cgnat - how do you handle customer issues

Lee Howard lee at
Tue Feb 27 22:41:56 UTC 2018

On 02/27/2018 11:30 AM, Aaron Gould wrote:
> Couple questions please. When you put thousands of customers behind a cgnat
> boundary, how do you all handle customer complaints about the following.
> 1 - for external connectivity to the customers premise devices, not being
> able to access web servers, web cameras, etc, in their premises?
For web servers, you gently remind them of their ToS, and offer to 
upgrade them to a business account.

You offer to upgrade them to native IPv4, for a fee, and suggest they 
contact the manufacturer to see why it doesn't support IPv6.
I've heard of PCP for this, but never seen it in production on CPE.

I saw an early prototype of DS-Lite that included a customer portal that 
would allow the customer to enable port forwarding, but I can't imagine 
trying to walk a customer through two layers of port forwarding.

Most of these consumer electronics devices long ago started using 
ICE/TURN/STUN, and/or the company's web portal as their external 
communication platform. Doesn't mean all of them do.

> 2 - from the premise natted device, when customers go to a university or
> bank web site, how do you handle randomly changing ip addresses/ports that
> may occur due to idle time and session tear-down in nat table such that the
> bank website has issues with seeing your session ip change?

You can extend your idle timers, of course, but only so much before 
you're squatting on all your ports.
After that, it's down to explaining to the university, bank, etc. that 
they need IPv6 if they want their web site to be reachable. Or at least 
they need to extend their idle timers.


> -Aaron

More information about the NANOG mailing list