Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: RFC 6598 - Carrier Grade NAT - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
RFC 6598 - Carrier Grade NAT

Three years ago Johannes published a diary on Reserved IP Address Space with a complete list of reserved IPv4 address that obviously included the well-known as well as some new one such as RFC 6598 (released in April 2012) "[...] to accommodate the needs of Carrier-Grade NAT (CGN) devices."[1] The address space reserved for CGN is which is used to counter the IPv4 address shortage by putting multiple hosts in a private subnet behind a public IP address.

Here is a simplified illustration of CGN:

If you are curious as to whether you carrier is using RFC 6598 CGN addresses, you can check your logs or traffic (packets) for


Guy Bruneau IPSS Inc.
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu


417 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!