Do we really need a whole new Internet, IPv6, because we are running out of IPv4 addresses? Or can we get by with Network Address Translation (NAT)?

NAT has been around for a long time, allowing one office or residence router to play a similar role to the post office box system, where mail to the one address gets allocated a set of internal box numbers to make sure it reaches the correct destination.

It’s straightforward enough when the communication starts internally, as in web browsing where the request goes out via the office router or firewall, which then allocates a public address and that is used for the return message. But when the call comes in from outside, as in a VoIP message, how does the router know which internal address to send it to? A new level of “NAT Traversal” complexity is then needed.

With so many mobile devices on the Internet, NAT’s one address per office or residence is no longer enough, and we could move to NAT444 – also known as Carrier Grade Nat (CGN) or Large Scale NAT (LSN). This adds a second layer of NAT, allowing an Internet service provider (ISP) to use a single IPv4 address for a large number of residences, each of which then uses NAT to address its internal devices.

NAT444 vastly extends the possibilities of IPv4 addressing, but does it make IPv6 redundant? The answer is “no” – any more than sticking plaster makes surgery redundant. For a start it doubles the translation load – NAT is performed at the office gateway and again at the ISP’s gateway before the communication goes into the public network. Apart from the obvious performance implications, the ISP will have to ensure that there is no conflict between the addresses used by the residential user within their network and the private addresses provided by the ISP.

NAT444 raises a lot more issues in addition. For legal intercept to function, the ISP will have to keep a log of how addresses and ports are mapped. Geolocation services will be broken, when large numbers of users all share a single address. If one or more of those users behaves badly and the address is blocked, a whole lot of other users could find themselves blocked from the effected sites.

To get some idea of the sort of traffic that would suffer as a result, Cable Labs, Time Warner Cable, and Rogers Communications ran independent tests on the impact of NAT444 on many popular Internet services using a variety of test scenarios, network topologies, and vendor equipment. The results were published in the IETF draft: Assessing the Impact of NAT444 on Network Applications available at:

This report provides examples of services unaffected by NAT444 – such as basic web browsing, e-mail, Skype and small FTP downloads – and services that become unreliable or broken. The latter include plenty of popular services such as video streaming, on-line gaming, webcam and VoIP.

So NAT444 is no more than a stop-gap, and not a real solution. The future lies with IPv6 and, to be realistic, intermediate NAT solutions to tide us over. These should not be the double translation of NAT444, but something like the more specific dual stack NAT64/DNS 64 option where an IPv6 prefix is dedicated to mapped IPv4 addresses.

Whatever the decision, there are bound to be impacts on application and device performance. These will vary from application to application and device to device, so the only way to achieve peace of mind will be to test thorougly and comprehensively before large scale network deployment.

What amounts to a highly complex and lengthy test programme can, however, be carried out much more simply and quickly with the help of modern automated test solutions employing a simple graphical user interface for rapid setup and clear customised test reporting. Using the Spirent Test Center, all the basics can be quickly covered in three easy steps:

  • Basic packet level testing for latency, jitter & packet loss (private networks might also need QoS testing with a DIFF server)
  • Statefull testing with TCP to monitor the effects of any additional latency, jitter & packet loss
  • Application testing with the Spirent Avalanche traffic generator, to get a true picture of application performance under realistic as well as extreme operating conditions.

“Intellectuals solve problems, geniuses prevent them” according to Albert Einstein. Solving something as complex as the impact of changes on a network would require massive intellectual resources, whereas pre-testing provide a far better and more cost-effective way to avoid mistakes.

Whatever route we finally take towards IPv6, you can smooth the way and feel confident with the right test solutions.