Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - RFC 6598 - Carrier Grade NAT InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

RFC 6598 - Carrier Grade NAT

Published: 2016-02-28
Last Updated: 2016-02-28 19:05:21 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

Three years ago Johannes published a diary on Reserved IP Address Space with a complete list of reserved IPv4 address that obviously included the well-known as well as some new one such as RFC 6598 (released in April 2012) "[...] to accommodate the needs of Carrier-Grade NAT (CGN) devices."[1] The address space reserved for CGN is 100.64.0.0/10 which is used to counter the IPv4 address shortage by putting multiple hosts in a private subnet behind a public IP address.

Here is a simplified illustration of CGN:

If you are curious as to whether you carrier is using RFC 6598 CGN addresses, you can check your logs or traffic (packets) for 100.64.0.0/10.

[1] https://tools.ietf.org/html/rfc6598
[2] https://isc.sans.edu/forums/diary/Reserved+IP+Address+Space+Reminder/13228

-----------
Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

Keywords: CGN NAT RFC 6598
0 comment(s)
Diary Archives