nanog mailing list archives
RE: Carrier Grade NAT
From: "Tony Wicks" <tony () wicks co nz>
Date: Wed, 30 Jul 2014 09:28:53 +1200
OK, as someone with experience running CGNAT to fixed broadband customers in general, here are a few answers to common questions. This is based on the setup I use which is CGNAT is done on the BNG (Cisco ASR1K6). 1. APNIC ran out of IPv4 a couple of years ago, so unless you want to pay USD $10+ per IP then CGNAT is the only option. 2. IPv6 is nice (dual stack) but the internet without IPv4 is not a viable thing, perhaps one day, but certainly not today (I really hate clueless people who shout to the hills that IPv6 is the "solution" for today's internet access) 3. 99.99% of customers don't notice they are transiting CGNAT, it just works. 4. You need to log NAT translations for LI purposes. (IP source/destination, Port source/destination, time) Surprisingly this does not produce that big a database burden. However as Cisco's Netflow NAT logging is utterly useless you need to use syslog and this ramps up the ASR CPU a bit. 5. NAT translation timeouts are important, XBOX and PlayStation suck. 6. 10,000 customers= approximately 200,000 active translations and 1-2 /24's to be comfortable 7. CGNAT protects your customers from all sorts of nasty's like small DDOS attacks and attacks on their crappy CPE 8. DDOS on CGNAT pool IP's are a pain in the rear and happen often. 9. In New Zealand we are not a state of the USA so spammed DCMA emails can be redirected to /dev/null. If a rights holder wishes to have a potential violation investigated (translation logs) they need to pay a $25 fee, so in general they don't bother. Police need a search warrant so they generally only ask for user info when they actually can justify it, so it's not a big overhead. 10. It is not uncommon for people who run some game servers and websites (like banks) to be completely clueless/confused about cgnat and randomly block IP's as large numbers of users connect from single IP. This is not a big issue in practice. cheers
Current thread:
- Re: Carrier Grade NAT, (continued)
- Re: Carrier Grade NAT Owen DeLong (Jul 29)
- Re: Carrier Grade NAT Livingood, Jason (Jul 29)
- Re: Carrier Grade NAT John Levine (Jul 29)
- Re: Carrier Grade NAT William Herrin (Jul 29)
- Re: Carrier Grade NAT Owen DeLong (Jul 29)
- Re: Carrier Grade NAT Robert Drake (Jul 29)
- Re: Carrier Grade NAT Owen DeLong (Jul 29)
- Re: Carrier Grade NAT Simon Perreault (Jul 29)
- Re: Carrier Grade NAT Lee Howard (Jul 29)
- Re: Carrier Grade NAT Matt Palmer (Jul 29)
- RE: Carrier Grade NAT Tony Wicks (Jul 29)
- Re: Carrier Grade NAT Lee Howard (Jul 29)
- Re: Carrier Grade NAT Matt Palmer (Jul 29)
- Re: Carrier Grade NAT Robert Drake (Jul 29)
- RE: Carrier Grade NAT Tony Wicks (Jul 29)
- Re: Carrier Grade NAT Mark Andrews (Jul 29)
- Re: Carrier Grade NAT Matt Palmer (Jul 29)
- Re: Carrier Grade NAT Mark Andrews (Jul 29)
- Re: Carrier Grade NAT Owen DeLong (Jul 29)
- Re: Carrier Grade NAT Julien Goodwin (Jul 29)
- Re: Carrier Grade NAT Owen DeLong (Jul 30)