DDoS Detection, Mitigation, Orchestration, and Threat Intelligence
Consolidated Security & CGNAT
TLS/SSL Inspection
Web Application Firewall
Application Security & Load Balancing
Analytics & Management
CGNAT & IPv6 Migration
As rural broadband initiatives and digital divide programs like the FCC’s Rural Development Opportunity Fund (RDOF) and Emergency Broadband Benefit Program and the USDA’s ReConnect make billions of dollars available to help bridge the digital divide, communications service providers have a wealth of opportunities to add subscribers, expand territory, and grow their business. First, though, they’ll need to address the challenges posed by IPv4 exhaustion—and its impact on the cost of new subscriber IP addresses.
Since November 25, 2019, when the final allocation of publicly available IPv4 addresses was made, new IPv4 addresses have been obtainable only at high open market prices—often $25 per address or more. There’s a virtually unlimited stock of IPv6 addresses available, but migration to the new standard is a highly complex prospect and impractical in the short term for many communications service providers. To fully capitalize on programs like RDOF, they need a more feasible and affordable way to support new subscribers.
Fortunately, there’s another way forward. Carrier-grade NAT (CGNAT), a standard for network address translation (NAT), makes it possible to extend the life of existing IPv4 addresses to support additional subscribers. In this way, communications service providers can capture new opportunities for growth—while simultaneously positioning their business for IPv6 migration when the time is right. This topic is explored in depth in the new ebook, “IPv6 – Are We There Yet? How to Co-exist with IPv4 and IPv6 using CGNAT.” In this blog, we’ll explore the urgent relevance of this topic for communications service providers.
While broadband plays a central role in American life, millions of households in both rural and urban communities still lack access to high-speed internet from broadband services from either fiber-to-the-home (FTTH), fixed wireless internet, or mobile ISP—representing a vast potential market for providers. Now accelerating government support for rural broadband initiatives and digital divide programs are turbocharging that opportunity. Among many other programs:
Meanwhile, demand for broadband services is surging. As the COVID-19 pandemic shifted broad swaths of modern life online, average broadband network usage soared by 40 percent from Q4 2019 to Q4 2020 (Source: Foundation for Rural Service). More than two-fifths of rural districts made live virtual classes a primary part of their K – 5 distance learning strategy, and by September 2020, nearly a quarter of the population had started or increased use of telehealth for treatment of physical conditions since the pandemic began (Source: Foundation for Rural Service).
Rural broadband networks have performed well, thanks in part to infrastructure investments by rural broadband providers and an increase in fiber-to-the-home penetration. This robust connectivity paves the way for new opportunities for both communications service providers and underserved communities and customers, facilitating the introduction of new services such rich content experiences, new forms of collaboration, distance learning, telehealth, IoT, precision agriculture, and more.
One of the problems that communications service providers will need to address upfront is IPv4 exhaustion—a significant issue, but a solvable one.
The cost of acquiring more IPv4 addresses to support new growth has escalated rapidly over the last few years, as the last remaining IPv4 addresses from Regional Internet Registries (RIRs) have been fully allocated. IPv6 migration is a complex and long-term prospect—and even if communications service providers chose to switch over their own infrastructure, they’d still need to be able to support IPv4 at the same time in order to carry IPv4 content and accommodate IPv4 devices. In order to accommodate large waves of new customers connecting to broadband services through Fiber to the Home (FTTH) investments, many communications service providers will need to find a way to extend the utility of their current IPv4 addresses.
Carrier-grade NAT (CGNAT), also known as large-scale NAT (LSN), offers a solution. In a standard NATdesign, network address translation enables a single public IPv4 address to be shared across the devices on a private network. CGNAT adds an additional translation layer to NAT that allows service providers to share their own public IPv4 addresses across the private IPv4 networks of multiple subscribers, multiple devices of a single subscriber, or multiple businesses.
By using architecture models like NAT44 or NAT444, CGNAT can expand IP address pools by 40 – 60X or more, helping communications service providers support new subscribers and drive growth without the need to purchase new IPv4 numbers on the open market, or to upgrade or enhance home modems, routers, or cellular phones.
As communications service providers leverage address translation technologies to grow their footprint and reach new rural broadband initiative and digital divide customers, they need to keep security top-of-mind; service provider networks are big targets for distributed denial of service (DDoS) attacks. Traditionally, a DDoS attack on a communications service provider’s infrastructure was somewhat isolated. If an individual subscriber was targeted, the attack was contained to their service. With a NAT gateway in place, however, hackers can target the gateway itself to take down the access of large swaths of subscribers. They can also target an individual subscriber and jump to the corresponding NAT gateway to propagate their attack to other subscribers.
A CGNAT solution can help communications service providers protect subscribers from DDoS attacks and ensure that the NAT gateway itself is not compromised. Mitigation techniques include IP anomaly protection to recognize and drop traffic from common attack signatures; Internet Control Message Protocol (ICMP) rate limiting; CPU overload protection caused from spoofing attacks; connection rate limiting; and automatic IP address blacklisting to mitigate attacks targeting NAT pool addresses.
Richweb, a managed services provider, is helping to bring digital equity to rural communities across Virginia by working with nonprofit electric cooperatives delivering high-speed broadband to their members. As part of its infrastructure services portfolio, Richweb now provides CGNAT services to help its electric-coop customers serve more Virginia residents, more cost-effectively. Richweb’s customers use CGNAT to make the most of their IPv4 address allocations, enabling them to efficiently serve more subscribers and more connected devices.
MCTV, a regional communications service provider in Ohio and West Virginia, provides advanced broadband internet, digital TV, phone, and security to approximately 55,000 homes and businesses. The company uses CGNAT to solve IPv4 address exhaustion for both Fiber to the Home (FTTH) and cable networks. By increasing subscriber coverage by 31X for each IPv4 address, MCTV can now expand into new service areas while ensuring the availability of residential internet, digital TV, and phone services.
While communications service providers address the immediate challenge of IPv4 exhaustion, they should also be making plans for an eventual transition to IPv6—an evolution that is already well underway among online content providers and large mobile network operators as they have migrated their networks to 4G and 5G. The interconnected nature of IPv6 adoption makes it a complex and long-term process. To achieve full IPv6 adoption globally, each link in the chain must be running IPv6, from the end-user, to the carrier, to the content provider. Realistically, not all three of these links in the chain will switch over at the same time. Subscribers will always want to connect to as many endpoints as possible, including at least a few IPv4-only websites. As a result, even companies with IPv6 implementation in their networks still need to communicate with legacy IPv4 servers and applications. On the other side of the equation, IPv4 customers need to be able use services developed with IPv6.
A complete carrier-grade networking (CGN) solution should provide both CGNAT and IPv4-IPv6 migration techniques. By enabling connectivity between IPv4 and IPv6 devices, networks, and internet destinations, these solutions can help communications service providers extend the life of their current IPv4 investments while they evolve and manage the hybrid environment resulting from coexisting IPv4 and IPv6 infrastructure.
As communications service providers seek to capture the opportunities offered by programs like RDOF, while also dealing with IPv4 exhaustion, and making a plan for IPv6 adoption, carrier-grade networking including CGNAT and IPv4-IPv6 transition is becoming an essential platform for long-term growth. To learn more, read the ebook, “IPv6 – Are We There Yet? How to Co-exist with IPv4 and IPv6 using CGNAT.”