IP protocols/software

The Dark Side of IPv6

What started out as a lowly technology found in the home has sprung up in large-scale strength in service provider networks all over the world. The technology is Carrier Grade NAT, and it generates high emotions, no matter whether you are for it or against it.

Network Address Translation (NAT) technology is one approach to dealing with the depleting supply of IPv4 addresses. Simply put, NAT enables multiple devices to share a single IPv4 address. In your home you share your IPv4 address with all your connected devices -- computer, TV, laptop, game system, PVR, phone, mobile phone, and so on.

Carrier Grade NAT (CGN) takes this sharing to a whole new level. The purpose of CGN is to share an IPv4 address with multiple connected end nodes to squeeze a little more time out of v4 addresses we have today. By moving the tech from the home into the carrier network, a single IPv4 address can now be shared with hundreds of homes and all their respective connected devices.

The good, the bad, the ugly
To better understand Carrier Grade NAT we recently questioned the gogoNET community and received 906 responses to our poll. gogoNET comprises 95,000 networking professionals who are in the process of migrating their networks, services, or products to IPv6. Since they’re the ones doing the work they provide a unique perspective on this divisive issue.

To understand market sentiment we first asked: What is your opinion on Carrier Grade NAT (CGN)?

  • Good: I plan on deploying it and am happy to do so.
  • Bad: I will not consider this evil technology.
  • Ugly but necessary: I have no other choice but to deploy CGN, but I am not happy about it.
  • Don't know: I still need to do more research to have an opinion, or it is not relevant to me.

A full 76 percent of those with opinions considered CGN as being Bad and the technology evil. This was distantly followed by 16 percent who considered it Ugly but necessary and only 8 percent who considered it Good. Given that transition mechanisms require IPv4, another way to interpret this is that over three-quarters of the market either has plenty of IPv4 addresses or is planning to go IPv6 native or is living in denial.

Why the hate?
The answer lies somewhere between ideology, technology, and good ol’ money. Perhaps Tina Tsou, head of IPv6 Research at Huawei, summed up the ideological debate best by asking, “Is it for IPv4 life extension or IPv4 service continuity?” Jeff Doyle, IPv6 Forum Fellow and VP of engineering at TorryPoint, whom I interviewed for The IPv6 Show podcast, concurred, stating there are many intrepid IPv6 proponents who think, “Let’s not do anything that’s going to allow people to stick to IPv4 any longer than they have to.”

On the other hand, he says CGN can make the transition smoother by providing organizations the time they need to make informed transition decisions that could have high operational and cost ramifications. Paul Nicholson, director of product marketing at A10, also looks at it pragmatically, "CGNAT solves a real issue today -- helping to enable IPv6 transition as part of other transition technologies. There’s a bigger trend then just a quick IPv4 address shortage fix."

But if chosen as a transition strategy, CGN is not without its own costs. First, these stop-gap systems, whether upgrades or separate boxes, must be purchased. Most CGN architectures must establish and maintain a bi-directional state, which makes the systems inefficient and thus expensive from the perspective of scalability and performance.

But the biggest technical resentment emanates from the fact that Carrier Grade NAT will break things, as explained here in RFC 6269, Issues with IP Address Sharing. Select applications and services will stop running properly. Case in point, consider the backlash BT faced recently from its customers when its CGN deployment broke Microsoft Live.

Or maybe the hate is really self-loathing in disguise.

Transition mechanisms – the real ones
Transition mechanisms have been around for more than 10 years to avoid the exact situation we find ourselves in, and most of us know it. Dual stack and tunneling were not designed with address shortages in mind -- they require IPv4 for a soft landing on IPv6. But the economics didn’t compute. Spend money now to avoid a problem later? Nah, paychecks, bonuses, and stock options reward present results, not those that may occur in the future. So now, in the future, we find ourselves using CGN as a transition mechanism, something for which it was never intended.

And according to the market, we are well along our way. We asked those who were planning to deploy CGN (Good, Ugly) when they would start, and the answer came back in almost perfect thirds:

Approximately one-third said they already have deployed CGN, one-third said they will do it this year, and one-third said they will do it in two-to-five years. There was an outlier group -- 4 percent said they would deploy CGN in six or more years. When asked how long they thought this new tech would live in their networks, the answers were across the board, however a pliurality of 34 percent said it would most likely be there forever.

The standards path to CGN is fraught with casualties. We limited our look at the CGN forerunners du jour and asked the question, "What architecture do you plan to use to deploy CGN?" The following table displays the deployment of each CGN flavor and vendor support.

To the chagrin of most, NAT444 is currently the most popular architecture and even more so when the data is segmented by those who have already deployed. Sixty-eight percent of the Carrier Grade NATs deployed today are NAT444. By most accounts, this is not good; in fact it’s the worst-case scenario. Not only is NAT444 stateful, it does nothing to move the needle on IPv6 deployment since, in contrast to the other four choices, it all works over IPv4.

Advice for the wary
Jeff Doyle has two pieces of advice for those deploying CGN. By far the most important is on testing. Create a test network and test CGN with the typical apps and services that will run over your network. Things will break (remember BT), so identify and isolate the issues, and then go to work patching them up with ALGs and perhaps other workarounds. If they are not fixable, at least you have the information you need to put together communication and support plans to deal with angry customers.

Secondly, Doyle says to keep in mind the tech's temporary nature and frame your architecture and planning with that in mind. Although 34 percent say they will leave the CGNs in their networks, probably forever, that is wrong thinking. Eventually the cost of maintaining IPv4 with CGN will cost more than getting rid of it… and the tipping point will have been found.

Dave Thaler, partner architect at Microsoft and previous lead of its IPv6 development, suggests that when buying a CGN to make sure that it conforms to RFC6888, which discusses the common requirements for Carrier Grade NATs. Global lead of Cisco’s IPv6 High Impact Project, Alain Fiocco, strongly recommends that you deploy IPv6 natively to your customer alongside of CGN, kind of like a hybrid dual stack environment: “Simply because about half of the sessions (that's about the amount of content available on IPv6 today) will bypass the CGN and do IPv6 end-to-end.”

In the end you need to decide good, bad, or ugly for yourself, but if you do deploy be aware of the consequences.

Need more?
To shine a light on the dark side of IPv6 check out the gogoNET Live! IPv6 Conference where Jeff Doyle, Dave Thaler, and other IPv6 experts will be on the discussion panel, “Carrier Grade NAT – Good, Bad, or Ugly and Necessary?” alongside leading vendors hashing out this important issue. For a more detailed account listen to an extensive interview on CGN with Jeff on The IPv6 Show podcast, and visit the gogoNET community to see the original poll data.

—Bruce Sinclair, CEO, gogo6

varkonyib 10/31/2013 | 4:28:31 AM
CGN is good for service providers Although most people would never admit in public, CGN could be beneficial to a service provider, because it makes peer-to-peer networking more difficult.

So it is easier to move customers into the walled garden of the service providers. Once they do it, they would experience better quality of service. And this could become a competitive advantage against the OTT push...


gogoBruce 10/30/2013 | 8:03:39 PM
Re: CGN has some ways to go There are lots of unused addresses out there but it's another thing to get them.  The organizations that require them most right now are ISPs, MSOs, ... and they don't just need addresses they need large contiguous blocks of addresses... and even if they were to get these blocks it's just kicking the can down the road.  They will eventually run out so there is indeed a need to convert to IPv6.  

In a recent meeting with the CTO of a top 3 US ISP I was told that they are considering both grey market addresses and CGN.  But there's a cost to both and this cost will increase exponentially over time.  Addresses as they become scarcer will go up as a commodity and the same will happen per saved address with CGN due their inefficiencies as described in the article.

At some point in time the cost of using these time extension methods will cost more than to go all in with IPv6 and that will be when we transition.

Carol Wilson 10/30/2013 | 1:07:38 PM
Re: CGN has some ways to go This is a debate no one seems to win - I am constantly told by the authorities that a lot of these addresses have already been recovered but other smart people insist there are still plenty of unused v4 addresses out there.
brookseven 10/30/2013 | 1:00:09 PM
Re: CGN has some ways to go Carol,

People have unused IPv4 addresses.  Think of the allocation Digital Equipment Corporation was given at the beginning.  I wonder if many of those IP addresses are unused....

Which love or hate IPv6, the reality is we could actually recover lots and lots of unused IPv4 address blocks and push the run out off for a very long time...


Take a look at this list and ask yourself...does the current HP really need all those addresses?  How about MIT?  GE?  What about we think about the use of the multicast or broadcast addresses?  See what I mean?

Now, many technologists want a conversion to IPv6 for good reasons.  But the truth is there is no real need to do so.  I expect lots of hate mail for this.


Carol Wilson 10/30/2013 | 12:48:43 PM
Re: CGN has some ways to go I'm not sure I've heard the "gray market" mentioned in a telecom context ever. But I understand what you are saying. 

CGN was an option most service providers seemed to completely oppose a few years back -- or at least that's what they told me -- and I have to wonder what happened.
MarkC73 10/30/2013 | 9:19:45 AM
CGN has some ways to go In its current state, I am not a fan of CGN, period.  And the statement "If they are not fixable, at least you have the information you need to put together communication and support plans to deal with angry customers" is simply unacceptable if it affects more than 1% of our customers, even if I sell my soul and think of it only from a product stand point.  Unless of course your competitors run out first.

There was a video link posted by owendelong in the comments of his post, where TWC's Lee Howard made an attempt to quantify the cost of the different options towards IPv6.  If I were out of addresses, I would probably hit the gray market if ARIN wouldn't give me any additional space.

Granted as time goes on the cost for additional address space will go up, making the alternatives more viable, the hope is that over time the majority of content is available over IPv6 and minimal 6to4 will be necessary.

At least it seem CGN is getting better, it seems to be slowly coming up with solutions to things that it breaks, but still has some ways to go, in my opinion.
Sign In