BIG-IP CGNAT License

BIG-IP CGNAT License

Seamlessly Manage IPv4 and IPv6 Addresses for Transparent Infrastructure Operation

The worldwide proliferation of wireless and Internet-enabled devices drove the creation of IPv6 as IPv4 addresses were rapidly depleted. All of the RIRs (regional Internet registries) have exhausted their IPv4 allocations and IPv6 adoption has finally taken off due to wide support from technology vendors and service providers. Given that IPv4-addressed infrastructure will be around for a long time, it is up to service providers to make IP address translation transparent to users or suffer the consequences of customer churn. Service providers need a solution that will help them seamlessly optimize network operations that have both IPv4 and IPv6 addressed traffic. F5® BIG-IP® Carrier-Grade NAT (CGNAT) offers a broad set of tools that enable service providers to transparently support and interoperate IPv4 and IPv6 devices and content. BIG-IP CGNAT offers service providers native network address translation solutions, such as NAT44 and NAT64. It provides carrier-grade scalability by offering a very high number of IP address translations, very fast NAT translation setup rates, high throughput, and high-speed logging. CGNAT is widely deployed today as part of a comprehensive security strategy. F5 BIG-IP CGNAT is often combined with BIG-IP Advanced Firewall Manager™ (AFM), providing a high-performance network firewall that can also mask subscriber addresses. This combination enables outgoing subscriber security services to be monetized by the service provider. BIG-IP AFM provides a comprehensive platform for security by enabling CGNAT, DDoS, access control lists (ACLs), and intrusion prevention system (IPS). F5 consolidates these security controls alongside CGNAT in the N6 / Gi LAN or the data center. This results in simpler management and operation, reduced operational costs and more opportunities to monetize functions and services. F5 BIG-IP CGNAT can be deployed as a high-performance hardware appliance, a virtual network function (VNF), or in a hybrid mode.

Network Address Translation

Network address translation in BIG-IP CGNAT enables you to seamlessly deliver IPv4 and IPv6 connectivity and to handle high amounts of concurrent sessions as you manage both IPv4 and IPv6 infrastructure and content.

NAT44

• Support for extended usage of IPv4
• Deterministic NAT reduces logging size and requirements
• Endpoint-independent mapping supports tethered devices
• Endpoint-independent filtering

NAT64

• Translates between IPv6 and IPv4 addresses
• Gives service providers with IPv6 endpoints access to IPv4 content and destinations

Port block allocation (PBA)

• Decreases amount of necessary logging
• Holds a set of ports for a private IP address
• Logs only need to be stored twice for each set of ports

Deterministic NAT

• Reduces logging infrastructure needs
• Public IP addresses and ports are predetermined and defined for a given endpoint
• Port allocation for a session is performed dynamically out of assigned blocks

464XLAT

• Supports interoperability with applications that only support IPv4
• Provides access to IPv4 services for mobile and wireline IPv6-only networks

without encapsulation

• PLAT support for stateful translation of N:1 global IPv6 addresses to IPv4 addresses

Port Control Protocol (PCP)

• Enables communication through home and business gateways
• Supports seamless operation of applications that rely on UPnP
• Allows direct dialog between applications and a CGNAT device running a PCP server
• Opens up or forward TCP or UDP ports, regardless of CGNAT device location

DNS64

• Provided by F5 BIG-IP® DNS
• Allows IPv6 hosts to see IPv4 destinations as IPv6 addresses
• Synthesizes AAAA records from A records to assure interoperability
• Interoperates with external DNS64 gateways for deployment flexibility

Application layer gateway support

• Translate SIP/RTSP services for disruption-free video and voice calls
• BIG-IP CGNAT offers application layer gateway (ALG) support
• Uses NAT mapping to enable the creation of pinholes for media streams carrying

application payloads

• Supports point-to-point tunneling protocol (PPTP)

Hairpinning

• Enables communication between endpoints behind the NAT
• Allows translation of packets arriving from private networks, then loops those packets

back to the private network, bypassing the public network

• • Reduces traffic to downstream infrastructure

Mapping of address and port (MAP)

• Stateless mapping of private IPv4 addresses to public addresses
• Stateless implementation improves scalability
• Eliminates the translation logging needed for stateful NAT44 or NAT64 implementations
• Reduces cost and complexity of logging

IPv6 rapid deployment (6RD)

• Allows networks on IPv4 to communicate with IPv6 addresses without

hardware upgrades

• Facilitates IPv4 to IPv6 transition

High-speed Logging

• Minimize storage needs with customizable session logging
• Internet Protocol Flow Information Export (IPFIX) support
• Extract MSISDN and other information from RADIUS accounting messages for

inclusion in logs

• Scales to support generation and export of millions of logging records
• Load balancing and UDP monitoring of high-speed logging servers

BIG-IP CGNAT License

High-performance services consolidation

• Consolidates multiple service functions into a single platform
• Improves service availability and reliability in the network
• Built on the modular TMOS architecture
• Fast, low latency, full proxy
• Supports:
• Firewall capabilities
• Advanced defense against 110+ DDoS attack types
• Traffic load balancing
• Advanced network health monitoring
• Traffic steering with preset policies based on server availability
• Can be enabled with BIG-IP Local Traffic Manager (LTM) for intelligent traffic steering
• Inspect and steer traffic to VAS servers
• Route based on subscriber profiles
• Use BIG-IP CGNAT as an add-on module to both BIG-IP Local Traffic Manager (LTM) and BIG-IP Policy Enforcement Manager (PEM)
• Comprehensive traffic classification
• Enables differentiated service plans
• Pairs with BIG-IP Advanced Firewall Manager (AFM) for network-layer and session layer DDoS mitigation

BIG-IP CGNAT License

BIG-IP CGNAT Platforms

• NEBS-compliant
• Scales up to 1.12 Tbps of throughput at Layer 7 with over 1440 million concurrent sessions
• Includes health monitoring, fast system failovers, and comprehensive connection mirroring
• Uses F5 SuperVIP when running on the F5 VIPRION platform for virtual IP that can span multiple blades for improved processing power