Carrier-Grade NAT

Overview
Specifications
Datasheet
Ordering Information

F5 BIG-IP Carrier-Grade NAT (CGNAT) offers a broad set of tools that enable service providers to transparently support and interoperate IPv4 and IPv6 devices and content. BIG-IP CGNAT offers service providers native network address translation solutions, such as NAT44 and NAT64. It provides carrier-grade scalability by offering a very high number of IP address translations, very fast NAT translation setup rates, high throughput, and high-speed logging.

CGNAT is widely deployed today as part of a comprehensive security strategy. The F5 BIG-IP CGNAT is often combined with BIG-IP Advanced Firewall Manager (AFM), providing a high performance network firewall that can also mask subscriber addresses. This combination enables outgoing subscriber security services to be monetized by the service provider. BIG-IP AFM provides a comprehensive platform for security by enabling CGNAT, DDoS, access control lists (ACLs), and intrusion prevention system (IPS).

Network Address Translation

Network address translation in BIG-IP CGNAT enables you to seamlessly deliver IPv4 and IPv6 connectivity and to handle high amounts of concurrent sessions as you manage both IPv4 and IPv6 infrastructure and content.

NAT44

Support for extended usage of IPv4
Deterministic NAT reduces logging size and requirements
Endpoint-independent mapping supports tethered devices
Endpoint-independent filtering

NAT64

Translates between IPv6 and IPv4 addresses
Gives service providers with IPv6 endpoints access to IPv4 content and destinations

Port block allocation (PBA)

Decreases amount of necessary logging
Holds a set of ports for a private IP address
Logs only need to be stored twice for each set of ports

Deterministic NAT

Reduces logging infrastructure needs
Public IP addresses and ports are predetermined and defined for a given endpoint
Port allocation for a session is performed dynamically out of assigned blocks

464XLAT

Supports interoperability with applications that only support IPv4
Provides access to IPv4 services for mobile and wireline IPv6-only networks without encapsulation
PLAT support for stateful translation of N:1 global IPv6 addresses to IPv4 addresses

Port Control Protocol (PCP)

Enables communication through home and business gateways
Supports seamless operation of applications that rely on UPnP
Allows direct dialog between applications and a CGNAT device running a PCP server
Opens up or forward TCP or UDP ports, regardless of CGNAT device location

DNS64

Provided by F5 BIG-IP DNS
Allows IPv6 hosts to see IPv4 destinations as IPv6 addresses
Synthesizes AAAA records from A records to assure interoperability
Interoperates with external DNS64 gateways for deployment flexibility

Application layer gateway support

Translate SIP/RTSP services for disruption-free video and voice calls
BIG-IP CGNAT offers application layer gateway (ALG) support
Uses NAT mapping to enable the creation of pinholes for media streams carrying application payloads
Supports point-to-point tunneling protocol (PPTP)

Hairpinning

Enables communication between endpoints behind the NAT
Allows translation of packets arriving from private networks, then loops those packets back to the private network, bypassing the public network
Reduces traffic to downstream infrastructure

Mapping of address and port (MAP)

Stateless mapping of private IPv4 addresses to public addresses
Stateless implementation improves scalability
Eliminates the translation logging needed for stateful NAT44 or NAT64 implementations
Reduces cost and complexity of logging

IPv6 rapid deployment (6RD)

Allows networks on IPv4 to communicate with IPv6 addresses without hardware upgrades
Facilitates IPv4 to IPv6 transition

High-speed Logging

Minimize storage needs with customizable session logging
Internet Protocol Flow Information Export (IPFIX) support
Extract MSISDN and other information from RADIUS accounting messages for inclusion in logs
Scales to support generation and export of millions of logging records
Load balancing and UDP monitoring of high-speed logging servers

BIG-IP Platforms

Virtual Editionsof BIG-IP software run on commodity servers and support the range of hypervisors and performance requirements. VEs provide agility, mobility, and fast deployment of app services in software-defined data centers and cloud environments. See the BIG-IP System Hardware, VIPRION, VELOS, and Virtual Edition data sheets for more details. For information about specific module support for each platform, see the latest release notes on AskF5. For the full list of supported hypervisors, refer to the VE Supported Hypervisors Matrix.
BIG-IP iSeriesappliances deliver quick and easy programmability, ecosystem-friendly orchestration, and record-breaking, software-defined hardware performance. As a result, customers can accelerate private clouds and secure critical data at scale while lowering TCO and future-proofing their application F5 solutions can be rapidly deployed via integrations with open source configuration management tools and orchestration systems.
BIG-IP rSeriesappliances bridges the gap between traditional and modern infrastructures with a rearchitected, API-first platform designed to meet the needs of your traditional and emerging applications. The new F5 rSeries delivers unprecedented levels of performance, a fully automatable architecture, and the highest reliability, security and access control for your critical applications.
VELOSplatform is the next generation of F5’s industry-leading chassis-based systems, which delivers unprecedented performance and scalability in a single Application Delivery Controller (ADC). You can seamlessly scale capacity by adding modular blades in a chassis, without disruption, and VELOS allows a mix of traditional BIG-IP tenants as well as next-generation BIG-IP tenants in the future.
VIPRIONmodular chassis and blade systems designed specifically for performance and for true, on-demand, linear scalability without business disruption. VIPRION systems leverage F5’s ScaleN clustering technology so you can add blades without reconfiguring or rebooting.

Table 1. F5 BIG-IP Software License Modules Specifications

iSeries Models	LTM	DNS	APM	AFM	AWF	CGN	SSLO	PEM	BR	BT
F5-i2600	✅	✅	✅	✅	✅	✅	❌	❌	❌	❌
F5-i2800	✅	✅	✅	✅	✅	✅	✅	❌	✅	✅
F5-i4600	✅	✅	✅	✅	✅	✅	❌	❌	✅	✅
F5-i4800	✅	✅	✅	✅	✅	✅	✅	❌	✅	✅
F5-i5600	✅	✅	❌	✅	✅	✅	❌	❌	✅	✅
F5-i5800	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
F5-i5820-DF	✅	✅	✅	❌	✅	❌	❌	❌	✅	✅
F5-i7600	✅	✅	❌	✅	✅	✅	❌	❌	✅	✅
F5-i7600-D	✅	✅	❌	✅	✅	✅	❌	❌	✅	✅
F5-i7800	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
F5-i7800-D	✅	✅	✅	✅	✅	✅	❌	✅	✅	✅
F5-i7820-DF	✅	✅	✅	❌	✅	❌	❌	❌	✅	✅
F5-i10600	✅	✅	❌	✅	✅	✅	❌	❌	✅	✅
F5-i10600-D	✅	✅	❌	✅	✅	✅	❌	❌	✅	✅
F5-i10800	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
F5-i10800-D	✅	✅	✅	✅	✅	✅	❌	✅	✅	✅
F5-i11400-DS	✅	❌	❌	✅	✅	❌	❌	❌	✅	✅
F5-i11600	✅	✅	❌	✅	✅	✅	❌	❌	✅	✅
F5-i11600-DS	✅	❌	❌	✅	✅	❌	❌	❌	✅	✅
F5-i11800	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
F5-i11800-DS	✅	❌	✅	✅	✅	❌	❌	✅	✅	✅
F5-i15600	✅	✅	❌	✅	✅	✅	❌	❌	✅	✅
F5-i15800	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
F5-i15820-DF	✅	✅	✅	❌	❌	❌	❌	❌	✅	✅
rSeries Models	LTM	DNS	APM	AFM	AWF	CGN	SSLO	PEM	BR	BT
F5-r2600	✅	✅	✅	✅	✅	✅	❌	❌	❌	❌
F5-r2800	✅	✅	✅	✅	✅	✅	✅	❌	✅	✅
F5-r4600	✅	✅	✅	✅	✅	✅	❌	❌	✅	✅
F5-r4800	✅	✅	✅	✅	✅	✅	✅	❌	✅	✅
F5-r5600	✅	✅	✅	✅	✅	✅	❌	❌	✅	✅
F5-r5800	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
F5-r5900	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
F5-r5920-DF	✅	❌	❌	❌	❌	❌	❌	❌	✅	✅
F5-r10600	✅	✅	✅	✅	✅	❌	❌	❌	✅	✅
F5-r10800	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
F5-r10900	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
F5-r10920-DF	✅	❌	❌	❌	❌	❌	❌	❌	✅	✅
F5-r12600-DS	✅	❌	❌	❌	❌	❌	❌	❌	✅	✅
F5-r12800-DS	✅	❌	❌	❌	❌	❌	❌	❌	✅	✅
F5-r12900-DS	✅	❌	❌	❌	❌	❌	❌	❌	✅	✅
VELOS Models	LTM	DNS	APM	AFM	AWF	CGN	SSLO	PEM	BR	BT
VELOS-CX410	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
VELOS-CX410-N	✅	✅	✅	✅	✅	✅	✅	✅	✅	✅
VIPRION Models	LTM	DNS	APM	AFM	AWF	CGN	SSLO	PEM	BR	BT
VIPRION-2200	✅	❌	✅	✅	✅	✅	✅	✅	✅	✅
VIPRION-2400	✅	❌	✅	✅	✅	✅	✅	✅	✅	✅
VIPRION-4480	✅	❌	✅	✅	✅	✅	✅	✅	✅	✅
VIPRION-4480	✅	❌	✅	✅	✅	✅	✅	✅	✅	✅