CGNAT & IPv6 Migration

Thunder CGN
IPv4 Preservation & IPv6 Transition Management

The most advanced carrier-grade networking solution, A10 Thunder® CGN provides high-performance, highly transparent network address and protocol translation that allows service providers and enterprises to extend IPv4 network connectivity while simultaneously transitioning to IPv6 standards.

  • Extend IPv4
  • Manage IPv6
  • Scale for IoT
  • Enhance Protection
Thunder 14045 CGN

Extend IPv4 While Enabling IPv6

The award-winning A10 Thunder CGN® proactively solves IPv4 address exhaustion to overcome the challenges associated with the rapid increase of IP address demands for internet-connected devices and BYOD roll out. Thunder CGN delivers advanced features to help service providers and enterprises extend IPv4 connectivity, transition to IPv6 and reduce TCO.

As network addressing and IPv6 transition architectures can vary greatly across and within an organization, customers need a solution that provides the broadest support for industry standards and meets different IP address and protocol translation requirements simultaneously.

Thunder CGN enhances your infrastructure security and availability to ensure your applications remain addressable and operate transparently through address translation with multiple mechanisms, such as integrated DDoS protection for NAT pools and application layer gateways (ALG).

Built on A10’s market-proven Advanced Core Operating System (ACOS®), Thunder CGN delivers performance scalability up to 300 Gbps and offers the broadest range of form factors (physical, virtual and bare metal) for deployment flexibility.

Physical Appliances

A10's Thunder Series line of hardware appliances fits a wide variety of networks with entry level models starting at 5 Gbps and moving up to 220 Gbps high-performance appliance for your most demanding requirements.

THUNDER CGN HARDWARE SPECIFICATIONS Thunder 840 Thunder 1030S Thunder 3030S Thunder 3040(S) Thunder 3230(S) Thunder 3430(S) Thunder 4430(S) Thunder 4440(S) Thunder 5330(S)
Throughput 5 Gbps 10 Gbps 30 Gbps 30 Gbps 30 Gbps 42 Gbps 38 Gbps 80 Gbps 78 Gbps
Setups Per Second 350k 800k 1.1 million 1.3 million 1.8 million 2.1 million 2.1 million 2.5 million 3.1 million
Full TCP Connections Per Second 120k 300k 437k 460k 891k 1 million 1 million 1.1 million 1.2 million
Concurrent Sessions 16 million 32 million 64 million 64 million 64 million 128 million 128 million 128 million 128 million
Application Delivery Partitions (ADP) L3V 32 32 64 64 64 127 127 127 127
Network Interfaces                  
1 GE Copper 5 6 6 6 0 0 0 0 0
1 GE Fiber (SFP) 0 2 2 2 4 4 0 0 0
1/10 GE Fiber (SFP+) 2 2 4 4 4 4 16 24 8
40 GE Fiber (QSFP+) 0 0 0 0 0 0 4 4 0
100 GE Fiber (CXP) 0 0 0 0 0 0 0 0 0
THUNDER CGN HARDWARE SPECIFICATIONS Thunder 5430(S)-11 Thunder 5440(S) Thunder 5630(S) Thunder 5840(S) Thunder 6430(S) Thunder 6440(S) Thunder 6630(S) Thunder 7440(S)
Throughput 77 Gbps 100 Gbps 76 Gbps 115 Gbps 150 Gbps 160 Gbps 155 Gbps 220 Gbps
Setups Per Second 3.1 million 5 million 5.9 million 7 million 5.2 million 6.5 million 7.5 million 9 million
Full TCP Connections Per Second 1.6 million 2.2 million 3 million 3 million 2.6 million 2.8 million 3.2 million 5 million
Concurrent Sessions 256 million 256 million 256 million 256 million 256 million 256 million 256 million 256 million
Application Delivery Partitions (ADP) L3V 1,023 1,023 1,023 1,023 1,023 1,023 1,023 1,023
Network Interfaces                
1 GE Copper 0 0 0 0 0 0 0 0
1 GE Fiber (SFP) 0 0 4 0 0 0 0 0
1/10 GE Fiber (SFP+) 16 24 24 24 16 48 12 48
40 GE Fiber (QSFP+) 4 4 4 4 4 4 0 4
100 GE Fiber (CXP) 0 0 0 0 0 0 4 0

Flexible Deployment Options

With physical, virtual and bare metal options, tailor Thunder CGN deployments to align with your software or hardware strategy, as needed.

Deployment Scenarios

Use A10 Thunder CGN to leverage a standards-based mechanism - carrier-grade network address translation (CGNAT), large-scale NAT (LSN), NAT444 or NAT44 - to reclaim existing IPv4 space. Carrier-Grade NAT
A10 Thunder CGN delivers IPv6 transition technologies, including prevalent protocol connectivity and interplay for phased IPv4-to-IPv6 transitions. IPv6 Translation

Solve IPv4 address exhaustion and extend the life of an IPv4 network infrastructure to ensure critical applications and services are always available and reliable.

Enable a smooth transition to IPv6 by supporting translation and tunneling between IPv4 and IPv6 networks. Various options, such as DS-Lite, 6rd, Lw4o6, NAT64/DNS64 and MAP, can run concurrently to allow network operators to phase in transition mechanisms as needed.

The Internet of Things and BYOD adoption have enabled the rapid proliferation of internet-connected devices, depleting the available IPv4 address space. Plan to meet the demand for connectivity expansion and scale your infrastructure for growth to ensure service continuity.

High performance in a compact form factor results in lower OPEX and CAPEX through efficient rack space usage, lower power consumption and reduced cooling requirements.

Enhance your infrastructure security with NAT IP pool protection from large-scale DDoS attacks. Provide the highest connection reliability by using application layer gateways (ALG) and other important features such as high availability (HA) for hitless fail-over.

With physical, virtual and bare metal options, tailor Thunder CGN deployments to align with your software or hardware strategy, as needed.

Carrier-grade network address translation (CGNAT) extends the service life of an IPv4 infrastructure, allows time to plan for an IPv6 transition and ultimately reduces cost by avoiding disruptions to business operations.

Advanced CGNAT Functions

Gain a standards-based mechanism to reclaim existing public IPv4 address space. CGNAT scales networks to overcome IPv4 exhaustion with high-performance, highly transparent address and protocol translation, providing NAT44(4) and ALGs to support network growth and a seamless user experience.

Millions of Concurrent Sessions

Thunder CGN supports up to 512 million concurrent sessions with unprecedented setup and teardown rates in a compact form factor. Competing solutions require a large-chassis product with multiple application blades to achieve similar performance.

Advance Logging

Gain comprehensive logging options to meet stringent compliance and government mandates. Enhance logging detail and use log compression features and techniques, such as deterministic or fixed NAT, to reduce log volumes and logging infrastructure requirements.

Since IPv6 is not backward compatible with IPv4, various solutions are available to achieve full connectivity, regardless of source or destination IP protocol.

Prevalent Protocol Connectivityk

Transition technologies, such as Dual-Stack Lite (DS-Lite) or Light Weight 4 over 6 (Lw4o6), allow network operators to run an IPv6-only core network, while IPv4-only devices can still connect to the internet using softwires (or tunnels) through the IPv6-only infrastructure. IPv6 Rapid Deployment (6rd) provides similar behavior, allowing IPv6 access through an IPv4 network. MAP-T is a translation technique that builds on the Address plus Port method of stateless NAT to translate packets between IPv4 and IPv6 networks.

IPV6 Client Access to IPV4 Content

IPv6 was not built to be backward compatible with IPv4, complicating the deployment of IPv6 clients. Available with Thunder CGN, NAT64/DNS64 solves this problem by allowing IPv6-only devices to access IPv4-only content.

Interplay for Phased Transition

Deploy transition technologies concurrently to enable a full transition lifecycle. For example, start with CGNAT to mitigate IPv4 address exhaustion and phase in NAT64/DNS64 to enable IPv6 clients to access IPv4 content.

Even though the OSI network layer principle should ensure separation between the application and network behavior, this is not always the case. Many applications rely on network transport information to operate, which can lead to problems when just the network portion is translated. Connection reliability is also crucial for applications that need to be available at all times.

CGNAT Transparency

Facilitate predictable NAT behavior and provide transparent end-user experiences with advanced CGNAT features, such as Endpoint Independent Mapping (EIM), Endpoint Independent Filtering (EIF) and hairpinning. User quotas ensure that public IP port usage is fairly distributed between end-users and that viruses and malware, for example, can’t exhaust resources for other users.

ALG Protocol Support

It is critical for network operators to maintain connectivity for all application services and users, while ensuring application integrity. ALGs see to it that protocols - such as FTP, TFTP, RTSP, PPTP, SIP, ICMP, H.323, ESP, MGCP and DNS - remain functional. Many legacy NAT implementations do not provide this level of transparency.

Stateful Session Synchronization

Build non-stop operations with high-availability (HA) session synchronization. When deployed in HA mode, Thunder CGN maintains active sessions during fail-over to provide seamless user experience and ensure that end-users will be unaware of any failures or connection terminations. This prevents users from having to restart a large download, for example, and increases user satisfaction.

Integrated DDoS Protection

I Secure NAT IP pools and prevent huge volumes of multi-vector DDoS attack traffic with integrated DDoS protection. Thunder SPE models provide additional hardware acceleration for policy enforcement. Offer maximum uptime of network resources to process subscriber traffic and avoid service interruptions.

For larger deployments, A10’s optional aGalaxy centralized management system ensures routine device management tasks can be performed at scale, across multiple CGN appliances, regardless of location. Thunder CGN can also be integrated in DevOps processes by using the aXAPI RESTful API for full control and automation.

For virtual deployments, vThunder provides the full set of CGNAT features that run atop leading hypervisors - such as VMware ESXi, KVM and Microsoft HyperV - on your choice of virtualized infrastructure.

Thunder CGN for Bare Metal is a unique offering that allows service providers and enterprises to extend IPv4 connectivity and transition to IPv6. Build CGNAT software atop your choice of standardized COTS hardware for greater performance.

Gain direct and complete access to the underlying hardware and avoid the hypervisor overhead associated with virtualized solutions.

Build a truly open platform to implement on-demand provisioning and integrate with OpenStack, SDN fabrics and NFV/ MANO frameworks.

Thunder TPS supports an industry standard CLI, on-box GUI and the aGalaxy management system. The CLI allows sophisticated operators easy troubleshooting and debugging. The intuitive on-box GUI enables ease of use and basic graphical reporting. aGalaxy offers a comprehensive dashboard with advanced reporting, mitigation console, and policy enforcement for multiple TPS devices.