Many of our customers ask us what makes Carrier Grade NAT (CGN) necessary and what the differences are with Carrier Grade NAT vs. traditional port overloading / masquerade NAT that is available in most network routers. The below bullets outline the differences and elaborate as to why CGN can be beneficial to service providers.
Reduced IPv4 Demand with Predictable Outcomes
CGN provides a 256:1 private IP to public IP cost savings ratio backed by reliable port allocation ranges that allow for ease of planning and scaling when compared to traditional PAT or masquerade NAT.
True Transparent NAT (Endpoint Independent Filtering / NAT)
This helps reduce impact from applications that are sensitive to NAT type such as real-time voice, video, and gaming.
Your public IP reputation can be protected by leveraging CGN DDoS protection mechanisms which prevent impactful events like botnet attacks. Traditional PAT / masquerade NAT does not employ any type of DDoS or per-user limitations which leave your public IPs, and all private IP CGN users behind it, exposed.
Some NAT implemented at the router levels do not handle local connectivity very well. When a user needs to communicate to another user behind the same NAT router, this is called traffic "hairpinning". CGN solutions are built to specifically support hairpinning scenarios to ensure uninterrupted P2P connectivity.
Reduced Routing Resources
Moving the NAT functionality off of your access routers and to dedicated CGN appliances allow for offloading the NAT functionality and frees up resources on your access routers which can be used for other mission-critical network functions.
Provides maximum NAT compatibility to IPv4 Internet to complement IPv6
CGN deployments provide the most transparent experience to a user while behind NAT. This pairs perfectly with a dual-stack IPv6 deployment which we always recommend service providers implement on their network.
We recommend using deterministic NAT when deploying CGN. This allows for easy user identification based on public IP and port number without the need for complex logging mechanisms.
The ArchCGN Solution
We take a fully managed approach to CGN for our customers. There are two deployment models; one is a cloud hosted solution ("CGN to Lease") where customer traffic is sent to the cloud and then NATed as a service and the other is an on-premise solution ("CGN to Own") where the customer provides hardware that Archous Networks deploys our ArchCGN software to. In either deployment model, Archous Networks configures, manages, monitors and provides full end to end support of the CGN solution for the customer. We even offer configuration guides as well as consulting options to ensure a seamless integration in to the customer's network. Both deployment models provide endpoint independent filtering/NAT, hairpin support, deterministic NAT, and DDoS protection.
Bulk discounts and customized quotes are available so please feel free to reach out for pricing.
ArchCGN - CGN to Own - one-time fee per IP*
One year free of ArchCGN NMS (network monitoring system)
Turnkey deployment of on-site solution
24/7 monitoring, ticketing, and remote support
On-premise solution for dedicated bandwidth, more control and low latency
Fully managed solution. No need to learn new CLI or products
Supports full N+1 or 2N redundancy leveraging active/standby deployment with BGP, OSPF, or VRRP
Perpetual ownership license to run CGN on your own hardware
Ideal for larger deployments
*One-time fee charged per private CGN customer IP and then 35% yearly maintenance
*Minimum purchase of /22