The CGNAT Performance Challenges Hidden in Converged Solutions

The value of CGNAT is being recognized by a wider range of telecom equipment companies who are delivering converged solutions that combine routing or firewall applications with several other built-in features including network address translation.

This is logical as demand for CGNAT is rising as customer organizations are continually dealing with the increased expenses of IPv4 address management due to the IPv4 network address shortages and the costs of migrating to IPv6.

And at first, a converged solution sounds like a great idea because it's only one thing to buy, operate and manage. And while all those are great reasons for a converged solution, service providers are operating in a world where high-performance is critical. And there's a hidden performance challenge in these converged solutions that outweighs the integration advantages.

Usually, these converged solutions are sold with a focus on the performance of a primary application – usually either a router or a firewall. But these primary applications compete with the other converged applications for CPU resources and often deliver their max throughput only when the other applications are turned off or running at less than full performance.

This can also be the case with virtualized converged solutions which scale their performance by consuming more CPU cores; the whole solution is tuned for the success of the primary application.

Which means, if you want the max router performance then don't expect to maximize the performance of the other applications – including CGNAT.

About 20% of customers come to us to solve this dilemma and our advice to them is to think of the converged router as a router and to turn off the CGNAT functionality and instead install a standalone NFWare virtualized CGNAT solution.

That advice can be hard to hear when you've invested in a converged solution. But that's a sunk cost. You still need to deliver the performance for your users.

Here's a few reasons why this strategy helps solve the converged solution performance challenge:

1. Ability to Maximize Performance
NFWare CGNAT has been tested by Intel and others at up to 370 Gbps, whereas most converged solutions promote the router / firewall functionality at a max of 100Gbps. That means the output of three full speed 100Gbps routers can be processed by NFWare CGNAT. This throughput alone is a reason for changing as it can maximize the performance of the converged solution's primary application and of the CGNAT.

2. Cost
NFWare's licensing is based on throughput, making it a very cost effective solution to start with and very competitive at higher throughput levels. At any traffic level NFWare CGNAT licensing is an easy solution to budget for.

3. Deployment Flexibility
There are applications where you might need standalone CGNAT, for example where a router is already in place, or you want to aggregate multiple data flows to a single CGNAT instance. In these cases, the scalability of CGNAT is a great fit.

CGNAT is a critical network service for ISPs and operators and while it might be convenient to buy it as part of a converged solution these solutions are performance optimized for the router or firewall. Thus, if you need the maximum CGNAT throughput, turn off your CGNAT and deploy a new NFWare CGNAT solution where you will get industry best performance, flexibility, and cost.