Carrier-grade NAT (CGN), also known as large-scale NAT (LSN), is an approach to IPv4 network design in which end sites, in particular residential networks, are configured with private network addresses that are translated to public IPv4 addresses by middlebox network address translator devices embedded in the network operator’s network, permitting the sharing of small pools of public addresses among many end sites. This shifts the NAT function and configuration thereof from the customer premises to the Internet service provider network. Carrier-grade NAT has been proposed as an approach for mitigating IPv4 address exhaustion.[1] Critics of carrier-grade NAT argue the following aspects:

Like any form of NAT, it breaks the end-to-end principle.[2] It has significant security, scalability, and reliability problems, by virtue of being stateful. It makes record keeping for law-enforcement operations more difficult.

It makes it impossible to host services on well known ports. It does not solve the IPv4 address exhaustion problem when a routable IP address is needed, such as in web hosting. One use scenario of CGN can be described as NAT444,[3] because some customer’s connections to public servers would pass through three different IPv4 addressing domains: the customer’s own private network, the carrier’s private network, and the public Internet. Another CGN scenario is Dual- Stack Lite, in which the carrier’s network uses IPv6 and thus only two IPv4 addressing domains are needed.