Achieving Optimal Subscriber Density: CGNAT Best Practices


As the world becomes increasingly connected, the demand for internet access has skyrocketed. Internet service providers are continuously seeking efficient ways to provide internet services to a growing number of subscribers. Carrier-Grade Network Address Translation (CG-NAT) has emerged as a solution to conserve IPv4 addresses and enable ISPs to serve more users.

However, the critical question arises: How many subscribers can be behind one IPv4 address using CGNAT while ensuring a safe and satisfactory user experience? In this blog post, we'll explore the concept of CGNAT and discuss factors that impact the subscriber density for a given IPv4 address.

Understanding CGNAT

Carrier-Grade Network Address Translation, or CGNAT, is a technology that allows multiple private IP addresses to be mapped to a single public IPv4 address. It's essentially a way to share a limited pool of IPv4 addresses among a large number of users. CGNAT works by translating private IP addresses within an ISP's network to a single, shared public IP address when data packets are sent out to the internet and vice versa.

Factors Affecting Subscriber Density Behind CGNAT

Number of public IPv4 Addresses: Obviously, the primary factor is the total number of available IPv4 addresses in the ISP's inventory. ISPs with larger address pools can serve more users per a public IP address.

Port Allocation: CGNAT devices allocate ports to each subscriber session. The number of ports available for allocation can limit subscriber density. The common ranges used are 1024-65535, but this can vary based on the CGNAT equipment and configuration.

At NFWare, we recommend setting 500 ports per subscriber, leading to an optimal number of 128 subscribers per IP address. However, it is worth noting that for mobile networks, fewer ports might be needed. Thus, mobile operators might allocate fewer ports per subscriber without compromising service quality.

Session Timeout: Finally, the duration of a CGNAT session's activity also plays a role. Longer session timeouts can reduce available ports for new connections, ultimately limiting the number of subscribers that can share a single IPv4 address.

Challenges with Online Services: CAPTCHAs and Restrictions

Many online services, including popular websites like Google, have security measures in place to protect against abuse, such as web scraping or automated bot traffic. When multiple users share an IP address through CGNAT, their online activities may collectively appear as though they are coming from a single source, triggering these security measures.

As a result, users behind CGNAT may encounter CAPTCHAs more frequently or experience rate limiting, where access to a service is restricted due to perceived suspicious activity. This can be frustrating for users and may degrade their online experience.

NFWare's Recommendation: do not exceed 128 Subscribers

Based on our extensive experience and numerous Carrier-Grade NAT (CGNAT) deployments, we confidently recommend a specific guideline: it is advisable not to exceed 128 subscribers sharing a single IPv4 address through CGNAT. This approach is designed to help Internet Service Providers strike a delicate balance, optimizing IPv4 address utilization while upholding the quality of the user experience.

Are you looking for a CGNAT solution?
We can help! NFWare Virtual CGNAT is an acclaimed solution that enables over 100 ISPs to effectively address the IPv4 shortage issue. Kindly provide your email address, and we will get in touch with you to provide further information!
Learn more about NFWare Virtual CGNAT
Our industry-leading high-performance solution for ISPs that efficiently solves the IPv4 exhaustion problem
Related Content
    Feel free to share:
    Need assistance in understanding the nuances of the CGNAT solution?