blog articles

INLINE CGNAT ON JUNIPER MX304

January 21, 2026

Infrastructure

INLINE CGNAT ON JUNIPER MX304: A MAJOR SHIFT IN SERVICE PROVIDER EDGE ARCHITECTURE

IPv4 Exhaustion and Legacy CGNAT Architectures

IPv4 exhaustion is still a daily operational reality for many service providers. For years, this forced operators to deploy centralized CG NAT platforms and separate BNG and AAA systems. Subscriber traffic had to be routed deep into the network before it could even reach the Internet, which increased latency, loaded the core, and added significant architectural and operational complexity.

Inline CGNAT on the Juniper MX304

Starting with Junos 25.2R1, Juniper introduces inline Carrier Grade NAT support directly on the Juniper MX304, as confirmed by the Juniper Feature Explorer. CG NAT now runs natively on the router, leveraging Trio silicon, and can be coupled directly with BNG services on the same platform.

This changes the architecture in a very meaningful way.

Architectural Impact at the Network Edge

By combining BNG and CG NAT on the MX304, subscriber traffic no longer needs to be routed across the network to reach centralized AAA or CG NAT boxes. Authentication, address translation, and subscriber awareness can now happen much closer to the customer. Therefore traffic flows become shorter, cleaner, and more predictable.

At the same time, an entire layer of architectural complexity disappears. There is no longer a need to build and maintain dedicated EVPLs toward centralized CG NAT or BNG platforms. Private VRFs used only to steer subscriber traffic toward NAT devices become unnecessary. Large sets of FlowSpec routes created purely to force traffic through specific boxes can be eliminated. NAT happens inline, directly on the forwarding path, exactly where the subscriber is terminated.

Operational Benefits in Real Networks

Moving CG NAT closer to the edge brings very concrete advantages in real networks.
Latency is reduced because traffic no longer hairpins through centralized NAT clusters.
Core and aggregation links are relieved because subscriber traffic stays local for longer.
Failure domains are smaller and easier to isolate because fewer platforms are involved.
Operational simplicity improves because routing, BNG, and NAT visibility live on a single system.
Scaling becomes more flexible because capacity can be added per POP instead of growing large centralized NAT islands.

Repositioning the MX304 at the Edge

For many ISPs, this significantly changes how the MX304 can be positioned at the network edge. It becomes a compact platform capable of handling subscriber termination, policy enforcement, and CG NAT in one place, while still offering the routing performance and stability expected from the MX family.