Internet service providers are circling carrier-grade or large-scale network address translation as a strategy that would allow them to cling to IPv4 for longer, further delaying moves to adopt IPv6.
NAT was developed in the 1990s when the IPv4 address exhaustion problem first arose. The thinking behind NAT is to conserve the number of publicly visible and therefore unique IPv4 addresses through reuse of private addresses for devices in internal networks.
Under NAT, one or more Internet-visible addresses acts as a network gateway, “translating” traffic to and from private, internal networks that cannot be directly reached from the outside world.
That way, one public IPv4 address can “hide” many private ones. Home networks almost exclusively use such address sharing, as do many corporate ones.
While NAT used to be confined to the edge of networks, what is now being proposed and trialled is to use address sharing closer to the core of providers’ networks.
Providers such as BT’s Plusnet in the United Kingdom are already trialling CGNAT to use an alternative to IPv6. It sees IPv6 being "years away" and believes that everyone will still need an IPv4 address for the foreseeable future.
iiNet chief technical officer John Lindsay doesn’t expect iiNet to deploy IPv4 CGNAT for the next few years, but says the provider uses CGNAT for its wifi network and through its many load balancers and servers.
“We may use it in the future for fixed-line customers, but only in a world where they have a real IPv6 connection too, and the IPv4 layer is legacy glue,” Lindsay says.
CGNAT — where several customers share one public IP address — isn’t without its share of problems.
Most internet users will never notice CGNAT.
“Most end users see the world via web browsers and email clients. They live in a world of domain names and email addresses,” Lindsay says. “The encapsulation of that traffic through IPv4 or IPv6 is a hidden layer that doesn’t trouble users."
However, customers hosting a small website or playing games on broadband connections may not be so lucky.
CGNAT would become immediately unpopular if a customers’ games console got cut off from the Internet due to connection problems caused by address sharing.
“Large-scale NATs pose a challenge in a scenario where customers are running servers in an address sharing environment,” says Alcatel-Lucent senior Internet Protocol product line manager Alastair Johnson.
Johnson believes the challenge could be resolved with a new Port Control Protocol (PCP) standardised by the Internet Engineering Task Force.
PCP extends the Universal Plug’n’Play (UPnP) and NAT Port Mapping protocols that, in the home, ensure traffic flow between, for instance, an Xbox console and the broadband gateway to the ISP’s CGNAT device.
New broadband routers that support PCP can then work with the providers' CGNAT device to open external ports as required.
APNIC chief scientist Geoff Huston takes a more pessimistic view of networks behind NAT.
Huston says that as long as the consumer’s host is the client for a server with a public address, NAT means common protocols such as HTTP for web browsing, FTP for file transmission and SMTP for email will continue to work.
From there, the situation becomes more complex. For instance, symmetric traffic paths are required for CGNAT as both sides of the data conversation have to go through the same address sharing unit, Huston says.
This calls for careful engineering, particularly when the network has multiple upstream connections and peers, to make sure incoming and outgoing traffic are pushed through the same NAT device, he says.
“Failover redundant systems will not operate in such an environment,” Huston says, adding that network failures will break applications, which is otherwise rare in networks without address sharing.
“If you want to use vanilla HTTP and nothing else and put up with a more brittle network and more fragile applications that run slower, then CGN[AT]s will work just fine,” Huston says.
“If you want resilience, robustness, speed, flexibility, then this is not going to happen in a network built upon CGNAT”, he said.
Another issue that may cause headaches is the emergence of IPv6-only services on the public Internet that users with IPv4 addresses behind CGNAT will want to access, Lindsay says.
He says this will lead to some ISPs using transparent proxy servers in order to translate between the IPv6 Internet and address-shared IPv4 networks.
Read on for the port exhaustion problem and alternatives to large-scale NAT deployments.