CGNAT Solutions

Brandon Martin lists.nanog at
Wed Apr 29 03:01:39 UTC 2020

On 4/28/20 4:53 PM, William Herrin wrote:
> How small is small? Up to a certain size regular NAT with enough
> logging to trace back abusers will tend to work fine. if we're talking
> single-digit gbps, it may not be worth the effort to consider the
> wonderful world of CGNAT.

Depending on how many IPs you need to reclaim and what your target 
IP:subscriber ratio is, you may be able to eliminate the need for a lot 
of logging by assigning a range of TCP/UDP ports to a single inside IP 
so that the TCP/UDP port number implies a specific subscriber.

You can't get rid of all the state tracking without also having the CPE 
know which ports to use (in which case you might as well use LW4o6 or 
MAP), but at least you can get it down to where you really only need to 
log (or block and dole out public IPs as needed) port-less protocols.
Brandon Martin

More information about the NANOG mailing list