NAPT

Network Address and Port Translation

Core Network
Introduced in Rel-7
NAPT is a network function that translates both IP addresses and port numbers, allowing multiple private IPv4 devices to share a single public IPv4 address. It is essential for conserving scarce public IPv4 addresses and enabling large-scale network address translation within 3GPP networks, particularly for user plane traffic.

Description

Network Address and Port Translation (NAPT) is a fundamental network function defined within the 3GPP architecture, primarily operating at the user plane to manage IPv4 address exhaustion. It functions by modifying the source IP address and source port number of outgoing IP packets from User Equipment (UE) within a private network, mapping them to a single public IP address and a unique port number on the public-facing interface. For incoming packets, it performs the reverse translation based on the destination port number, directing traffic back to the correct private IP address and port. This process is stateful, requiring the NAPT device to maintain a translation table that tracks active sessions, mapping tuples of private IP, private port, public IP, and public port, along with protocol identifiers.

Within the 3GPP ecosystem, NAPT is often implemented in key network elements such as the Packet Data Network Gateway (PGW) in 4G or the User Plane Function (UPF) in 5G. Its integration is specified to handle traffic for UEs that are assigned private IPv4 addresses, typically from ranges like 10.0.0.0/8. The function is crucial for the Carrier-Grade NAT (CGN) deployment, allowing mobile network operators to serve millions of subscribers with a limited pool of public IPv4 addresses. The translation mechanisms must comply with various IETF standards (like RFC 3022) for correct TCP/UDP/ICMP packet handling, ensuring application transparency where possible, though it can introduce challenges for protocols that embed IP addresses in their payload.

The architectural role of NAPT extends beyond simple address conservation. It provides a layer of privacy and security by obscuring internal network topology from the public internet. However, it also introduces complexities for peer-to-peer applications and services that require inbound connectivity initiation, necessitating complementary mechanisms like NAT traversal techniques (e.g., ICE, STUN, TURN). In 3GPP specifications, NAPT's behavior and controls are defined to ensure interoperability between network functions and to support policy enforcement, such as enabling or disabling NAPT per Access Point Name (APN) or per subscriber based on operator policy.

Purpose & Motivation

NAPT was introduced to directly address the critical shortage of globally routable IPv4 addresses, a problem that intensified with the exponential growth of internet-connected devices, particularly in mobile networks. Prior to its widespread adoption, networks often attempted to assign unique public IP addresses to each device, which quickly became unsustainable. NAPT allows an operator to allocate a single public IPv4 address to be shared dynamically among hundreds or thousands of subscribers, dramatically extending the utility of the existing IPv4 address space.

The motivation for standardizing NAPT within 3GPP was to ensure consistent, interoperable, and scalable implementation across all mobile network equipment vendors. Without such standardization, proprietary NAT implementations could lead to service incompatibilities, broken applications, and management headaches. By defining NAPT in specifications like TS 23.228 and TS 29.238, 3GPP provided a clear framework for its deployment in the gateway nodes, integrating it with existing mobility management, charging, and policy control functions. This allowed operators to defer the full migration to IPv6 while continuing to support the vast ecosystem of IPv4-based applications and services.

Furthermore, NAPT serves as a foundational element for network security and policy enforcement. By centralizing outbound connectivity through a translation point, operators can implement filtering, logging, and traffic management policies more effectively. It also simplifies network design by allowing the use of private addressing schemes within the mobile core, decoupling internal network topology from the external routing infrastructure.

Key Features

  • Translates both source IP address and source port number for outbound packets
  • Maintains a stateful session table to map private (local) to public (global) address/port tuples
  • Enables Carrier-Grade NAT (CGN) for large-scale subscriber address sharing
  • Integrated into core network gateways (e.g., PGW, UPF) as per 3GPP specifications
  • Supports key transport protocols including TCP, UDP, and ICMP
  • Configurable per APN or per subscriber via policy control mechanisms

Evolution Across Releases

Rel-7 Initial

Introduced NAPT as a standardized function within the 3GPP architecture, primarily for the Gateway GPRS Support Node (GGSN) and later the PDN Gateway. Specified its role in handling private IPv4 address allocation and translation for UE traffic, enabling basic CGN capabilities to mitigate IPv4 address exhaustion.

TS 23.228TS 23.334TS 23.417TS 23.517TS 29.238TS 29.334TS 29.421TS 29.828TS 33.203TS 33.320

Defining Specifications

SpecificationTitle
TS 23.228 3GPP TS 23.228
TS 23.334 3GPP TS 23.334
TS 23.417 3GPP TS 23.417
TS 23.517 3GPP TS 23.517
TS 29.238 3GPP TS 29.238
TS 29.334 3GPP TS 29.334
TS 29.421 3GPP TS 29.421
TS 29.828 3GPP TS 29.828
TS 33.203 3GPP TR 33.203
TS 33.320 3GPP TR 33.320