NFWare Released a Full-featured CGNAT for an Open-Source FD.io VPP Framework

NFWARE BLOG
11/02/2021

Last year, NFWare released a virtual Carrier-Grade NAT designed specifically for FD.io/VPP. It works as a plug-in into an open-source VPP-platform. After successful deployments in Tier-1 networks, NFWare vCGNAT plug-in became available for all service providers who use FD.io/VPP libraries and frameworks and seeking for a robust CGNAT solution.

In this blog, we explain what it is and who might be interested in the NFWare vCGNAT VPP plug-in.

Introduction to the VPP/FD.io

FD.io (Fast Data Input Output, or 'Fido') is the Linux Foundation's project. Launched in 2016, it provides an open-source universal data plane with the focus on high-throughput, low-latency, and resource-efficient IO services. It works across many hardware (x86, ARM, PowerPC) and in any environment (bare metal, VM, containers), and enables deploying SDN, NFV and Cloud at high speed and in scale.

The key component of FD.io is VPP (Vector Packet Processing) technology donated by Cisco. Along with the virtual router and switch functionalities, VPP is a software framework. Thanks to its modular design, it allows developers to build other services as plug-ins. Any plug-in developed under the VPP architecture requirements smoothly integrates into the VPP framework and requires zero efforts from customers to use it from day one.

AT&T and Comcast are service providers who are actively pushing FD.io and VPP technologies to commercial use. In fact, there are others using Linux Foundation's (LF) projects for a long time. Because of straight-through integrations capabilities across LF solutions, FD.io is used by more operators and considered to be a choice for open source driven networks.

Carrier Grade NAT

Carrier-Grade NAT (CGNAT) is a technology that extends the life of IPv4 networks and smoothly migrates to IPv6. It allows service providers to change private network addresses into public IPv4 addresses. This enables the sharing of small pools of public addresses among multiple end sites, thus greatly expanding the capacity of the existing network.

Currently open-source VPP offers basic NAT44 and NAT64 functionality. Perfectly suitable for simple cases, it, however, does not answer growing CSPs' requirements to a fully functioned Carrier-Grade NAT solution. Operators had to compromise: to use a simple NAT inside the VPP or to deploy a full-featured commercial CGNAT that separates from the open-source platform.

Commercial CGNAT for an open source environment

NFWare comes up with a solution that provides rich functionality, and works in the VPP/FD.io environment. The NFWare CGNAT plug-in is designed from scratch with no repurpose of VPP's NAT code. It is based instead on an award-winning NFWare vCGNAT which has been deployed already in various Tier-1 wireline and wireless service providers.

NFWare vCGNAT VPP plugin has been successfully deployed in commercial networks and now available for the market. Its extra features include:

  • NAT44
  • NAT64
  • Stateless firewall
  • Stateful firewall
  • Flood attacks protection
  • Malformed packets attacks protection
  • NAT66 (NPTv6, RFC 6296)
  • NAT policies and pools depending on any combination of L3/L4 fields
  • VRF-aware
  • Rate limiting
  • High speed logging (Syslog, Netflow, RADIUS)
  • FTP ALG
  • PPTP ALG
  • SIP ALG
  • RTSP ALG
  • DNS ALG
  • IPSEC ALG

This feature set meets the most demanded service providers' requirements which makes it suitable for deployments at small and large operators worldwide.

Use-Case

NFWare CGNAT plug-in might be interesting for service providers who want to build a bigger solution on FD.io, where CGNAT is one of the components missing.

Deployment of NFWare solutions requires integration and, sometimes, software development specifically for a project. NFWare team reviews the current infrastructure and a customer's goals and suggests a deployment scenario.

Expanding available deployment options

With the special release of vCGNAT for VPP, NFWare expanded the accessibility of its solution to more deployment cases. The vCGNAT now supports various hardware: x86, ARM, and could be deployed as bare-metal or VM, suitable for virtual, cloud environments, including FD.io/VPP platform.
Are you looking for a CGNAT solution?
We can help! NFWare Virtual CGNAT is an acclaimed solution that enables over 100 ISPs to effectively address the IPv4 shortage issue. Kindly provide your email address, and we will get in touch with you to provide further information!
Learn more about NFWare Virtual CGNAT
Our industry-leading high-performance solution for ISPs that efficiently solves the IPv4 exhaustion problem
Related Content
    Feel free to share:
    Need assistance in understanding the nuances of the CGNAT solution?