The Ugly Side of IPv6: Carrier-Grade NAT

People living up north spend long, cold winters pining for summer -- until the first 90-degree day arrives. ISPs have been anticipating the arrival of IPv6 for years, but now are faced with the sometimes-messy process of living with two IP addressing schemes.

Causing much of the anxiety is carrier-grade Network Address Translation, or NAT. Also known as large-scale NAT or LSN, this is technology offered by the big router makers to move the process of IP address translation into the network, from its previous domain of the customer premises. NAT is the technology that has for many years prolonged the life of IPv4 by serving as the translator between private IPv4 addresses on a local network and shared public IPv4 addresses. Were it not for the widespread use of NAT44, as it is known, IPv4 addresses would have been used up many years ago, as once predicted.

Carrier-grade NAT will also be something of a Band-Aid solution to the immediate problem of having to support existing IPv4-based devices and users as IPv6 rolls into the network. Most people agree that some kind carrier-grade NAT is inevitable, but that doesn't mean they like it.

"It's going to happen -- at the point where you cannot provision new IPv4 services for consumers or service providers or content providers, and you have to make sure the user base can access content regardless of whether they are v4 or v6, we will probably have to do carrier-grade NATs," says Nicolas Fischbach, director of Network Architecture at Colt Technology Services Group Ltd . "We would love to have the answer to avoid or limit carrier-grade NATs as much as possible."

Economic motivation
The initial deployment of carrier-grade NATs will be to cut potential costs. ISPs serving the mass market cannot afford to replace the millions of DSL routers and cable modems that are already deployed and are IPv4 only.

"They also have to be concerned with other devices in the home -- computers and operating systems in that home network, print servers their customers may have bought at BestBuy 10 years ago," says Doug Junkins, CTO of NTT America Inc. .

So mass-market service providers will have to provide a significantly greater amount of support for their customers -- or find a way to deal with translating IP addresses in the network, which is what carrier-grade NAT provides.

"I think most providers that serve the mass market are looking at carrier--grade NAT because we know everyone is not going to cut to V6 at once, and there will be a lot of v4 endpoints, so this would be one way to transition," says Jean McManus, executive director of Verizon Communications Inc. (NYSE: VZ)’s Corporate Technology Organization.

On the enterprise side, where there are relatively fewer endpoints, carrier-grade NAT is probably not required, according to both McManus and Junkins.

Potential problems
So what's the objection to using carrier-grade NATs as a transition strategy? Much of it seems to be based on concerns that adding another layer of address translation and yet another box to the network creates inefficiencies and other potential problems. And some of the resistance is based on the fact there is still uncertainty as to how carrier-grade NAT will be deployed.

To the latter point, Verizon's McManus says the industry is still working out many of the key issues.

"There are different implementations -- some are on routers or stand-alone boxes, or you can dedicate a router as a carrier-grade NAT -- there are different approaches which depend on the different carrier environments," she says. "A lot depends on how deep into the network you do the network address translation and how much you scale it."

Where NAT happens also will be a cost issue, Junkins says, with some tradeoffs built in. The closer to the customer that NAT happens, the better performance will be, but the more boxes will be required.

That issue of where the NAT happens -- whether it is close to the edge or deep in the network -- is a critical one for companies such as Akamai Technologies Inc. (Nasdaq: AKAM), which is distributing content globally, says Andy Champagne, VP of engineering.

"We have potential concerns -- clearly there is a scenario where it could be detrimental to our business," Champagne says. "Obviously, if you have a national network and you choose to put up two NAT sites and shove all the traffic through those two egress points, it's going to be problematical for anyone serving a lot of content. But there are smart folks at these companies who can figure that out."

At best, though, Akamai considers carrier-grade NAT an "ugly" process, and much prefers to see native IPv6 traffic served from dual-stacking in the network, or having IPv4 and IPv6 routers sitting side-by-side.

That's been described by IP Consultant Jeff Doyle as the network equivalent of being bilingual.

Industry fears
By contrast, carrier-grade NAT literally puts a lot of translators into the network, and that can be problematic for some applications.

"Everybody is afraid of it -- the carrier-grade NAT devices are very expensive boxes, there's a lot of state you have to keep, and some applications will start to break in the process," says Tim Winters, senior manager of the complink 7913|University of New Hampshire InterOperability Laboratory (IOL)}. "There are definitely going to be tough choices to make."

There are also concerns about how well NAT will scale, says John Curran, CEO of ARIN, and how well it performs as the volume of traffic increases.

The good news, as far as NTT's Junkins is concerned, is that carrier-grade NAT is likely to be a short-term solution.

"In the short term, when there is still a relatively small amount of content available, the investment to install a large-scale NAT box will be less," Junkins says. "But over time as more IPv6 content becomes available and the performance of those large-scale NAT boxes start to deteriorate, the quality of service or quality of experience that customers are getting from the network is effected and there will come a crossover point, where it becomes more advantageous to serve traffic natively."

World IPv6 Day went well enough that everyone is expecting more content to become available in IPv6, and that in turn will push the industry to get its act together on how to handle that traffic and what role carrier-grade NAT has to play and for how long.

"We still have a lot to learn about this," concludes Colt's Fischbach.

— Carol Wilson, Chief Editor, Events, Light Reading

AYChen 8/12/2018 | 5:35:51 PM
re: The Ugly september Side of IPv6: printable calendar Carrier-Grade NAT Hi, miles.m,:

Yes, by definition, NAT uses state look-up table to handle the packets replying to those went out which leads to huge tables that use a lot of memory as well as processing power that slows down traffic when the client base grows.

In our EzIP approach, the primary goal is to provide the router service to the expanded subscriber base (due to larger assignable  pool). This is straighforward routing, thus not much affected by scaling. Since it is an existing Option Word mechanism, it should encourage IoT owneres to make use of this mode.

EzIP also provides the NAT to serve those IoTs that are not aware of the EzIP service. But, this is used for the short term to smooth over the gap. With the routing mode easily accessible, it is hoped that conversion to router mode will take place with minumum persuartion. So, the NAT table in the SPR should stay finite.


Abe (2018-08-12 17:34)
AYChen 8/11/2018 | 7:12:48 AM
re: The Ugly Side of IPv6: Carrier-Grade NAT Hi, cnwedit:

Thanks for your comment. It clarifies another IPv4 address exhaustion myth. A few years ago, we ventured into studying the issues by accident, perhaps due to the curiosity based on our telephony background. We now have submitted to IETF a proposal name EzIP (phonetic for Easy IPv4):


EzIP utilizes the original IPv4 standard RFC791 and the long-reserved yet hardly-used 240/4 address block to expand each IP address by 256M (Million) fold without disturbing existing Internet setup.

EzIP not only resolves the IPv4 address shortage issues, but also largely mitigates the root-cause to cyber security, plus opens up new Internet possibilities, all within the confines of IPv4 domain.

EzIP benefits the society by avoiding the cost of learning a new protocol. However, it is not being reviewed by IETF because no more work is being done on IPv4. How could an arbitrary policy set up by a limited few determine the future of a facility still carrying 98% of the world-wide daily communications?

Any thoughts or comments will be much appreciated.

Abe (2018-08-11 07:06)
fgoldstein 12/5/2012 | 5:02:20 PM
re: The Ugly Side of IPv6: Carrier-Grade NAT

The fallacy here is that IP address is somehow sacred.  The connection identifier in TCP/IP networks is the 48-bit string consiting of an IP address and the port number. This can be a local value.  Hell, anybody remember hoary old X.25?  Its connection ID was local too.  No issue.

The only reason why NAT bothers folks is that there are broken applications that put the IP address inside the application.  FTP did this 40 years ago because the BBN PTIP didn't have enough memory to support priint service otherwise -- "port" really was a port on the terminal server.  But why do people still do that?  Stick to names and it will work okay.

paolo.franzoi 12/5/2012 | 5:02:20 PM
re: The Ugly Side of IPv6: Carrier-Grade NAT


I think your perspective is not wrong but maybe a bit skewed.

What I seen in the business side of things is LOTS and LOTS of old equipment.  Stuff that is obsolete or has not had software upgrades in years.  Some things are working and have no reason to change.

I personally think THAT is the horror story of IPv6 which is going to drive carrier NAT.  There is going to be such a hew and cry to connect to the 6 bone from a service within a firm that is v4 only that there will be no choice.

I think of this transition as similar to (in some ways) to the Y2K problem.  With one exception, nobody knows for sure when they have to invest to fix it in an Enterprise.  Some of this investment is not Capex, but might be quite interesting.  For example, how many of you are running say Windows 2003 Servers and are not 100% positive that IPv6 is enabled.  How many old JVMs are there out there that crash when you enable IPv6?  Are you 100% sure your Mail Gateway can look up Quad A records?  Have you tried it?



sgamble 12/5/2012 | 5:02:20 PM
re: The Ugly Side of IPv6: Carrier-Grade NAT

"I think of this transition as similar to (in some ways) to the Y2K problem."


Remember upgrading IOS to > 11.x (I think it was) to be "Y2K compliant".  Worked wonders for Cisco to get those 2500s out in the wild off of 9/10 IOS streams.

Contracts I worked on also used it as a great opportunity to justify swapping out their 4000 routers, 5000 CATs to next-gen products ;)

I am sure we will see a lot of this for "IPv6 Compliance."  More spending and more jobs.  Not a bad thing :)

cnwedit 12/5/2012 | 5:02:18 PM
re: The Ugly Side of IPv6: Carrier-Grade NAT

I don't disagree with the idea that there are business issues as well around IPv6, especially when it comes to embedded IPv4 addresses in all kinds of places in the enterprise, but every carrier I talked to, and I talked to a lot of them, said the same thing, that it was the mass-market driving carrier-grade NAT, and that they will deal with enterprise issues in other ways.

I admit I'm not the expert here, just the reporter, so if they are all skewing my perspective, I'm stuck.

allen007 12/5/2012 | 5:02:18 PM
re: The Ugly Side of IPv6: Carrier-Grade NAT

There will be some issues with translations, latency and complexity of a possible overlay network.  In saying this ...this could be a great opportunity for Juniper  Network to shine given the workload.


Time will tell ....

paolo.franzoi 12/5/2012 | 5:02:17 PM
re: The Ugly Side of IPv6: Carrier-Grade NAT


I think maybe it is an accountability thing.  Carriers know how much IPv4 gear they have put out there and expect to have to deal with that and other consumer issues.  I am guessing they are expecting IT groups to deal with the business customer issues.



cnwedit 12/5/2012 | 5:02:15 PM
re: The Ugly Side of IPv6: Carrier-Grade NAT

And they expect to make some extra $$$ selling professional services to enterprises to tell them how to handle the transition and to walk them through it.

fgoldstein 12/5/2012 | 5:02:13 PM
re: The Ugly Side of IPv6: Carrier-Grade NAT

The Y2K analogy is pretty good here.  It's a panic over nothing.  Yes, we ran out of 2-digit years.  Yes, we "ran out" of virginal IPv4 addresses.  And yes, the US ran out of homestead farmland early in the last century, but somehow agriculture continued.  A market developed for farmland.  Anohter analogy is to the rapturists, who believe that the world ends last month, or this October, or whatever, but quick send him all your money before then so he can spread the word.  (No refunds if he's wrong, though.)

There's really no reason for anyone to make the transition, since IPv6 was misbegotten in the first place and doesn't fix anything that needs fixing.  It's a vendor-driven fantasy.  IPv4 needs NAT, but so does IPv6, and IPv4 wastes fewer header bits and it is much better understood.

Sign In