nanog mailing list archives
Re: CGNAT Solutions
From: Brandon Martin <lists.nanog () monmotha net>
Date: Tue, 28 Apr 2020 23:01:39 -0400
On 4/28/20 4:53 PM, William Herrin wrote:
How small is small? Up to a certain size regular NAT with enough logging to trace back abusers will tend to work fine. if we're talking single-digit gbps, it may not be worth the effort to consider the wonderful world of CGNAT.
Depending on how many IPs you need to reclaim and what your target IP:subscriber ratio is, you may be able to eliminate the need for a lot of logging by assigning a range of TCP/UDP ports to a single inside IP so that the TCP/UDP port number implies a specific subscriber.
You can't get rid of all the state tracking without also having the CPE know which ports to use (in which case you might as well use LW4o6 or MAP), but at least you can get it down to where you really only need to log (or block and dole out public IPs as needed) port-less protocols.
-- Brandon Martin
Current thread:
- CGNAT Solutions John Alcock (Apr 28)
- Re: CGNAT Solutions Baldur Norddahl (Apr 28)
- RE: CGNAT Solutions Aaron Gould (Apr 28)
- Re: CGNAT Solutions William Herrin (Apr 28)
- Re: CGNAT Solutions Brandon Martin (Apr 28)
- Re: CGNAT Solutions Masataka Ohta (Apr 28)
- Re: CGNAT Solutions Brandon Martin (Apr 29)
- Re: CGNAT Solutions Masataka Ohta (Apr 29)
- Re: CGNAT Solutions Ca By (Apr 29)
- Re: CGNAT Solutions William Herrin (Apr 29)
- Message not available
- Re: CGNAT Solutions William Herrin (Apr 29)
- Re: CGNAT Solutions Brandon Martin (Apr 29)
- Re: CGNAT Solutions Ca By (Apr 29)
- Re: CGNAT Solutions JORDI PALET MARTINEZ via NANOG (Apr 29)
- Re: CGNAT Solutions Brandon Martin (Apr 28)
- Re: CGNAT Solutions Masataka Ohta (Apr 29)