Large-scale NAT

Large-scale NAT (LSN) frees service providers and enterprises to manage through the depletion of IPv4 address space.

IPv4 address space is all but exhausted.

IPv6 is the answer.

But making the shift with transparency, scalability, and low cost is a challenge.

TNSR® software provides LSN through scalable, reliable software -

breaking the barriers still faced by hardware-based solutions.

Intro

IPv4 - with its 32-bit addressing scheme which supports 4.3 billion devices - has served the world well for decades. But internet growth, personal computers, smartphones and now Internet of Things (IoT) has nearly exhausted that address space. IPv6 - with its 128-bit addressing scheme, supports 340 trillion trillion (2128) addresses - is the answer.

LSN, also referred to as Carrier-Grade NAT (CGN), mitigates the problem of IPv4 address exhaustion by enabling end sites to be configured with private IPv6 network addresses and then translated to public IPv4 addresses by NAT devices in the network operator's network. This allows exhausted public address space to be shared by many end sites and devices. It also shifts network address translation from the end customer to the service provider network.

But scalable, cost-effective LSN/CGN is challenging.

Hardware-based solutions require sizable ternary content-addressable memory (TCAM) to mange address translation at speed. TCAM-intensive products are expensive and difficult to scale to the levels needed.

Solution

TNSR software enables LSN/CGN for Tier 1/2/3 service providers and large enterprises running large private networks through key software features including:

    • Mapping of Address and Port (MAP)
      MAP is a carrier-grade IPv6 transition mechanism capable of efficiently transporting high volumes of line-rate IPv4 traffic across IPv6 networks. TNSR supports both MAP-T (which uses translation) and MAP-E (which uses encapsulation). TNSR can currently act as a Border Relay (BR) providing service to Customer Edge (CE) clients.
    • DS-Lite
      Providing IPv6 addresses alone is often insufficient since the vast majority of systems that underpin the public Internet support only IPv4, and many end user systems do not yet fully support IPv6. DS-Lite allows 1) service providers to migrate to an IPv6 access network without changing end-user software, 2) IPv4-based end user devices to continue accessing IPv4 internet content, and 3) IPv6 users to access IPv6 content.
    • Deterministic NAT (CGN) mode
      TNSR can be configured to operate in three different NAT modes: Simple, Endpoint-dependent, and Deterministic. The Deterministic mode is best for large-scale IP address space deployments.
      • Network Address Translation-Traversal (NAT-T)
        TNSR supports the standards-based approach for IPsec encapsulation in User Datagram Protocol (UDP) to ensure that data protected by IPsec can pass through NAT without discarding packets - key for IPsec VPN connections that traverse connections where NAT is present, especially for service providers.
      All of the above in software - eliminating dependency upon expensive TCAM-limited appliances
  •  
  • See Subscriptions
  •  

Stay up to date

There’s always something new with open-source, secure networking and TNSR software. Keep up with us by visiting our blog, social communities and newsletter.

Netgate
Blog

Get a view into how open source is disrupting secure networking and changing the technology landscape.

Netgate Blog

Netgate Newsletter

Discover the latest announcements, product information, and industry news with our monthly newsletter.

 

Netgate Newsletter

Social Communities

Twitter Circle Logo LinkedIn circle logo Reddit Circle Logo Facebook circle logo instagram circle logo