Carrier-grade NAT (CGN or CGNAT), also known as large-scale NAT (LSN), is an approach to IPv4 network design where end sites, particularly residential networks, are configured with private network addresses that are translated to public IPv4 addresses by NAT devices embedded in the network operator's network, permitting the sharing of small pools of public addresses among many end sites. This method enables ISPs to delay the need to deploy IPv6 while continuing to provide network services to their customers.
The purpose of CGNAT is to alleviate IPv4 address exhaustion. Each device or user behind a CGNAT shares the same public IP address. When a device behind a CGNAT makes a connection to another device on the internet, the CGNAT assigns a specific port to that connection from the pool of ports available to the shared IP address. This way, thousands of devices can share a single public IP address while maintaining unique connections to the internet.
CGNAT in contrast with regular NAT is specifically designed to be highly scalable. Devices delivering CGNAT capabilities are typically capable of translating tens of thousands of IPv4 addresses. The translation of such a large number of addresses requires devices with more CPU and memory resources than those typically used within an enterprise. This is the reason why the term "carrier-grade" is used.
There are downsides to this approach. Because many devices share the same public IP address, CGNAT can cause problems with services that require a unique IP address or the ability to accept incoming connections, such as peer-to-peer services, VoIP, or online gaming. CGNAT can also make it harder to track malicious activity to a specific device, as many devices share the same public IP address. Additionally, certain protocols and applications may not function correctly or efficiently in a CGNAT environment due to the translation process.