Many of our customers ask us what makes Carrier Grade NAT (CGN) necessary and what the differences are with Carrier Grade NAT vs. traditional port overloading / masquerade NAT that is available in most network routers. The below bullets outline the differences and elaborate as to why CGN can be beneficial to service providers.

• Reduced IPv4 Demand with Predictable Outcomes

CGN provides a 256:1 private IP to public IP cost savings ratio backed by reliable port allocation ranges that allow for  ease of planning and scaling when compared to traditional PAT or masquerade NAT.

• True Transparent NAT (Endpoint Independent Filtering / NAT)

This helps reduce impact from applications that are sensitive to NAT type such as real-time voice, video, and gaming.

• DDoS Protection

Your public IP reputation can be protected by leveraging CGN DDoS protection mechanisms which prevent impactful events like botnet attacks. Traditional PAT / masquerade NAT does not employ any type of DDoS or per-user limitations which leave your public IPs, and all private IP CGN users behind it, exposed.

• Hairpin Support

Some NAT implemented at the router levels do not handle local connectivity very well. When a user needs to communicate to another user behind the same NAT router, this is called traffic "hairpinning". CGN solutions are built to specifically support hairpinning scenarios to ensure uninterrupted P2P connectivity.

• Reduced Routing Resources

Moving the NAT functionality off of your access routers and to dedicated CGN appliances allow for offloading the NAT functionality and frees up resources on your access routers which can be used for other mission-critical network functions.

• Provides maximum NAT compatibility to IPv4 Internet to complement IPv6

CGN deployments provide the most transparent experience to a user while behind NAT. This pairs perfectly with a dual-stack IPv6 deployment which we always recommend service providers implement on their network.

• Simplistic Tracking

We recommend using deterministic NAT when deploying CGN. This allows for easy user identification based on public IP and port number without the need for complex logging mechanisms.