Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - RFC 6598 - Carrier Grade NAT InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

RFC 6598 - Carrier Grade NAT

Published: 2016-02-28
Last Updated: 2016-02-28 19:05:21 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

Three years ago Johannes published a diary on Reserved IP Address Space with a complete list of reserved IPv4 address that obviously included the well-known as well as some new one such as RFC 6598 (released in April 2012) "[...] to accommodate the needs of Carrier-Grade NAT (CGN) devices."[1] The address space reserved for CGN is which is used to counter the IPv4 address shortage by putting multiple hosts in a private subnet behind a public IP address.

Here is a simplified illustration of CGN:

If you are curious as to whether you carrier is using RFC 6598 CGN addresses, you can check your logs or traffic (packets) for


Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

Keywords: CGN NAT RFC 6598
0 comment(s)
Diary Archives