cgnat - how do you handle customer issues

Mike Hammett nanog at
Tue Feb 27 16:32:34 UTC 2018

I'm a fan of nailing each customer IP to a particular range of ports on a given public IP. Real easy to track who did what and to prevent shifting IPs. 

Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

----- Original Message -----

From: "Aaron Gould" <aaron1 at> 
To: Nanog at 
Sent: Tuesday, February 27, 2018 10:30:21 AM 
Subject: cgnat - how do you handle customer issues 

Couple questions please. When you put thousands of customers behind a cgnat 
boundary, how do you all handle customer complaints about the following. 

1 - for external connectivity to the customers premise devices, not being 
able to access web servers, web cameras, etc, in their premises? 

2 - from the premise natted device, when customers go to a university or 
bank web site, how do you handle randomly changing ip addresses/ports that 
may occur due to idle time and session tear-down in nat table such that the 
bank website has issues with seeing your session ip change? 


More information about the NANOG mailing list