lists.nanog at monmotha.net
Wed Apr 29 03:01:39 UTC 2020
On 4/28/20 4:53 PM, William Herrin wrote:
> How small is small? Up to a certain size regular NAT with enough
> logging to trace back abusers will tend to work fine. if we're talking
> single-digit gbps, it may not be worth the effort to consider the
> wonderful world of CGNAT.
Depending on how many IPs you need to reclaim and what your target
IP:subscriber ratio is, you may be able to eliminate the need for a lot
of logging by assigning a range of TCP/UDP ports to a single inside IP
so that the TCP/UDP port number implies a specific subscriber.
You can't get rid of all the state tracking without also having the CPE
know which ports to use (in which case you might as well use LW4o6 or
MAP), but at least you can get it down to where you really only need to
log (or block and dole out public IPs as needed) port-less protocols.
More information about the NANOG