses. If they deploy private network
addresses in the client and access network, a large number of public network IPv4
addresses will be saved. NAT444 is very important to a carrier with limited IPv4 addresses
because it greatly slows down the depletion of IPv4 addresses. NAT444 makes a small
change to existing networks and does not need to carry out the large-scale network
reconstruction. New users and access network can employ NAT444 CGN which is the
IPv4 mapping & translation technology and does not involve IPv6 & IPv4 exchange visits.
The first-level NAT is done by the CPE device of users or carriers, and the second-level