Provide Internet Access to a Large Number of Private IPv4 Subscribers of a Telecom Service Provider (Large Scale NAT)
Internet's phenomenal growth has resulted in a shortage of public IPv4
addresses. Large Scale NAT (LSN/CGNAT) provides a solution to this
issue, maximizing the use of available public IPv4 addresses by sharing
a few public IPv4 addresses among a large pool of Internet users. LSN
translates private IPv4 addresses into public IPv4 addresses. It
includes network address and port translation methods to aggregate many
private IP addresses into fewer public IPv4 addresses. LSN is designed
to handle NAT on a large scale.
The NetScaler supports LSN
and is compliant with RFC 6888, 5382, 5508, and 4787. The NetScaler LSN
feature is very useful for Internet Service Providers (ISPs) and
carriers providing millions of translations to support a large number
of users (subscribers) and at very high throughput. The LSN
architecture of an ISP using Citrix products consists of subscribers
(Internet users) in private address spaces accessing the Internet
through a NetScaler appliance deployed in ISP's core network.
The following lists some of the LSN features supported on a NetScaler appliance:
* ALGs: Support of application Layer Gateway (ALG) for SIP, PPTP, RTSP, FTP, ICMP, and TFTP protocols.
* Deterministic/ Fixed NAT: Support for pre-allocation of block of ports to subscribers for minimizing logging.
* Mapping: Support of Endpoint-independent mapping (EIM), Address-dependent mapping ( ADM), and Address-Port dependent mapping.
* Filtering: Support of Endpoint-independent filtering (EIF), Address-dependent filtering, and Address-Port-dependent filtering.
* Quotas: Configurable limits on number of ports and sessions per subscriber.
* Static Mapping: Support of manually defining an LSN mapping.
* Hairpin Flow: Support for communication between subscribers or internal hosts using public IP addresses.
* LSN Clients: Support for specifying or identifying subscribers for LSN NAT by using IPv4 addresses and extended ACL rules.
* Logging: Support for logging LSN session for law enforcement. In addition, the following are also supported for logging:
** Reliable SYSLOG: Support of sending SYSLOG messages over TCP to
external log servers for a more reliable transport mechanism.
** Load balancing of Log Servers. Support for load balancing of
external log servers for preventing storage of redundant log messages.
** Minimal Logging: Deterministic LSN configurations or Dynamic LSN
configurations with port block significantly reduces the LSN log volume.
more information about the Large Scale NAT feature, see