DATA SHEET

F5 BIG-IP
BIG-IP Carrier-Grade NAT
Carrier-Grade NAT

Seamlessly Manage IPv4 and IPv6 Addresses

for Transparent Infrastructure Operation
The worldwide proliferation of wireless and Internet-enabled devices drove the creation of
IPv6 as IPv4 addresses were rapidly depleted. All of the RIRs (regional Internet registries)
have exhausted their IPv4 allocations and IPv6 adoption has finally taken off due to wide
support from technology vendors and service providers. Given that IPv4-addressed
infrastructure will be around for a long time, it is up to service providers to make IP address
translation transparent to users or suffer the consequences of customer churn. Service
providers need a solution that will help them seamlessly optimize network operations that
have both IPv4 and IPv6 addressed traffic.

F5® BIG-IP® Carrier-Grade NAT (CGNAT) offers a broad set of tools that enable service
providers to transparently support and interoperate IPv4 and IPv6 devices and content. BIG-IP
CGNAT offers service providers native network address translation solutions, such as NAT44
and NAT64. It provides carrier-grade scalability by offering a very high number of IP address
translations, very fast NAT translation setup rates, high throughput, and high-speed logging.

CGNAT is widely deployed today as part of a comprehensive security strategy. F5 BIG-IP CGNAT
is often combined with BIG-IP Advanced Firewall Manager™ (AFM), providing a high-performance
network firewall that can also mask subscriber addresses. This combination enables outgoing
subscriber security services to be monetized by the service provider. BIG-IP AFM provides a
comprehensive platform for security by enabling CGNAT, DDoS, access control lists (ACLs),
and intrusion prevention system (IPS).

F5 consolidates these security controls alongside CGNAT in the N6 / Gi LAN or the data
center. This results in simpler management and operation, reduced operational costs and
more opportunities to monetize functions and services. F5 BIG-IP CGNAT can be deployed as
a high-performance hardware appliance, a virtual network function (VNF), or in a hybrid mode.
KEY BENEFITS
Network Address Translation
Optimize your network with
carrier-grade performance and Network address translation in BIG-IP CGNAT enables you to seamlessly deliver IPv4 and IPv6
scalability connectivity and to handle high amounts of concurrent sessions as you manage both IPv4
Ensure optimal, carrier-grade and IPv6 infrastructure and content.
network performance during
IPv6 migration. BIG-IP CGNAT NAT44
has the ability to scale to tens of
millions of IP address translations, • Support for extended usage of IPv4
translation setup rates in the
• Deterministic NAT reduces logging size and requirements
order of a million per second, and
tens of gigabits of performance. • Endpoint-independent mapping supports tethered devices
It further improves performance
with high-speed logging (HSL) • Endpoint-independent filtering
capabilities. This enables you to
reduce spending by allowing you NAT64
to manage your migration needs
• Translates between IPv6 and IPv4 addresses
with fewer servers in the network.
• Gives service providers with IPv6 endpoints access to IPv4 content and destinations
Reduce servers and
management costs Port block allocation (PBA)
Achieve lower CapEx, OpEx,
and power and cooling costs by • Decreases amount of necessary logging
optimizing your existing network
• Holds a set of ports for a private IP address
infrastructure and consolidating
core elements, including policy • Logs only need to be stored twice for each set of ports
enforcement management,
firewall, TCP optimization, and Deterministic NAT
intelligent traffic steering with a
unified, easy-to-manage platform. • Reduces logging infrastructure needs

• Public IP addresses and ports are predetermined and defined for a given endpoint
Manage address depletion and
IPv6 migration with flexible • Port allocation for a session is performed dynamically out of assigned blocks
deployment options
Ensure compatibility in the 464XLAT
network between legacy IPv4 and
new IPv6 devices and content • Supports interoperability with applications that only support IPv4
while having multiple ways to
• Provides access to IPv4 services for mobile and wireline IPv6-only networks
manage IPv4 address depletion
and IPv6 migration. BIG-IP CGNAT without encapsulation
offers flexibility to operate in
• PLAT support for stateful translation of N:1 global IPv6 addresses to IPv4 addresses
hardware on optimized BIG-IP
iSeries® or the F5 VIPRION®
Port Control Protocol (PCP)
platform, or as a virtual edition,
as a virtualized network function • Enables communication through home and business gateways
(NFV), or as a cloud-native
• Supports seamless operation of applications that rely on UPnP
function (CNF) to align to your
operational needs. • Allows direct dialog between applications and a CGNAT device running a PCP server

• Opens up or forward TCP or UDP ports, regardless of CGNAT device location

Data Sheet / BIG-IP Carrier-Grade NAT 2

DNS64

• Provided by F5 BIG-IP® DNS

• Allows IPv6 hosts to see IPv4 destinations as IPv6 addresses

• Synthesizes AAAA records from A records to assure interoperability

• Interoperates with external DNS64 gateways for deployment flexibility

Application layer gateway support

• Translate SIP/RTSP services for disruption-free video and voice calls

• BIG-IP CGNAT offers application layer gateway (ALG) support

• Uses NAT mapping to enable the creation of pinholes for media streams carrying
application payloads

• Supports point-to-point tunneling protocol (PPTP)

Hairpinning

• Enables communication between endpoints behind the NAT

• Allows translation of packets arriving from private networks, then loops those packets
back to the private network, bypassing the public network

• Reduces traffic to downstream infrastructure

Mapping of address and port (MAP)

• Stateless mapping of private IPv4 addresses to public addresses

• Stateless implementation improves scalability

• Eliminates the translation logging needed for stateful NAT44 or NAT64 implementations

• Reduces cost and complexity of logging

IPv6 rapid deployment (6RD)

• Allows networks on IPv4 to communicate with IPv6 addresses without

hardware upgrades

• Facilitates IPv4 to IPv6 transition

High-speed Logging

• Minimize storage needs with customizable session logging

• Internet Protocol Flow Information Export (IPFIX) support

• Extract MSISDN and other information from RADIUS accounting messages for
inclusion in logs

• Scales to support generation and export of millions of logging records

• Load balancing and UDP monitoring of high-speed logging servers

Data Sheet / BIG-IP Carrier-Grade NAT 3

 LOGGING

Dynamic
IPv4 & IPv6 DEVICES Spectrum Sharing

N6/S/Gi-LAN
4G/5G
CGNAT

GGSN/PGW/ Internet
UPF IPv4

3G
BIG-IP
IPv4 & IPv6 DEVICES VE
Internet
IPv6
Access
BRAS/BNG

IPv4
Figure 1: F5 CGNAT enables Applications
seamless IPv4/IPv6 address Desitination Aware
CGNAT

translation in any architecture to

IPv4 Traffic
ensure ideal subscriber experience. IPv6 Traffic
IPv6
Applications

High-performance services consolidation

• Consolidates multiple service functions into a single platform

• Improves service availability and reliability in the network

• Built on the modular TMOS architecture

• Fast, low latency, full proxy

• Supports:

• Firewall capabilities

• Advanced defense against 110+ DDoS attack types

• Traffic load balancing

• Advanced network health monitoring

• Traffic steering with preset policies based on server availability

• Can be enabled with BIG-IP Local Traffic Manager™ (LTM) for intelligent traffic steering

• Inspect and steer traffic to VAS servers

• Route based on subscriber profiles

• Use BIG-IP CGNAT as an add-on module to both BIG-IP Local Traffic Manager™ (LTM)
and BIG-IP Policy Enforcement Manager™ (PEM)

• Comprehensive traffic classification

• Enables differentiated service plans

• Pairs with BIG-IP® Advanced Firewall Manager™ (AFM) for network-layer and session-
layer DDoS mitigation

Data Sheet / BIG-IP Carrier-Grade NAT 4

 SIMPLIFIED AND CONSOLIDATED Gi/N6

TCP and Video Carrier Grade Gi Firewall DDoS

Optimization NAT Protection

SSL IoT Subscriber Secure

DEVICES Inspection Firewall Security DNS Cache
Services

Figure 2: F5’s N6 / S/Gi-LAN

consolidated solution lowers CPU From physical to VNF SmartNIC for

needs and simplifies automation, UPF to CNF

F5 N6/S/Gi-LAN
FPGA acceleration Internet
Consolidated
reducing CapEx and OpEx. Solution

iControl and iRules

• F5 iControl®

• REST API ensures interoperability between systems

• Improves automation and configuration efficiency

• Enables monitoring of network-level traffic statistics

• Facilitates next-generation service-oriented architectures

• F5 iRules®

• TCL-based scripting language lets you control behavior or BIG-IP devices

• Flexible handling of application traffic

• Complete payload inspection and transformation capabilities

• Event-driven iRules

• Session-aware switching

• 200,000+ user community on F5 DevCentral share code and assistance

BIG-IP CGNAT Platforms

• NEBS-compliant

• Scales up to 1.12 Tbps of throughput at Layer 7 with over 1440 million

concurrent sessions

• Includes health monitoring, fast system failovers, and comprehensive

connection mirroring

• Uses F5 SuperVIP® when running on the F5 VIPRION® platform for virtual IP

that can span multiple blades for improved processing power

Data Sheet / BIG-IP Carrier-Grade NAT 5

 More Information
BIG-IP CGNAT works seamlessly with our other service provider solutions.

Use case
Carrier-Grade NAT for Service Providers
Solution area
S/Gi-LAN and N6 Consolidation for Virtualized Networks
Product
Drive Growth with Automated NFV Solution Packages

©2021 F5, Inc. All rights reserved. F5, and the F5 logo are trademarks of F5, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com.
Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, expressed or implied, claimed by F5, Inc.
DC0421 | DS-SP-674729907