Deterministic Address Mapping to Reduce Logging in Carrier Grade NAT Deployments

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Authors Chris Donley  , Chris Grundemann  , Vikas Sarawat  , Karthik Sundaresan  , Olivier Vautrin 
Last updated 2014-07-21 (latest revision 2014-01-13)
Stream Independent Submission
Expired & archived
pdf htmlized bibtex
IETF conflict review conflict-review-donley-behave-deterministic-cgn
Additional Resources
Stream ISE state Finding Reviewers
Consensus Boilerplate Unknown
Document shepherd None
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


In some instances, Service Providers have a legal logging requirement to be able to map a subscriber's inside address with the address used on the public Internet (e.g. for abuse response). Unfortunately, many Carrier Grade NAT logging solutions require active logging of dynamic translations. Carrier Grade NAT port assignments are often per-connection, but could optionally use port ranges. Research indicates that per-connection logging is not scalable in many residential broadband services. This document suggests a way to manage Carrier Grade NAT translations in such a way as to significantly reduce the amount of logging required while providing traceability for abuse response. While the authors acknowledge that IPv6 is a preferred solution, Carrier Grade NAT is a reality in many networks, and is needed in situations where either customer equipment or Internet content only supports IPv4; this approach should in no way slow the deployment of IPv6.


Chris Donley (
Chris Grundemann (
Vikas Sarawat (
Karthik Sundaresan (
Olivier Vautrin (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)