The Ugly Side of IPv6: Carrier-Grade NAT
People living up north spend long, cold winters pining for summer -- until the first 90-degree day arrives. ISPs have been anticipating the arrival of IPv6 for years, but now are faced with the sometimes-messy process of living with two IP addressing schemes.
Causing much of the anxiety is carrier-grade Network Address Translation, or NAT. Also known as large-scale NAT or LSN, this is technology offered by the big router makers to move the process of IP address translation into the network, from its previous domain of the customer premises. NAT is the technology that has for many years prolonged the life of IPv4 by serving as the translator between private IPv4 addresses on a local network and shared public IPv4 addresses. Were it not for the widespread use of NAT44, as it is known, IPv4 addresses would have been used up many years ago, as once predicted.
Carrier-grade NAT will also be something of a Band-Aid solution to the immediate problem of having to support existing IPv4-based devices and users as IPv6 rolls into the network. Most people agree that some kind carrier-grade NAT is inevitable, but that doesn't mean they like it.
"It's going to happen -- at the point where you cannot provision new IPv4 services for consumers or service providers or content providers, and you have to make sure the user base can access content regardless of whether they are v4 or v6, we will probably have to do carrier-grade NATs," says Nicolas Fischbach, director of Network Architecture at Colt Technology Services Group Ltd . "We would love to have the answer to avoid or limit carrier-grade NATs as much as possible."
The initial deployment of carrier-grade NATs will be to cut potential costs. ISPs serving the mass market cannot afford to replace the millions of DSL routers and cable modems that are already deployed and are IPv4 only.
"They also have to be concerned with other devices in the home -- computers and operating systems in that home network, print servers their customers may have bought at BestBuy 10 years ago," says Doug Junkins, CTO of NTT America Inc. .
So mass-market service providers will have to provide a significantly greater amount of support for their customers -- or find a way to deal with translating IP addresses in the network, which is what carrier-grade NAT provides.
"I think most providers that serve the mass market are looking at carrier--grade NAT because we know everyone is not going to cut to V6 at once, and there will be a lot of v4 endpoints, so this would be one way to transition," says Jean McManus, executive director of Verizon Communications Inc. (NYSE: VZ)’s Corporate Technology Organization.
On the enterprise side, where there are relatively fewer endpoints, carrier-grade NAT is probably not required, according to both McManus and Junkins.
So what's the objection to using carrier-grade NATs as a transition strategy? Much of it seems to be based on concerns that adding another layer of address translation and yet another box to the network creates inefficiencies and other potential problems. And some of the resistance is based on the fact there is still uncertainty as to how carrier-grade NAT will be deployed.
To the latter point, Verizon's McManus says the industry is still working out many of the key issues.
"There are different implementations -- some are on routers or stand-alone boxes, or you can dedicate a router as a carrier-grade NAT -- there are different approaches which depend on the different carrier environments," she says. "A lot depends on how deep into the network you do the network address translation and how much you scale it."
Where NAT happens also will be a cost issue, Junkins says, with some tradeoffs built in. The closer to the customer that NAT happens, the better performance will be, but the more boxes will be required.
That issue of where the NAT happens -- whether it is close to the edge or deep in the network -- is a critical one for companies such as Akamai Technologies Inc. (Nasdaq: AKAM), which is distributing content globally, says Andy Champagne, VP of engineering.
"We have potential concerns -- clearly there is a scenario where it could be detrimental to our business," Champagne says. "Obviously, if you have a national network and you choose to put up two NAT sites and shove all the traffic through those two egress points, it's going to be problematical for anyone serving a lot of content. But there are smart folks at these companies who can figure that out."
At best, though, Akamai considers carrier-grade NAT an "ugly" process, and much prefers to see native IPv6 traffic served from dual-stacking in the network, or having IPv4 and IPv6 routers sitting side-by-side.
That's been described by IP Consultant Jeff Doyle as the network equivalent of being bilingual.
By contrast, carrier-grade NAT literally puts a lot of translators into the network, and that can be problematic for some applications.
"Everybody is afraid of it -- the carrier-grade NAT devices are very expensive boxes, there's a lot of state you have to keep, and some applications will start to break in the process," says Tim Winters, senior manager of the complink 7913|University of New Hampshire InterOperability Laboratory (IOL)}. "There are definitely going to be tough choices to make."
There are also concerns about how well NAT will scale, says John Curran, CEO of ARIN, and how well it performs as the volume of traffic increases.
The good news, as far as NTT's Junkins is concerned, is that carrier-grade NAT is likely to be a short-term solution.
"In the short term, when there is still a relatively small amount of content available, the investment to install a large-scale NAT box will be less," Junkins says. "But over time as more IPv6 content becomes available and the performance of those large-scale NAT boxes start to deteriorate, the quality of service or quality of experience that customers are getting from the network is effected and there will come a crossover point, where it becomes more advantageous to serve traffic natively."
World IPv6 Day went well enough that everyone is expecting more content to become available in IPv6, and that in turn will push the industry to get its act together on how to handle that traffic and what role carrier-grade NAT has to play and for how long.
"We still have a lot to learn about this," concludes Colt's Fischbach.
— Carol Wilson, Chief Editor, Events, Light Reading