CG-NAT

Carrier-grade NAT (CG-NAT) is a network address translation and port forwarding method that allows several users to share one public IPv4 address. CG-NAT mitigates IPv4 address exhaustion and facilitates adaptation and transition to IPv6. Regular NAT with port forwarding on Linux or FreeBSD is port-restricted and allows inbound connections only on a specific port. For example, two gaming consoles behind such NAT gateway won’t be able to communicate with each other, because the port number will be changed.

Similarly, it blocks torrent trackers and other peer-to-peer protocols. The solution is CG-NAT which allows inbound connections on any port. VAS Experts DPI used as a NAT gateway with redundancy:

Since the solution is designed for huge loads with deep traffic analysis, it can handle CG-NAT.

Main Features

  • RFC 6888 and RFC 4787 compliant RFC 6888, RFC 4787
  • Transporting data through a GRE tunnel via the in-built NAT gateway (PPTP/GRE ALG).
  • Full Cone—transparent connections for P2P protocols and gaming services.
  • Paired IP address pooling—user sessions consistently have a single global IP address.
  • Hairpinning—users behind the same NAT device communicate without address translation.
  • Custom limits on TCP and UDP connections per user.
  • NAT logging based on IPFIX (NetFlow v10).
  • 1:1 NAT simplifies routing inside the operator’s network.
  • To use CG-NAT, machine-in-the-middle connection and VAS Experts DPI COMPLETE license are necessary.
  • To ensure fail-safe operation, it is recommended to install a stand-by platform.
  • Performance of the address translation function depends on the hardware platform and the license (VAS Experts DPI 6, 20, 40 and higher).

Learn More

By clicking on the button, you agree to the terms «Privacy Policy»
Services Consulting