Carrier Grade NAT – A Look at the Tradeoffs


The second camp is a bit more problematic. This camp believes that because they have to implement CGN anyway, they might as well just transition to CGN and avoid investing in IPv6 deployment.  This camp views an Internet with all (or nearly all) subscribers behind CGN as viable, and favors the universal deployment of CGN.  This second approach is insidious, because it creates a number of initial advantages but an even larger set of long-term drawbacks.

Benefits and Drawbacks

Almost all of the advantages of the second approach are immediate and accrue to the benefit of the provider, while almost all of the immediate drawbacks impact the subscriber. The advantages include a lower initial cost of staff training (most network engineers already understand NAT fundamentally, whereas IPv6 requires significant training). Also, in the short-term it is cheaper to add a few CGN gateways to a network than to roll out IPv6 to all subscribers. Furthermore, while most IPv6 deployments don’t represent significant revenue for equipment vendors, CGN is a massive opportunity for huge hardware sales – creating strong economic incentives for vendors to push CGN solutions even (or especially) in cases where IPv6 is a more cost effective solution for the provider in the long term.

Subscribers’ drawbacks are severe and far outweigh the providers’ benefits. First, traditional NAT – and also CGN – block real innovation in Internet applications. CGN workarounds are often hopelessly complex and interfere with Internet applications in often non-deterministic ways. And not only does CGN block future innovation, it also rolls back some of the advances made in overcoming the limitations of traditional NAT.

One of the main barriers to IPv6 deployment at this point is the effort involved in upgrading applications and updating legacy embedded systems (such as home entertainment devices, printers, etc.). However, if CGN becomes widely accepted, this same effort will also be required in order to work around the above difficulties. As such, allocating development resources to CGN workarounds instead of IPv6 deployment is a somewhat self-defeating proposition.

To make matters worse, only technically astute subscribers are likely to be able to understand what is causing these new drawbacks. Most likely, the service provider will market CGN as “improved security” or some other vague positive sounding claim. The disadvantages that accrue to the provider come mainly in the form of gradually increasing long-term costs and the costs of increased helpdesk calls. While helpdesk calls are an extremely detrimental expense for service providers, their impact is usually underestimated (often considerably) when evaluating technologies such as CGN.  While both CGN and IPv6 can be implemented incrementally over time, unless one does a very thorough analysis, CGN will appear – falsely – to offer smaller steps and lower costs. Only IPv6 completely eliminates the need for NAT and CGN, freeing the subscriber from their limitations.

Further, those who fail to deploy IPv6 in addition to their CGN will increase not only their own costs, but, by extension, the costs to everyone else in order to operate their networks. The longer the transition towards IPv6 lasts, the more expensive continuing to operate the IPv4 internet will become. If we all move forward together, everyone benefits. The longer we delay this progress, the more everyone will pay. Unfortunately, if one takes only a short-term view of the economics, holding off on IPv6 can appear to provide short-term savings while deploying IPv6 can appear as an unjustified cost. At the end of the day, we’re all in this together and the stakes are nothing short of the future of the internet which has always depended on the good will of people choosing to do the right thing whether or not there was a business case for it.

Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.

Pages: 1 2

Add Your Comments

  • (will not be published)


  1. James Leinweber

    If anything, I think Mr. DeLong understates the business risks of CGN as an IPv6 avoidance strategy. In addition to underestimating support call costs, one has to expect that customers unwilling to put up with the double-NAT limitations will leave for other ISP's. Unfortunately, these will be the technically adroit and vociferous such as gamers, IT enthusiasts, and professionals. These are the people who have great influence over friends, families, and employers, and they will trash the reputation of the IPv4-only CGN ISP. Meanwhile, perhaps in 2015, an electronic toy will emerge from the pacific rim which wants a network connection and which is IPv6-only for cost reasons. There will be a sudden shift in consumer sentiment in favor of IPv6. The lagging firms will have to mount ruinously expensive crash projects to belatedly join the full IPv6 rollout. Their stock price will tank and their restive shareholders will sue management, which will be fired. Many will go out of business, as the combination of decreasing revenues, increased costs, and expensive new customer acquisition take their toll. Just ask the likes of Borders, Circuit City, or Arthur Anderson about the risks of poor customer service and tarnished reputations. Failing to deploy IPv6 in an incremental and immediate way is a gigantic business risk for anyone who depends on computer networking.

  2. To me, this reads as a clear indication of the path we are due to tread, thank you Owen DeLong. Owen makes clear the incentives here augur towards CGN deployment, those incentives being economic in nature. It is abundantly clear that CGN will save carriers deployment and training dollars. Unmentioned by Owen is also the carriers' incentive to not deploy IPv6 in order erect a barrier to competition from new providers who are not sitting on piles of IPv4 addresses. As very effective NAT traversal workarounds are already in place, and have been for years, customer pain associated with multi-level NAT has been minimized. Most devices that utilize a rendezvous server (the valet key board in Owen's example) are easily able to handle NAT traversal. Can you login to your office desktop from your home computer? You are doing NAT traversal with a rendezvous server.