AX SeriesSolution Briefs
Network Address Translation (NAT) Solution Brief
Traditional NAT, Emerging NAT Standards and Related Technologies
In the past two decades, IP networks have evolved and the number of IP-enabled devices soared at a tremendous pace. Globally unique IPv4 addresses are in great demand and IPv4 address exhaustion has been observed since the mid-1990s. NAT (Network Address Translation) became a popular tool for alleviating the IPv4 address exhaustion.
However, many experts predict that the supply of available IPv4 addresses will run out sometime between 2011 and 2013, while at the same time we are starting to see much more interest in IPv6 due to strong Mobile IP support. Many people acknowledge that even if they implement IPv6, they still need to communicate with the existing IPv4 world, even if that entails more complexity and compromises. There are several new competing NAT technologies to address the coexistence of IPv4 and IPv6 networks: Large Scale NAT (LSN), Dual-Stack Lite (DS-Lite) and NAT-PT with DNS-ALG.
Traditional NAT
The solution to this challenge has been NAT (Network Address Translation). NAT has enabled one single external IP address to represent, and effectively be shared by, multiple internal hosts. There are two traditional flavors of NAT predominantly used today:
- Basic Network Address Translators (NAT)
- Network Address Port Translators (NAPT)
Both types of devices are referred to as NAT devices, and the most popular implementations are NAPT devices. These devices translate both the IP addresses and TCP/UDP port numbers (or ICMP identifiers) from the internal network to the external network and back.
The Issues with Traditional NAT
The introduction of NAT devices in a network has also become a major source of problems for network users and administrators. NAT devices have not been truly transparent when introduced in a network. Traditional NAT works well for traditional client-to-server applications, where a client opens a connection to a server and requests data, and the server responds back to the client.
However, many of the popular applications in the present day such as peer-to-peer (P2P), instant messaging (IM), voice-over-IP (VoIP) and others are client-to-client applications, and such applications do not typically work well in networks with NAT devices. Based on NAT behavior, certain applications (for example some AJAX based applications), which open multiple sessions to the same or multiple servers, also do not work as advertised, or at all.
Solution with Advanced NAT Technologies
The A10 solution is to use new and emerging technologies, which are being developed to combat the issues of traditional NAT today. Although IPv6 is an option, networks are currently IPv4-centric, with IPv6 deployment progressing slowly. Intermediate technologies to improve NAT efficiency and scale networks include:
Large Scale NAT (LSN) also known as Carrier Grade NAT (CGN)
- Carriers (i.e. ISPs) can allocate multiple clients to a single IPv4 address
- Standardizes behavior for IPv4 NAT devices
- Consistent behavior and expectations for applications
- Delivers efficiency through features, and examples include:
- Hairpinning
- Full cone NAT
- "Fairness" by user-allocated port quotas
Dual-Stack Lite (DS-Lite)
- Enables incremental IPv6 deployment
- Deploy a single IPv6 network to serve IPv4 and IPv6 clients
- IPv4 (tunneled from customer's gateway) over IPv6 (carrier's network) to NAT device (carrier's device allowing connection to IPv4 Internet, which can also apply LSN/CGN)
- Simplifies carrier deployment and management
Transition to IPv6 with NAT-PT with DNS-ALG
IPv6 eliminates the need for NAT, due to removing the scarcity of IP addresses, but still has limited deployments. However, strategically, organizations are increasingly requiring IPv6 administration and IPv6 traffic management capabilities. IPv6 vendor commitment and support allow flexibility to ensure an appliance will not be obsolete.
IPv6 deployments will be accelerated through features that allow easier adoption. NAT-PT, with the PT standing for Protocol Translation, is an example. This innovative technology allows incompatible IPv4-and IPv6-based computing devices, whether client or server, to communicate. A10's AX Series Advanced Traffic Manager provides the protocol translation. Key AX capabilities include:
Full IPv6 support
- IPv6 Server Load Balancing
- IPv6 Load Balancer Management
NAT-PT with DNS-ALG
- NAT-PT (Protocol Translation)
- Enabler for IPv6 support with existing IPv4 resources or vice versa
- Enables IPv6 resources to access IPv4 resources
- Enables IPv4 resources to access IPv6 resources
- NAT-PT devices emulate end-to-end IPv4 or IPv6 connectivity
- Enabler for IPv6 support with existing IPv4 resources or vice versa
- DNS-ALG (Domain Name System - Application Layer Gateway)
- DNS-ALG used with NAT-PT
- NAT-PT devices support translation of DNS records by means of an ALG
- DNS-ALGs translate between IPv4 and IPv6 addresses so the IP addresses' correctly resolved format is sent to the requestor
- Subsequent communication between the source and destination are transparently translated by NAT-PT
Translation Server Load Balancer (v6-v4 SLB or v4 -v6 SLB)
- Full support for NAT-PT with full SLB functionality
- IPv6 to IPv4 SLB capabilities and vice versa
- Example: IPv6 clients to IPv6 VIP (Virtual IP on the SLB) to IPv4 servers
High Performance NAT Platform
A10's AX Series Advanced Traffic Managers are specifically built for processor-intensive, high volume networking tasks, such as NAT. The AX Series includes the Advanced Core Operating System (ACOS), which integrates modern multi-core, multi-threaded software to provide significant performance advantages. The AX Series includes:
- Custom high performance hardware and software platform
- Scalability – session establishment rates and concurrent sessions
- Support for high volume of NAT packets per second
- Throughput of 1 Gb up to 40 Gb
- Stateful high availability for robustness
Industry-leading performance is achieved via leveraging Flexible ASIC enhanced Symmetric Multiprocessing (SMP) technologies. The AX Series processes application traffic in parallel fashion, without the need to copy data or replicate computing instructions. As a result, these applications run faster with the AX Series than with competing systems on the market today.
Continuing Market Leading Innovation
The AX Series is a unique platform for high performance network computing, lending itself to processor-intensive functions at the largest scale. For advanced NAT and other transition technologies, contact A10 for an evaluation.