|
Carrier-grade NAT (CGN), also known as large-scale NAT (LSN), is an approach to IPv4 network design in which end sites, in particular residential networks, are configured with private network addresses that are translated to public IPv4 addresses by middlebox network address translator devices embedded in the network operator's network, permitting the sharing of small pools of public addresses among many end sites. This shifts the NAT function and configuration thereof from the customer premises to the Internet service provider network. Carrier-grade NAT has been proposed as an approach for mitigating IPv4 address exhaustion. Critics of carrier-grade NAT argue the following aspects: * Like any form of NAT, it breaks the end-to-end principle. * It has significant security, scalability, and reliability problems, by virtue of being stateful. * It makes record keeping for law-enforcement operations more difficult, except if the translation of the addresses is logged. * It makes it impossible to host services. * It does not solve the IPv4 address exhaustion problem when a public IP address is needed, such as in web hosting. One use scenario of CGN can be described as NAT444, because some customer's connections to public servers would pass through three different IPv4 addressing domains: the customer's own private network, the carrier's private network and the public Internet. Another CGN scenario is Dual-Stack Lite, in which the carrier's network uses IPv6 and thus only two IPv4 addressing domains are needed. ==Shared address space== If an ISP deploys a CGN, and uses RFC 1918 address space to number their customers, there is a risk that customer equipment already using RFC 1918 space will stop working. The reason is that routing and NAT will not work if the same addresses occur on both inside and outside network interfaces. This prompted some ISPs to develop policy within ARIN to allocate new private address space for CGNs, but ARIN deferred to the IETF before implementing the policy indicating that the matter was not typical allocation but a reservation for technical purposes (per RFC 2860). IETF created RFC 6598, detailing Shared Address Space for use in ISP CGN deployments and NAT devices that can handle the same addresses occurring both on inbound and outbound interfaces. ARIN returned space to the IANA as needed for this allocation.〔(【引用サイトリンク】title=Re: shared address space... a reality! )〕 The allocated address block is 100.64.0.0/10. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Carrier-grade NAT」の詳細全文を読む スポンサード リンク
|