7-IPv6 HSI CGN Solution Introduction PDF

IPv6 HSI CGN Solution
Introduction
www.huawei.com
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved.

Foreword
⚫ Currently, DS+NAT444 and DS-lite are mainstream IPv6 transition
solutions in the industry. Both solutions are implemented by
using the CGN devices or boards.
⚫ When deploying new devices, carriers need to consider many

factors, such as the deployment costs, impacts on services, and
subsequent capacity expansion.
Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved. Page1
Objective
⚫ Upon completion of this course, you will be able to:
 Describe the functions of the CGN in the IPv6 transition solutions
 Describe CGN deployment solutions
 Describe characteristics of CGN NAT and NAT traversal
 Describe characteristics of the CGN port allocation solutions
 Describe the CGN user tracing solutions
 Complete data configuration in typical CGN application scenarios
Contents
1. Overview of CGN
2. Introduction to CGN networking solutions
3. Introduction to CGN NAT and NAT traversal
4. Introduction to the CGN port allocation solution
5. Introduction to CGN user tracing solutions
6. Configuration example for the typical CGN application scenarios
Contents
1. Overview of CGN
2. Introduction to CGN networking solution
Contents
1. Overview of CGN
 Terms related to CGN
 NAT
 DS+NAT44(4) solution
 DS-lite solution
 Factors affecting CGN deployment
Terms Related to CGN
⚫ CGN---Carrier Grade NAT
⚫ NAT ---Network Address Translation:

 NAT addresses the issue of IPv4 address exhaustion. It is major
function is to reuse addresses. NATs are classified into basic NAT and
network address port translator (NAPT).
⚫ DS---Dual-stack
⚫ NAT444: twice IPv4-to-IPv4 address translation

 NAT444 consists of CPE NAT44 and CGN NAT44. These two levels of
NAT are independent of each other. NAT444 increases the address
reuse rate.
⚫ DS-Lite--- Dual-Stack Lite
⚫ CPE ---Customer Premises Equipment
NAT—Basic NAT Address Translation
⚫ Basic NAT is also called NO-PAT mode in which only the IP address is
translated. Each private IP address is mapped to a public IP address.
Therefore, the public network address resource cannot be saved.
Direction Before NAT After NAT
Outbound 192.168.1.3 20.1.1.1
Src: 192.168.1.3 Src: 20.1.1.1

Host Dst: 1.1.1.2 NAT Dst: 1.1.1.2
Server
192.168.1.1 20.1.1.1
Intranet Internet
192.168.1.3 1.1.1.2
Src: 1.1.1.2 Src: 1.1.1.2
Dst: 192.168.1.3 Dst: 20.1.1.1
NAT— NAPT Address Translation
⚫ In NAPT mode, both the private IP address and port number are translated into a public
IP address and port number. Source addresses of packets coming from different private
addresses can be mapped to the same public address, but the port numbers of these
packets are translated into different port numbers under this address. Therefore, these
packets can share the same address.
Direction Before NAT After NAT
Outbound 192.168.1.2:1111 20.1.1.1:1001
Outbound 192.168.1.2:2222 20.1.1.1:1002
Outbound 192.168.1.3:1111 20.1.1.1:1003
Host A Packet 1 Packet 1

Src:192.168.1.2:1111 Src: 20.1.1.1:1001
192.168.1.2 Packet 2 Packet 2

Src: 192.168.1.2:2222 NAT Src: 20.1.1.1:1002 Server
192.168.1.1 20.1.1.1
Intranet Internet
Host B 1.1.1.2
Packet 3 Packet 3
Src: 192.168.1.3:1111 Src: 20.1.1.1:1003
192.168.1.3
DS+NAT44(4)
Terminal Access Metro Core Servers
TV BRAS CR
CGN
CPE P
PC LSW IPv4/IPv6 Dual- IPv4
Stack
PE PE
Phone
OLT BRAS CR
P IPv6
CGN
NAT44 NAT44
Private IPv4 Private IPv4 Public IPv4 CPE Route Mode
IPv6 DS+NAT444
NAT44
Private IPv4 Public IPv4 CPE Bridge Mode
IPv6 DS+NAT44
⚫ In the DS+NAT44(4) solution, the packet containing the private IPv4

address must be redirected to the CGN device or board. The CGN
performs NAT to translate the source private IPv4 address into a public
IP address, and then forwards the packet.
DS-lite
Terminal Access Metro Core Servers
TV BRAS CR
CGN
CPE Dual P
PC DSLAM IPv4
IPv6-Only stakck
PE PE
Phone
OLT CR
BRAS
CGN P IPv6
NAT44
Private IPv4 4in6 Tunnel Public IPv4 CPE routemode
DS-Lite+NAT+PPPoE
IPv6
⚫ For access requests sent from IPv4 users, the CPE sets up a 4in6 tunnel with
the CGN. A user obtains the private IPv4 address from the CPE. The CGN
translates the private IPv4 address into a public IPv4 address, which is used to
access the IPv4 Internet.
⚫ In the DS-lite solution, the CGN sets up 4in6 tunnels and implements NAT
Factors Affecting CGN Deployment
3. CAPEX
• Equipment Cost
2. Impacts on services • Engineering delivery
costs and risks
• User management 4. OPEX
• User tracing
• Intelligent network
3 • O&M interface
services • Troubleshooting
• Lawful interception 2 Factors 4 • Equipment upgrade
affecting CGN
deployment
1. Impacts on the bearer 1 5

network 5. Impacts on network
• Network traffic direction evolution
• Smooth network evolution
• Network reliability
Self-Test Questions
1. Functions of the CGN in the mainstream IPv6 transition solutions
(including DS+NAT444 and DS-lite) are ( )
A. Setting up 4in6 tunnels with the CPE
B. Parsing domain names for the IPv6 services
C. Translating the MAN IPv6 addresses into IPv4 addresses
D. Performing NAT on uplink private network packets of the MAN
Contents
1. Overview of CGN
Contents
 Classification of CGN forms
 Comparison of CGN forms
 CGN networking solutions
 Comparison of CGN networking solutions
Classification of CGN Forms–Stand-alone
CGN
⚫ A stand-alone CGN can be mounted beside or directly to other network
devices CR
CR
PE PE
CGN
CGN CGN
CGN
CR CR BRAS BRAS
Directly mounted between
Directly mounted between
the CR and the PE
the CR and the BRAS
CR CR
CR CR
CGN CGN
Mounted beside the CR Mounted beside

BRAS BRAS CGN BRAS the BRAS BRAS CGN
Classification of CGN Forms–Integrated CGN
CR CR CR CR
CGN board installed on CGN board installed on

a CR a BRAS
BRAS/SR BRAS/SR BRAS BRAS
⚫ Comparison of the preceding deployment modes is as follows:

 The mode in which the CGN board is installed on a CR is applicable to the scenario where
users are scattered. The costs at the early stage are low. As the number of users increases,
however, the distributed CGN needs to be added. Users cannot be managed and real-time
tracing is difficult to implement.
 The mode in which the CGN board is installed on a BRAS is applicable to the
scenario where users are centralized. This mode allows lean user management
and facilitates real-time tracing. Page16
System Architecture of the Integrated CGN
1 3
LPU SFU LPU
VSUI-20-A
(CGN)
⚫ The integrated CGN is implemented by the VSUI series board, which is a multi-
core service board. This board is a centralized board that does not provide any
outbound interface.
⚫ Service flow: The interface board routes the traffic to the service board. The
service board completes the CGN function and then sends the traffic to the
interface board. The interface board sends the traffic out of the system.
Comparison of CGN Forms
Integrated CGN
Stand-alone CGN
Integrated with a CR Integrated with an SR/BRAS
Feasibility of
Occupies a forwarding port Occupies a forwarding slot Occupies a forwarding slot.
deployment
External Uses a stand-alone subrack. The number Shares a subrack with other boards. The Shares a subrack with other boards. The
interfaces of interfaces is limited number of interfaces is not limited. number of interfaces is not limited
The cost is low. Only a board needs to be The cost is low. Only a board needs to be
Cost The cost is high. A device must be added
added. added
Does not participate in user Does not participate in user authentication.
Participates in user authentication. Can
Tracing authentication. Cannot detect users. The Cannot detect users. The tracing capability
detect users. The tracing capability is good.
capability tracing capability is poor. is poor.
Supports online tracing.
Does not support online tracing Does not support online tracing.
Connected to dual hosts in side Supports the two-board configuration.
mounting mode. The reliability is high, Is integrated with network services. Supports
Reliability Supports the two-board configuration
but functions are not rich, and the various protection modes of the network. The
cooperation with the network is poor. reliability is high.，
Service
Provides functions to maintain accessed
capability and Does not provide the service capability. Does not provide the service capability.
users.
user Cannot detect users. Cannot detect users.
management Has strong control capability.
Provides functions to maintain accessed users.

The capacity and scalability are affected by Has strong control capability.
Capacity and
The capacity and scalability are high the vacant slots on the device with which The capacity and scalability are affected by
scalability
the CGN is integrated. the empty slots on the device with which the
CGN is integrated.
Change in
A device is added, which changes the Only boards are added, which does not Only boards are added, which does not
network
existing network topology change the existing network topology change the existing network topology.
topology
Page18
CGN Networking Solutions—Centralized
Mode Deployment of the CGN in centralized mode
⚫ Deployment position: deployed at the egress of the MAN
⚫ Deployment mode: stand-alone CGN device mounted beside

Backbone
the CR
⚫ Deployment difficulty: The investment at the early stage is

IDC low. It is easy to deploy new devices in a centralized manner.
CGN deployment position
CR CGN ⚫ Traffic analysis: Traffic within a city is transferred to CRs and
L3 CGN devices for processing. This increases the traffic
MAN volume on CRs and the CGN is more likely to become a
performance bottleneck.。
SR BRAS
⚫ Reliability: The CGN needs to maintain a large number of
sessions. Therefore, a single-point failure affects a large
LSW number of users. Reliability requirements are high and the
Access LSW
network networking is complex
DSLAM OLT DSLAM OLT L2 ⚫ Long-term trend: With flattening of the network and the
increase in IPv4 traffic, the position of the CGN will gradually
be moved downwards.。
⚫ User management: The CGN deployment position is high on

CPE CPE CPE CPE CPE CPE CPE CPE the network. The CGN cannot obtain the user information.
Therefore, it is difficult to implement user policy control and
user tracing.
⚫ Values: The total cost is low. The solution facilitates

centralized control and is suitable for fast deployment at the
early stage of IPv6 network deployment.
Page19
CGN Networking Solutions—Distributed
Mode Deployment of the CGN in Distributed mode
⚫ Deployment position: deployed at the BRAS/SR

Backbone position
⚫ Deployment mode: board installed on a BRAS/SR

IDC
⚫ Deployment difficulty: The investment at the early
CR CGN stage is highly. Should deploy in multiple points.
L3
MAN ⚫ Traffic analysis: Traffic mode is unchanged and the
forwarding effectively is high. The performance of
SR BRAS
the equipment is low.
CGN deployment position
⚫ Reliability: The CGN needs to maintain a few
LSW
LSW
Access number of sessions. Therefore, a single-point
network
failure affects a few number of users. Reliability
DSLAM OLT DSLAM OLT L2
requirements are low and the networking is simple
⚫ Fit for the distributed and flattening development

architecture nowadays.
CPE CPE CPE CPE CPE CPE CPE CPE
⚫ Values:：the architecture of the network is
unchanged to realize address and NAT resource
distributed.
CGN Networking Solutions—Reliability
Centralized
mode
The fault affects Trouble No dual-device backup dual-host backup
users served by
all BRASs The BRAS cannot detect faults The active/standby backup is
connected to the on the CGN. If faults on the often implemented using the
CGN are not rectified, users cold backup mode. The fault-
CR. CR will be always in online state triggered switching time is
Centralize but cannot access the Internet determined by the route
Metro d mode normally. convergence time and the
backup time of a large number
Distributed mode of NAT sessions.。
BRAS
PPP
The BRAS can detect faults on The dual-host hot backup

The fault affects the CGN. A rollback domain is mode is used. The
configured on the BRAS to active/standby switchover is
only local users.
B4 force users to get offline and implementing using VRRP. The
dial up again and switch over fault-triggered switching time
Distribute users to the public network is determined by the BFD time
d mode domain. In this way, users are and the backup time of NAT
protected against faults on the sessions.
IPv4+IPv6 CGN.
Page21
CGN Networking Solutions—Equipment Cost
(1/3)
Uplink LPU
Downlink LPU ⚫ When the CGN is deployed in distributed
CR mode, the traffic model is as follows:
 The data is routed to the service

board, redirected to the CGN board
based on a policy, sent to the
Uplink LPU service board, and finally
C
G forwarded by the service board.
Downlink LPU N
⚫ Cost: A CGN board is added
BRAS
Centralized mode
SFU
(2/3)
⚫ When the CGN is deployed in centralized
mode, the traffic model is as follows:
C Up linkLPU Up link LPU Up link LPU
 User data is routed to the CR on the MAN
G
Down link LPU through the BRAS service board. The CR
N Down linkLPU Down link LPU
redirects the user packet to the CGN device
CGN CR
based on the routing policy. The CGN device
processes the packet and sends it to the CR.
The model of the traffic from the Internet to
UplinkLPU
users is the reverse operations of the
outbound traffic model.
DownlinkLPU
⚫ Cost: A CGN device is added to the
BRAS
existing traffic model. A pair of interfaces
must be added respectively on the CR
Centralized mode
and the CGN device for interworking
SFU between them.
(3/3)
⚫ Cost calculation:
⚫ Preset conditions:
 10G Port，processing capability of the CGN
board Bit Cost
50
Centralized mode
 Cost of equipment bit：CGN per Port cost=1；
30 Distributed mode
 CR per Port cost=1.5；CGN per Board cost=3
deployment
 Deployment in every area 10
⚫ Mode 1（10G traffic）：

10G 30G 50G 100G
User Traffic
 Distributed mode：3
 Centralized mode： 1×2+1.5×2+3 = 8
⚫ Mode 2（50G traffic）： ⚫ As the traffic increases, the cost per

 Distributed mode ：3×3 = 9 bit in centralized deployment mode is
 Centralized mode：1×10+1.5×10+3×3 = 34 much higher than that in distributed
⚫ Mode 3（100G traffic）： deployment mode
 Distributed mode：3×5 = 15
 Centralized mode：1×20+1.5×20+3×5 = 59
Page24
CGN Networking Solutions—Engineering Delivery Costs
and Risks
Distributed Deployment of the Centralized Deployment of the CGN Mounted
CGN Installed on the BRAS Beside the CR
Public IP addresses are managed on the CR and the NAT device. Public
Network Public IP addresses are managed on the
IP addresses used by all BRASs connected to the CR must be
planning BRAS
consistently planned.
Equipment The CGN board must be purchased and The CR interface board and the NAT device and server must be
procurement, installed on the BRAS. purchased.
installation, and The BRAS must be upgraded to support the The NAT device and log server must be installed. The CE must be
upgrade CGN feature connected to the NAT device.
Network
The configuration on BRAS must be Data used for interworking between the NAT device and the CR must
element
configuration
modified to support CGN users be configured. In addition, the NAT device must be configured.
Adjustment must be made simultaneously on the BRAS, CR, and NAT

Migration to the The migration involves only the BRAS. Risks
device to complete the migration. The CR is located on a key position
live network may arise only on devices under the BRAS
and faces greater risks.
The delivery involves the BRAS, CR, and NAT device. Issues related to
The delivery involves only the BRAS and is
Engineering these devices must be planned in a centralized manner. The routing
irrelevant to the CR. Coordination between
delivery and information must be adjusted on the entire network. In addition,
operation
different levels of O&M teams is not
coordination between different levels of O&M teams in different cities
required
or in the provincial center is required.
The CGN board is added. Related
Service The boards of the NAT device and the CR interface board are added.
configuration must be modified on the
expansion The configuration of the entire network must be modified.
BRAS
Page25
CGN Networking Solutions—Network O&M
⚫
Cost Analysis
O&M interface:
 Generally, the O&M interface between the provincial company and the city companies of a carrier is located between the BRAS and the CR.
BRAS and devices under the BRAS are managed by city companies, whereas the CR and devices above the CR are managed by the
provincial company. If tunnels are faulty when the DS-lite centralized deployment mode is used, the O&M personnel of both the provincial
company and the city companies must cooperate with each to rectify the faults. This increases the coordination costs
DS-Lite
B4 Tunnel
BRAS CR AFTR
IPv4+IPv6
Company in Provincial
each city company
⚫ Fault location:
Distributed networking: 1->N fault location
Locate the fault by checking the BRAS and devices under the BRAS BRAS BRAS BRAS BRAS BRAS BRAS
BRAS. With gradual deployment of the CGN and BRAS, the O&M
process is a 1->N process.
Centralized networking: 1+N fault location

Locate the fault by checking all BRASs and CRs on the access CR CR CR
network and MAN. Therefore, the O&M process is a 1+N process
BRAS BRAS BRAS BRAS BRAS BRAS
and devices in a large scope need to be checked to locate the fault. BRAS
Comparison of CGN Networking Solutions(1/2)
Centralized Deployment of the CGN Distributed Deployment of the CGN
CGN Mounted Beside a CR CGN Board Installed on a CR CGN Integrated with a BRAS or an SR
The cost is high when users are scattered and
low when users are centralized. CGN needs to be
Total The investment at the early stage is low. It is easy to deploy new devices in a centralized manner. The
deployed at multiple points and cannot be
private network routes of users must be advertised on the MAN. Private address planning and the
controlled in a centralized manner. The
cost solution for isolating the public network routes from private network routes are complex.
installation and subsequent O&M workload is
heavy.
The CGN deployment position is high on the network. The CGN cannot obtain the user information.
Therefore, it is difficult to implement user policy control and user tracing. The CGN is integrated with the BRAS. The Radius
User server reports the user log to implement user
It is difficult to implement application level gateway (ALG) control on the NAT located at the core. This
manag seriously prevents deployment of new applications.
tracing. The solution is simple and facilitates
user-based lean policy control and real-time and
ement The log server must be deployed to record logs and implement tracing. This increases the investment and accurate tracing.
O&M difficulty.
Traffic within a city increases the traffic on CRs. The CGN

can hardly meet the service development requirements
Traffic within a city is transferred to CRs and
Service due to the restriction of CR slots. If the loads of BRASs The traffic model is not changed. The forwarding
CGN devices for processing. This increases
on the live network cannot be distributed to different efficiency is high and performance requirements
the traffic volume on CRs. The CGN can meet
traffic the development requirements of new users.
CRs, the network topology must be changed to prevent are low.
the failure of allocating different public IP addresses to
the same user.
The CGN devices need to maintain a large The CGN devices need to maintain a large number of
Reliabil number of sessions. Therefore, a single-point sessions. Therefore, a single-point failure affects a large The traffic model is not changed. The forwarding
failure affects a large number of users. number of users. CRs must be upgraded. The CGN faults efficiency is high and performance requirements
ity Reliability requirements are high and the affect CRs, introducing high risks. Reliability are low.
networking is complex. requirements are high.
Devices can be managed in a centralized manner. CGNs

This solution can be deployed in areas where
Deploy New devices must be managed and and CRs belong to different O&M teams, which
users are centralized. The CGN can be directly
maintained. With flattening of the network increases difficulty in O&M coordination and is difficult
ment and increase in the IPv4 traffic, the CGN must to meet the service development requirements. With
deployed in these areas without being moved
downwards like that in the centralized
value be gradually moved downwards. increase in the IPv4 traffic, the CGN must be gradually
deployment mode.
moved downwards.
Page27
Comparison of CGN Networking
Solutions(2/2)
⚫ Mainstream CGN deployment solutions:
Distributed deployment of CGN that is Centralized deployment of CGN

integrated with the BRAS/SR that is mounted beside the CR
⚫ This solution is suitable for fast deployment of
⚫ This solution is suitable for direct CGNs in areas where users are scattered.
deployment of CGNs in areas where ⚫ The CGN deployment position is high on the
users are centralized. network. The CGN cannot obtain the user
⚫ The CGN is integrated with the BRAS. information. Therefore, it is difficult to
The tracing solution is simple, which implement user policy control and user tracing.
facilitates user-based lean policy control. ⚫ Traffic within a city is transferred to CRs and
⚫ The traffic model is not changed. The CGN devices for processing. This increases
forwarding efficiency is high and the traffic volume on CRs and the CGN is
performance requirements are low. more likely to become a performance

bottleneck.
Self-Test Questions
2. Mainstream CGN deployment solutions include ( )
A. Distributed deployment of CGN that is integrated with the BRAS/SR
B. Centralized deployment of CGN that is mounted beside the CR
C. Distributed deployment of CGN that is mounted beside the BRAS/SR
D. Centralized deployment of CGN that is integrated with the CR
Contents
1. Overview of CGN
Contents
 Introduction to CGN NAT
 NAT Traversal
Introduction to CGN NAT—Full-Cone
⚫ Full-cone：Full-cone NAT is also called triplet NAT. In this mode, the peer
address and port translation mode is not cared. The device distributes
addresses and filters packets by creating triplet entries (source address,
source port number, and protocol type). The full-cone NAT reduces the
security performance, but supports a wider application of NAT traversal.
10.1.1.200:100 -> 152.100.1.21:10240 ->

121.12.124.20:80 121.12.124.20:80
121.12.124.20
10.1.1.200:100 152.100.1.21:10240
<- 121.12.124.20:80 <- 121.12.124.20:80
10.1.1.200 10.1.1.200:100 152.100.1.21:10240

<- 131.15.124.22:80 <- 131.15.124.22:80 131.15.124.22
Introduction to CGN NAT—Symmetrical
Mode
⚫ Symmetrical NAT is also called quintuple NAT. In quintuple NAT, if the
destination IP addresses and port numbers of packets are different but the
source IP addresses and port numbers are the same, the NAT device translates
the source IP addresses and port numbers into different external network IP
addresses and port numbers.
152.100.1.21:10240 ->
10.1.1.200:100 -> 121.12.124.20:80
121.12.124.20:80
152.100.1.21:10240 121.12.124.20
10.1.1.200:100 <- 121.12.124.20:80
<- 121.12.124.20:80
10.1.1.200 152.100.1.21:10240
<- 131.15.124.22:80
131.15.124.22
NAT Traversal—Overview(1/2)
⚫ Why is NAT traversal required?
 With wide application of NAT, application layer protocols that use the IP address and port number as
communication IDs cannot run properly.
 Applications, such as instant messaging (session and control messages), SIP (RTP/RTCP), and online
payment, require that session connections of the same host use the same source IP address. If the
same host originates sessions that contain the same IP address and port number, the NAT results
may be different due to the dynamic address translation of the standard NAT.
 The standard NAT is implemented by changing the address information in the IP packet header or
UDP/TCP port number. The payload of some application layer protocols, however, contains the IP
address and port number. Consequently, some packets may be judged as invalid and therefore
discarded.
 Assume that external networks need to use services provided by servers on an internal network. If a
standard NAT solution is used, when a packet coming from an external network arrives at the CGN,
NAT mapping may fail and the packet may be lost because the related triplet or quintuple entry is
not created.
NAT Traversal—Overview(2/2)
⚫ NAT traversal technologies
 ALG
◼ Application scenario: ALG translation of frequently-used protocols
 Full-cone mode
◼ It is also called triplet NAT. In this mode, the peer address and port translation mode is not cared. The device
distributes addresses and filters packets by creating triplet entries (source address, source port number, and
protocol type). The full-cone NAT reduces the security performance, but supports a wider application of NAT
traversal. Application scenario: P2P services
 Direct distribution of public IP addresses and port forwarding

◼ Application scenario: External networks need to use services provided by internal networks. Considering the
complexity in deploying port forwarding, the solution of directly distributing public IP addresses is
recommended for this application scenario.
 CGN-independent NAT traversal

◼ STUN、 TURN and so on
NAT Traversal—NAT ALG
Client and FTPS server set control
Set the control connection with 202.10.1.2
connection
Send port Packet 192.168.1.2 202.10.1.2
Data S:192.168.1.2:1084 Data S:192.168.1.2:1084

D:202.10.1.1:21 D:202.10.1.1:21
Packet S:192.168.1.2:1084 Packet S:202.10.1.2:12486
header Set data transmit tunnel NAT header dencapsulation
D:202.10.1.1:21 D:202.10.1.1:21
Data S:192.168.1.2:1084
client Access Private Public

Metro
I didn’t set connection
network network with192.168.1.2
202.10.1.1
192.168.1.2 CGN card FTPS
Send port packet Data S:200.10.1.2:12486
D:202.10.1.1:21
server
Data S:192.168.1.2:1084
D:202.10.1.1:21
Packet S:202.10.1.2:12486
header D:202.100.1.1:21
Packet S:192.168.1.2:1084 NAT ALG
header D:202.10.1.1:21 Port packet load has been transferred
Handling
Data S:200.10.1.1:20 Data S:200.10.1.1:20

D:192.168.1.2:12486 D:202.10.1.1:12486
Packet S:202.10.1.1:20 FTPS server sent data connection to HOST Packet S:202.10.1.1:20
header header D:202.100.1.2:12486
D:192.168.1.2:12486
FTPS server sent data connection to HOST
trasmit the data on the established data tunnel
NAT Traversal—Full-Cone Mode
⚫ The full-cone mode is
applicable to P2P
services Triplet-based filtering that does not involve
the destination IP address and port
Protocol number
BRAS Source IP address: 192.168.1.2: 2
User 1 Destination IP address: *: *
1 . Registration
CGN 1
Access
2 . Communication 202.38.162.2
BRAS
P2P service
server
1. Registration
User 2 CGN2
CGN-Independent NAT Traversal–STUN
⚫
The application communicates with the
well-known server located on the public
CGN 1
User 1 BRA network to obtain the NAT type and NAT
S external network address and port number.
rendezvous server
Access Private Public
network network 202.38.162.2
My public address and port？ CGN2
BRA
S
The public address
and port are
User 2 Public Address POOL: 245.49.1.2...
245.49.1.2: -…
⚫ CGN-independent NAT traversal is implemented by the application

software itself.
 STUN ( Session Traversal Utilities for NAT )
 TURN ( Traversal Using Relay NAT )
Self-Test Questions
3. Which of the following modes are supported by the CGN to
implement NAT traversal? ( )
A. Full-cone mode
B. Symmetrical mode
C. NAT ALG
D. STUN
Contents
1. Overview of CGN
Contents
 Session-based port allocation
 Port Range Pre-allocation
 Comparison of Port Allocation Solutions
Traditional Session-based Port Allocation
⚫ Session-based port allocation:

 The traditional NAT supports demand-based port allocation. Each
session of a user is randomly allocated a port with the public IP
address. This allocation mechanism causes many management
problems.
 If a log record is generated for the address translation of each

session, a massive number of log records are generated. To reduce
the log size, the traditional session-based port allocation generally
uses the binary stream log mode to output log records.
Port Range Pre-allocation
IPv4
IPv4 Public Address POOL: 245.49.1.2: -…

Private IPv4 10.112.1.2
CPE1
port-range 1024
IPv4
BRAS CGN CR
Private IPv4 10.112.1.10
Private IPv4 Public IPv4 Start port 1 End port 1 … Internet
PC CPE2
IPv4 10.112.1.2 245.49.1.2 3001 4024 …
10.112.1.10 245.49.1.2 6001 7024 …
Comparison of Port Allocation Solutions
⚫ Session-based port allocation and port range pre-allocation can both resolve the
port allocation problems.
⚫ Advantages of the port range pre-allocation solution:

 User tracing can be easily implemented based on the public address and the corresponding port range
allocated to each user.
 The log information does not need to be recorded based on each session. This greatly reduces the
massive log information generated on the CGN and effectively reduces the system load.
 The solution prevents a few users from over-consuming the address and port resources. The same public
address and port range are allocated for data streams that come from the same user or source IP address.
⚫ Disadvantages of the port range pre-allocation solution:

 Based on the preset port range value, a fixed port range is reserved for each user. Therefore, the port
range value is set based on the maximum number of ports required by a user. This causes a waste of the
port resource and port allocation is less flexible.
 Owing to the product limitations, the port range can only be set to 256, 512, 1024, 2048, or 4096.
Contents
1. Overview of CGN
Contents
 Overview of User Tracing Solutions
 Dynamic User Tracing Solution
 Offline User Tracing Solution
Overview of User Tracing Solutions
⚫ Why is user tracing required?
 User tracing is implemented to meet the national security monitoring requirement. For example,
when a person releases a post that contains reactionary contents on a network, the network
records the release time, user information, and the contents of the post. The user information
consists of <public IPv4 address of the user, public port number of the user>. The national security
organization can locate the user based on the time and public IPv4 address. For example, the
Radius server records the online and offline time and allocated public IPv4 addresses of all users.
⚫ Complexity of user tracing after the CGN deployment:

 After the CGN is deployed, users are identified based on the public IPv4 address and port number
instead of the IPv4 address during user tracing. The uncertainty of the public IPv4 address and port
number occupied by a user makes user tracing more complex.
⚫ User tracing modes after the CGN deployment:

 Dynamic user tracing: It is also called online user tracing. It is classified into Radius user tracing
and static algorithm user tracing.
 Offline user tracing: It is a user tracing mode after users get offline. Users are traced based on the
log on the syslog server.
Dynamic User Tracing Solution(1/2)
⚫ Principle of dynamic user tracing:
 The dynamic user tracing is applicable to the scenario where the CGN boards are installed on a BRAS and the BRAS generates the user
address mapping and reports it to the AAA server.
 The BRAS selects the public address and port for user addresses and creates the user address mapping, to ensure that the BRAS can select
different combinations of addresses and ports for different user addresses.
 The port range is allocated in advance.
 The BRAS reports information such as the address and port range corresponding to the user address in the accounting-Request message by
using extended Radius attributes.
 The AAA server obtains information such as the user address, public IP address, and port range, and maintains the mapping with user
information.
• NAT-IP-Address: 26-161 Public address after NAT 3

The AAA server
• NAT-Port-Start: 26-162 Start port number after NAT maintains the mapping
AAA
• NAT-Port-End: 26-163 End port number after NAT Server between addresses and
user information.
The BRAS reports the user
address mapping to the
AAA server by using
Radius attributes.
2 2 2
Each BRAS creates the
user address mapping.
1 1 1 BRAS integrated
BRAS integrated BRAS integrated
with the CGN with the CGN with the CGN
Dynamic User Tracing Solution(2/2)
AAA
Server
BRAS integrated
with the
PC HG DSLAM/MxU/OLT CGN
Internet
The AAA server maintains the user information

1 Set up a connection and initiate an authentication
2
User 1 table, including the user names and domain
User
authentication names. (The AAA server can issues an NAT
policy template to implement port pre-
access 3 Allocate a private IPv4 address to the user. allocation.
and
4 Report the public IP address
authenticat
ion
2 Report the allocated private IP and port range. 4 The AAA server maintains the mapping
address to the AAA server using between user information (containing
Radius attributes. Based on the private IP address, homing CGNs, user names, domain
3 allocate and report the translated names, private IP addresses, and port
numbers) and address information (public
public IP address and port range IP addresses and port numbers).
to the AAA server using Radius
attributes.
1 Private source address access request Public source address
Internet 2
access request
access 5 Search the user information and
address mapping table based The security organization
on the private IP address, and cannot locate the user who
translate the private IP address accesses the network illegally
into a public IP address and port based on the obtained public
number. 6 network address and port
number.
User Query the user information and address 1 Query the user information based on the
tracing 7 mapping table based on the pubic IP public IP address and port number
addresses, port numbers, and time period to
2 Return the user information.
obtain user names, and directly locate the user.
Offline User Tracing Solution(1/2)
⚫ Principle of offline user tracing:
 When users are offline, security organizations query the log server and AAA server to obtain the user
information.
 Offline user tracing is applicable to all the CGN deployment modes, for example, the CGN integrated with
the CR or BRAS or stand-alone CGN.
 Generally, the log server stores user logs that are generated in three to six months.
The log server maintains the user log information,

including the time period, private IP address and
The CGN sends the log port, public IP address and port, and destination
information that contains the user address and port.
address mapping to the log
server using elog or syslog. Log
server
The CGN generates the mapping
between the private IP address and
public IP addresses and port ranges. 2 2 2
1 CGN 1 CGN 1 CGN
Offline User Tracing Solution(2/2)
Log
server
AAA
PC HG DSLAM/MxU/OLT Server
BRAS CGN
Internet
1 Set up a connection and initiate an authentication.

2 User authentication 1 The AAA server maintains the user
information table, including user
User access 3 Allocate a private IPv4 address to the user. names and domain names.
and 4 Report the private IP address information.
authenticatio 2 Report the allocated private IP
address to the AAA server using
3 The AAA server maintains the
user information and private IP
n Radius attributes. address mapping table that
contains the home BRAS, user
1 Private source address access names, domain names, and
Internet request
2 Public source address access private IP address.
access Search the user information and address request
4 mapping table based on the private IP address,
and translate the private IP address into a The security organization cannot
public IP address and port number. 3 User log information
6 locate the user who accesses the
network illegally based on the
obtained public network address
The CGN sends the log information that
5 contains the user information and address
and port number.
Query the user information
mapping to the log server in real time.
Query the 1 based on the public IP address
User log server and port number.
2
tracing Query the user log information based on the
again.
8 pubic IP addresses, port numbers, and time

period to obtain private IP address and port Return the private IP
7 private
The AAA server does not have the
IP address information and
number. Send the obtained information to 3 address and port therefore sends a query request that
the AAA server. number. contains the public IP address and
port number to the log server
through the webservice interface.
Query the user information on the AAA
9 server based on the returned private IP
4 Query the user information
to locate the user based on
address and port number to obtain the user the private IP address and
name and locate the user. port number, and return the
user information
Self-Test Questions
4. To which of the following CGN networking mode is dynamic user
tracing applicable? ( )
A. Distributed deployment of CGN that is integrated with the BRAS/SR
B. Centralized deployment of CGN that is mounted beside the CR
C. Distributed deployment of CGN that is mounted beside the BRAS/SR
D. Centralized deployment of CGN that is integrated with the CR
Contents
1. Overview of CGN
6. Configuration example for the typical CGN application

scenarios
Contents
6. Configuration example for the typical CGN application
scenarios
 CGN Integrated with BRAS to Support Internet Access of Users in
NAT444+PPPoE Mode
 CGN Integrated with BRAS to Support Internet Access of Users in

DS-Lite+PPPoE Mode
CGN Integrated with BRAS to Support Internet
Access of Users in NAT444+PPPoE Mode
Ssylog
Server
GE6/0/0 CGN
CPE Radius
PC1 Access
ISP Core Server
network
BRAS
PC2
DHCP Web
Server Server
⚫ The CGN is integrated with the BRAS.

⚫ DS users access the BRAS through a CPE. The BRAS allocates an IPv6 address
to the CPE. The BRAS manages users, translates IPv4 addresses, and sets up
4in6 tunnels for users.
Configuration Procedure
1 Configure the user access part.
2 Configure NAT instance
Configure a domain and bind the domain

3
with a DS-lite instance
4 Configure the traffic policy
5 Advertise routes
6 Check the configuration
Configure NAT Instance(1/3)
#Allocate the license resource to service boards.
[ME60] nat session-table 6M slot 2
# Create a DS-lite instance
[ME60] nat instance 1
# Configure NAT mode as full-cone
[ME60-nat-instance-1] nat filter mode full-cone
#Set the port range and allocate a port segment to each private IP address. (Optional)
[ME60-nat-instance-1] port-range 2048
#Add service boards to the configured NAT instance. You can add two service boards that work in active/standby mode to an
instance.
[ME60-nat-instance-1] add slot 2 master
[ME60-nat-instance-1] add slot 8 slave
#Configure the NAT address pool. The public IP addresses required for address translation are selected from the address
segments configured in the address pool.
[ME60-nat-instance-1] nat address-group 1 112.112.10.1 112.112.10.254
#Configure the addresses in the address pool that are used for address translation.
[ME60-nat-instance-1] nat outbound any address-group 1
# Enable the session limitation function to improve the security. (Optional)
[ME60-nat-instance-1] nat session-limit enable
[ME60-nat-instance-1] nat reverse-session-limit enable
# Adjust the number of limited sessions. (Optional and configured based on the network model)
[ME60-nat-instance-1] nat session-limit tcp 4096
[ME60-nat-instance-1] nat session-limit udp 4096
[ME60-nat-instance-1] nat reverse-session-limit tcp 4096
[ME60-nat-instance-1] nat reverse-session-limit udp 4096
# Configure a server that receives the NAT log. (This configuration is required when the syslog-based user
tracing is enabled. The address and port information are configured based on the actual situation.)
[ME60-nat-instance-1] nat log session enable
[ME60-nat-instance-1] nat session-log host 102.102.102.102 555 source

1.1.1.1 555 name 1
# By default, the NAT log is in Huawei format. When Huawei devices interwork with China Telecom servers,
the NAT log format must be changed to the China Telecom format.
[ME60] nat syslog descriptive format cn
# Configure the NAT ALG functions as required.
[ME60-nat-instance-1] nat alg all
# Enable hot backup between boards. (Optional)
[ME60] nat board hot-backup enable
# Adjust the TCP-MSS negotiation value. (Optional)
[ME60] nat tcp-mss 1000
# Adjust the session aging time. (Optional)
[ME60] nat session aging-time tcp 300
Configure Domain Binding NAT
#Configure the user group used for Internet access.
[ME60] user-group 1
# Switch to the user access domain and bind the user group with the NAT instance.
[ME60-aaa] domain domain1
[ME60-aaa-domain-domain1] user-group 1 bind nat instance 1
Configure the traffic policy
#Configure the user control list (UCL) and match the user group.
[ME60] acl 6000
[ME60-acl-ucl-6000] rule 5 permit ip source user-group 1
#Configure a traffic classifier.
[ME60] traffic classifier nat444
[ME60-classifier- nat444] if-match acl 6000
#Configure the traffic behavior and bind the NAT instance.
[ME60] traffic behavior nat444
[ME60- behavior - nat444] nat bind instance 1
#Configure the traffic policy and bind the behavior in the system view.
[ME60] traffic policy nat444
[ME60- trafficpolicy - nat444] classifier nat444 behavior nat444
#Apply the traffic policy in the global configuration view. Only one traffic policy can be sent in one direction.
[ME60] traffic-policy nat444 inbound
Advertise Routes
#Directly import the user network routes (UNRs) in the routing protocol configuration so that all
NAT addresses are advertised as 32-bit host routes. When a user gets online and NAT is
performed, a route policy must be configured to filter out the private IP route of the user
when UNR routes are advertised.
[ME60]ip ip-prefix nat index 10 permit 112.112.10.1 24
[ME60]route-policy nat permit node 5
[ME60-route-policy] if-match ip-prefix nat
[ME60]ospf 1
[ME60-ospf-1]import-route unr route-policy nat
#Configure the destination route segment of static routes as the address segment in the
address pool and direct the route to NULL0. In the routing protocol, import static routes for
advertisement. (Recommended)
[ME60]ip route-static 112.112.10.0 255.255.255.0 NULL 0
[ME60]ospf 1
[ME60-ospf-1]import-route static
Check the Configuration
#Check online users information
display access-user user-id 2

User access index : 2
State : Used
User name : 1111
Domain name : domain1
。。。。。。（Omitted）
User IP address : 10.10.10.198
。。。。。。（Omitted）
User-Group : 1
NAT IP address : 112.112.2.27
NAT Port Scope(Start,End) : 2048,4095
#Check session information
display nat session table slot 2

Slot: 2 Engine: 0
Current total sessions: 1.
udp: 10.10.10.198:34[112.112.10.27:2944]-->112.112.2.3:2342
CGN Integrated with BRAS to Support Internet
Access of Users in DS-Lite+PPPoE Mode
Internet IPv6
BRAS
DS-LITE (DS-LITE)
CPE
IPV6 access network
IPv4/IPv6
Internet IPv4
⚫ The CGN is integrated with the BRAS.

⚫ DS users access the BRAS through a CPE. The BRAS allocates an IPv6
address to the CPE. The BRAS manages users, translates IPv4 addresses,
and sets up 4in6 tunnels for users.
Configuration Procedure
1 Configure the user access part.
2 Configure an IPv6 address pool.
3 Configure a DS-lite instance.
Configure a domain and bind the

4
domain with a DS-lite instance.
5 Configure the traffic policy.
6 Advertise routes
7 Check the configuration
Page65
Configure IPv6 Address Pool(1/2)
#Create a prefix with the IPv6 attribute set to local and configure the address prefix, which is used to allocate a WAN
interface address to a CPE.
[ME60]ipv6 prefix 1 local
[ME60-ipv6-prefix-1]prefix 4001:10::48
# Create a prefix with the IPv6 attribute set to delegation and configure the address prefix, which is used to allocate the
public IPv6 address to a PC.
[ME60]ipv6 prefix 2 delegation
[ME60-ipv6-prefix-2] prefix 4002:10::/48
# Create an address pool with the IPv6 attribute set to local. Configure the DNS server address and AFTR domain name. Bind
the prefixes with the address pools.
[ME60]ipv6 pool 1 bas local //Create an IPv6 local address pool
[ME60-ipv6-pool-1]dns-server 2001:1::E //Configure the IPv6 DNS server address.
[ME60-ipv6-pool-1]prefix 1 //Bind the IPv6 prefix with the address pool.
[ME60-ipv6-pool-1]aftr-name www.ds-lite.cn //Configure the AFTR domain name.
#Create an IPv6 delegation prefix address pool and bind the prefix with the address pool.
[ME60]ipv6 pool 2 bas delegation
[ME60-ipv6-pool-2]prefix 2
Configure IPv6 Address Pool(2/2)
#Switch to the AAA server view and bind the IPv6 local prefix address pool with the
delegation prefix address pool.
[ME60]aaa
[ME60-aaa]domain domain1
[ME60-aaa-domain-domain1]ipv6-pool 1
[ME60-aaa-domain-domain1]ipv6-pool 2
#Set managed-address-flag and other-flag to 1 so that addresses and DNS server are allocated
in IA_NA mode.
[ME60-aaa-domain-domian1]ipv6 nd autoconfig managed-address-

flag
[ME60-aaa-domain-domian1] ipv6 nd autoconfig other-flag
Configure DS-lite Instance
#Allocate the license resource to service boards. Configurations in the system view are shared by NAT and DS-lite. Both use the
NAT key word.
# Create a DS-lite instance.
[ME60] ds-lite instance 1
# Configure the endpoint addresses of the DS-lite tunnel.
[ME60- ds-lite -instance-1] local-ipv6 6001::1 prefix-length 64
# Configure the IPv6 address range of the remote CPEs that can be connected. You can configure multiple IPv6 addresses.
[ME60- ds-lite -instance-1] remote-ipv6 4001:10:: prefix-length 48
# Use the following command lines to configure the basic part of the DS-lite instance. The configuration is consistent with the
NAT instance configuration.
[ME60- ds-lite -instance-1] ds-lite filter mode full-cone
[ME60- ds-lite -instance-1] port-range 2048
[ME60- ds-lite -instance-1] add slot 2 master
[ME60- ds-lite -instance-1] add slot 6 slave
#The remaining configurations are optional and consistent with the NAT instance configurations.

Configure Domain Binding DS-lite Instance
#Configure the user group used for Internet access.
[ME60] user-group 1
# Switch to the user access domain and bind the user group with the DS-lite instance.
[ME60-aaa] domain domain1
[ME60-aaa-domain-domain1] user-group 1 bind ds-lite

instance 1
Configure Traffic Policy
#Configure UCL , match the on line users
[ME60] acl ipv6 6000
[ME60-acl6-ucl-6000] rule 5 permit ipv6 source user-group 1
#Configure traffic classifier
[ME60] traffic classifier dslite
[ME60-classifier- dslite] if-match ipv6 acl 6000
#Configure traffic behavior
[ME60] traffic behavior dslite
[ME60- behavior - dslite] ds-lite bind instance 1
#Configure traffic policy and binding in the system view
[ME60] traffic policy dslite
[ME60-trafficpolicy-dslite] classifier dslite behavior dslite
[ME60] traffic-policy dslite inbound
Route Advertisement
#Configure the static route and the route segment is address pool to NULL0.
[ME60]ip route-static 112.112.10.0 255.255.255.0 NULL 0
[ME60]ipv6 route-static 4001:10:: 48 NULL0
[ME60]ipv6 route-static 4002:10:: 48 NULL0
[ME60]ospf 1
[ME60-ospf-1]import-route static
[ME60]ospfv3 1
[ME60-ospfv3-1]import-route static //Import IPv6 static route
Check the Configuration(1/2)
#Check the 4to6 tunnel establishment
[ME60]display ds-lite tunnel table
Slot: 2 Engine: 0
CPE:4001:0010::0001 --> Local-ip:6001::0001
Slot: 2 Engine: 1
CPE:4001:0010::0001 --> Local-ip:6001::0001
Slot: 2 Engine: 2
CPE:4001:0010::0001 --> Local-ip:6001::0001
Slot: 2 Engine: 3
Check the Configuration(2/2)
#Check NAT information
[ME60]display nat session table verbose
This operation will take a few minutes. Press 'Ctrl+C' to break ...
Slot: 2 Engine: 0
udp: 10.10.10.198:34[112.112.10.27:2944]-->112.112.2.3:2342
DS-Lite Instance: 1
VPN:--->-
Tag:0x88b,FixedTag:0x4006805, Status:hit, TTL:00:00:50 ,Left:00:00:45 ,

Master
AppProID: 0x0, CPEIP:4001:10::1, FwdType:FORWARD
Nexthop:112.112.2.3
OutPort:0x7
-->packets:12, bytes:769, drop:0
<--packets:12, bytes:1124, drop:0
Self-Test Questions
5. In the CGN DS-lite solution, is it necessary to allocate an IPv4

address to a CPE? ( )
A. No
B. Yes
Summary
⚫ This course describes the mainstream CGN deployment solutions:
 When adding CGN devices, carriers need to consider multiple factors such as costs and
impacts on services, and select an appropriate networking solution for their own networks.
 The mainstream CGN network solutions include distributed deployment of CGNs integrated
with BRASs and centralized deployment of CGNs mounted beside CRs.
 Major functions of the CGN include setup of 4in6 tunnels and NAT. During NAT444, users
under the CGN share the port resource. The port resource must be pre-allocated to
prevent a few users from over-consuming the port resource.
 User tracing is a major concern of carriers. Deployment of new CGN devices increases
difficulty in user tracing. You need to learn how user tracing is implemented after CGN
devices are added.
 CGNs must be added to deploy an IPv6 transition solution. You need to complete the basic
configurations related to the CGN when different IPv6 transition solutions are used.
Thank you
www.huawei.com

7-IPv6 HSI CGN Solution Introduction PDF

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

7-IPv6 HSI CGN Solution Introduction PDF

Diunggah oleh

Hak Cipta:

Format Tersedia

IPv6 HSI CGN Solution

Copyright © 2011 Huawei Technologies Co., Ltd. All rights reserved.

⚫ When deploying new devices, carriers need to consider many

 Describe the functions of the CGN in the IPv6 transition solutions

 Describe CGN deployment solutions

 Describe characteristics of CGN NAT and NAT traversal

 Describe characteristics of the CGN port allocation solutions

 Describe the CGN user tracing solutions

 Complete data configuration in typical CGN application scenarios

2. Introduction to CGN networking solutions

3. Introduction to CGN NAT and NAT traversal

4. Introduction to the CGN port allocation solution

5. Introduction to CGN user tracing solutions

6. Configuration example for the typical CGN application scenarios

2. Introduction to CGN networking solution

3. Introduction to CGN NAT and NAT traversal

4. Introduction to the CGN port allocation solution

5. Introduction to CGN user tracing solutions

6. Configuration example for the typical CGN application scenarios

 Factors affecting CGN deployment

⚫ NAT ---Network Address Translation:

⚫ NAT444: twice IPv4-to-IPv4 address translation

⚫ DS-Lite--- Dual-Stack Lite

⚫ CPE ---Customer Premises Equipment

Src: 192.168.1.3 Src: 20.1.1.1

Host A Packet 1 Packet 1

192.168.1.2 Packet 2 Packet 2

⚫ In the DS+NAT44(4) solution, the packet containing the private IPv4

1. Impacts on the bearer 1 5

A. Setting up 4in6 tunnels with the CPE

B. Parsing domain names for the IPv6 services

C. Translating the MAN IPv6 addresses into IPv4 addresses

D. Performing NAT on uplink private network packets of the MAN

2. Introduction to CGN networking solution

3. Introduction to CGN NAT and NAT traversal

4. Introduction to the CGN port allocation solution

5. Introduction to CGN user tracing solutions

6. Configuration example for the typical CGN application scenarios

 Comparison of CGN forms

 CGN networking solutions

 Comparison of CGN networking solutions

Mounted beside the CR Mounted beside

CGN board installed on CGN board installed on

⚫ Comparison of the preceding deployment modes is as follows:

LPU SFU LPU

Provides functions to maintain accessed users.

⚫ Deployment mode: stand-alone CGN device mounted beside

⚫ Deployment difficulty: The investment at the early stage is

⚫ User management: The CGN deployment position is high on

⚫ Values: The total cost is low. The solution facilitates

⚫ Deployment position: deployed at the BRAS/SR

⚫ Deployment mode: board installed on a BRAS/SR

⚫ Fit for the distributed and flattening development

The BRAS can detect faults on The dual-host hot backup

Downlink LPU ⚫ When the CGN is deployed in distributed

CR mode, the traffic model is as follows:

 The data is routed to the service

⚫ Mode 1（10G traffic）：

 Centralized mode： 1×2+1.5×2+3 = 8

⚫ Mode 2（50G traffic）： ⚫ As the traffic increases, the cost per

Adjustment must be made simultaneously on the BRAS, CR, and NAT

Centralized networking: 1+N fault location

Traffic within a city increases the traffic on CRs. The CGN