Carrier-grade NAT (CG-NAT) is a network address translation and port forwarding method that allows several users to share one public IPv4 address. CG-NAT mitigates IPv4 address exhaustion and facilitates adaptation and transition to IPv6. Regular NAT with port forwarding on Linux or FreeBSD is port-restricted and allows inbound connections only on a specific port. For example, two gaming consoles behind such NAT gateway won’t be able to communicate with each other, because the port number will be changed.
Similarly, it blocks torrent trackers and other peer-to-peer protocols. The solution is CG-NAT which allows inbound connections on any port. Stingray SG used as a NAT gateway with redundancy:
Since the solution is designed for huge loads with deep traffic analysis, it can handle CG-NAT.
- RFC 6888 and RFC 4787
- Transporting data through a GRE tunnel via the in-built NAT gateway (PPTP/GRE ALG).
- Full Cone—transparent connections for P2P protocols and gaming services.
- Paired IP address pooling—user sessions consistently have a single global IP address.
- Hairpinning—users behind the same NAT device communicate without address translation.
- Custom limits on TCP and UDP connections per user.
- NAT logging based on IPFIX (NetFlow v10).
- 1:1 NAT simplifies routing inside the operator’s network.
- To ensure fail-safe operation, it is recommended to install a stand-by platform.