Deterministic Address Mapping to Reduce Logging in Carrier Grade NAT Deployments

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Authors Chris Donley  , Chris Grundemann  , Vikas Sarawat  , Karthik Sundaresan 
Last updated 2013-01-12 (latest revision 2012-07-11)
Stream (None)
Expired & archived
pdf htmlized bibtex
IETF conflict review conflict-review-donley-behave-deterministic-cgn
Additional Resources
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Abuse response in a Carrier Grade NAT environment requires Service Providers to be able to map a subscriber's inside address with the address used on the public Internet. Unfortunately, many Carrier Grade NAT abuse-response solutions require per-connection logging. Research indicates that such logging is not scalable to many residential broadband services. This document suggests a way to manage Carrier Grade NAT translations in such a way as to significantly reduce the amount of logging required while providing traceability for abuse response. While the authors acknowledge that IPv6 is a preferred solution, Carrier Grade NAT is a reality in many networks, and is needed in situations where either customer equipment or Internet content only supports IPv4; this approach should in no way slow the deployment of IPv6.


Chris Donley (
Chris Grundemann (
Vikas Sarawat (
Karthik Sundaresan (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)