By Amr Alashaal, Regional Vice President – Middle East at A10 Networks
Communications service providers have a wealth of opportunities to add subscribers, expand territory, and grow their business. However, they will first need to address the challenges posed by IPv4 exhaustion—and its impact on the cost of new subscriber IP addresses.
Since November 2019, when the final allocation of publicly available IPv4 addresses was made, new IPv4 addresses have been obtainable only at high open market prices. There is a virtually unlimited stock of IPv6 addresses available, but migration to the new standard is a highly complex prospect and impractical in the short term for many communications service providers. They need a more feasible and affordable way to support new subscribers.
Fortunately, there’s another way forward. Carrier-grade NAT (CGNAT), a standard for network address translation (NAT), makes it possible to extend the life of existing IPv4 addresses to support additional subscribers. In this way, communications service providers can capture new opportunities for growth—while simultaneously positioning their business for IPv6 migration when the time is right.
Overcoming IPv4 Exhaustion
The cost of acquiring more IPv4 addresses to support new growth has escalated rapidly over the last few years, as the last remaining IPv4 addresses from Regional Internet Registries (RIRs) have been fully allocated. IPv6 migration is a complex and long-term prospect—and even if communications service providers chose to switch over their own infrastructure, they’d still need to be able to support IPv4 at the same time in order to carry IPv4 content and accommodate IPv4 devices.
In order to accommodate large waves of new customers connecting to broadband services, many communications service providers will need to find a way to extend the utility of their current IPv4 addresses.
Carrier-grade NAT (CGNAT), also known as large-scale NAT (LSN), offers a solution. In a standard NAT design, network address translation enables a single public IPv4 address to be shared across the devices on a private network. CGNAT adds an additional translation layer to NAT that allows service providers to share their own public IPv4 addresses across the private IPv4 networks of multiple subscribers, multiple devices of a single subscriber, or multiple businesses.
By using architecture models like NAT44 or NAT444, CGNAT can expand IP address pools by 40 – 60x or more. This helps communications service providers support new subscribers and drive growth without the need to purchase new IPv4 numbers on the open market, or to upgrade or enhance home modems, routers, or cellular phones.
Building DDoS Protection into Growing Networks
As communications service providers leverage address translation technologies to grow their footprint, they need to keep security top-of-mind; service provider networks are big targets for distributed denial of service (DDoS) attacks. Traditionally, a DDoS attack on a communications service provider’s infrastructure was somewhat isolated. If an individual subscriber was targeted, the attack was contained to their service. With a NAT gateway in place, however, hackers can target the gateway itself to take down the access of large swaths of subscribers. They can also target an individual subscriber and jump to the corresponding NAT gateway to propagate their attack to other subscribers.
A CGNAT solution can help communications service providers protect subscribers from DDoS attacks and ensure that the NAT gateway itself is not compromised. Mitigation techniques include IP anomaly protection to recognise and drop traffic from common attack signatures; Internet Control Message Protocol (ICMP) rate limiting; CPU overload protection caused from spoofing attacks; connection rate limiting; and automatic IP address blacklisting to mitigate attacks targeting NAT pool addresses.
Bridging the Transition to IPv6
While communications service providers address the immediate challenge of IPv4 exhaustion, they should also be making plans for an eventual transition to IPv6—an evolution that is already well underway among online content providers and large mobile network operators as they have migrated their networks to 4G and 5G. The interconnected nature of IPv6 adoption makes it a complex and long-term process.
To achieve full IPv6 adoption globally, each link in the chain must be running IPv6, from the end-user, to the carrier, to the content provider. Realistically, not all three of these links in the chain will switch over at the same time. Subscribers will always want to connect to as many endpoints as possible, including at least a few IPv4-only websites. As a result, even companies with IPv6 implementation in their networks still need to communicate with legacy IPv4 servers and applications. On the other side of the equation, IPv4 customers need to be able use services developed with IPv6.
A complete carrier-grade networking (CGN) solution should provide both CGNAT and IPv4-IPv6 migration techniques. By enabling connectivity between IPv4 and IPv6 devices, networks, and internet destinations, these solutions can help communications service providers extend the life of their current IPv4 investments while they evolve and manage the hybrid environment resulting from coexisting IPv4 and IPv6 infrastructure.
As communications service providers seek to offer high-speed broadband, while also dealing with IPv4 exhaustion, and planning for IPv6 adoption, carrier-grade networking including CGNAT and IPv4-IPv6 transition is becoming an essential platform for long-term growth.