NAT/CGNAT IP address/users ratios

aaron1 at aaron1 at
Tue May 18 22:13:42 UTC 2021

I currently have about ~2750 public IP's (11 /24's) for ~53,000 broadband
customers.  (ftth, cable modem and dsl)


I cap them at 3,000 ports using PBA, port block allocation.. Blocks of 100
at a time, and 30 blocks per subscriber.  (100*30=3000)


I usually see, when a private internal IP is using up the full 3,000 ports,
when we look closer at the sessions, they usually look suspect, as if the
end host is infected or has malware causing lots of connections


I run all this though, (6) MX960's with (1) MS-MPC-128G in each chassis, and
(2) MX104's with (1) MS-MIC-16G per 104.  The utilization as far as I've
seen, regarding memory and load on the service modules seems fine at the
levels we are at.


Hope that helps.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the NANOG mailing list