Traditional NAT has been in use for over a decade and typically has been deployed between customer networks and SP (Service Provider) network. Using one or more public IPs, NAT provides internet connectivity to customers using private IP addresses within their network. But as SP has run out of public IPv4 addresses, they cannot allocate more public IPv4 addresses to meet the demand of growing internet population. LSN (Large Scale NAT), also known as CGN (Carrier Grade NAT) or NAT444, fills this gap – it brings in another layer of NAT, which is done in the SP network. This enables SPs to use private IPv4 address even at customer NAT devices and the translation to Public IPv4 address is done in the SP network. Following diagram shows how LSN works.
As can be seen that a double translation is happening – once at the CE NAT and then in the SP network before traffic goes out to public internet. As a result SPs are able to allocate private IPv4 address to SP facing side of NAT devices and save public IPv4 addresses. But LSN, by the virtue of its deployment requirements, has additional level of complexities. Some of the key requirements from a LSN solution are:
- Capability to handle large number of concurrent sessions and support for high rate of new connection establishment
- Quota driven policies – LSN needs to enforce quota policies on how much resources each customer can consume. These can range from number of IPs and Ports allocated per user to connection rate limiting. This is done to ensure that each customer gets fair resources for its need without choking other customers.
- Functional requirements like
- Allowing internal users / applications to use the same external IP for all their sessions
- Hairpinning – to allow clients behind the same LSN device to communicate using their public IPs
- Endpoint Independent Filtering – to make NAT traversal work
- Comprehensive logging abilities to track port allocation and IP usage, and for compliance
Till the time world moves to an all IPv6 environment, solutions like LSN will continue to fill the gap while allowing IPv6 to come up. For example another variant of LSN is NAT464 – which allows the access network between customers and SP to be an IPv6 network while enabling end to end IPv4 connectivity.