RE: CGNAT Solutions

["Aaron Gould" <aaron1 () gvtc com>]

Hi John, I run a small/medium ISP in Texas.  A few years ago, needing to do the same thing you are speaking of, I lab 
evaluated the Cisco ASR9k VSM-500 and Juniper MX104 MS-MIC-16G… in the end I went with Juniper.  No regrets, been good 
and holding strong.  I’ve scaled it way beyond what I originally envisioned.  (but bought more as well)

 

I slow started my CGNat deployment, like with most things, baby-steps when doing something as extreme as taking away 
the public ip  address from my isp residential customers… so yeah, slow-start…

 

DSL was my first target.  One DSLAM at a time, waiting for issues to arise and dealing with them along the way, the 
best I could.  …until we had 6,000 dsl customers behind a pair of Juniper MX104’s with MS-MIC-16G cards, running fine.  
(all done via mpls l3vpn for virtual L3 routing into and out of the nat boundary… so one vrf for inside, and one vrf 
for outside)…peak load as I recall was about 3 gbps on each MX104, so 6 gbps total.

 

Next, about a year or so later, we went after Cable Modem CMTS communities.  But, added MS-MPC-128G modules to a pair 
of our mpls 100 gig ring MX960 nodes.  This was another 5,000 subs or so.  (this was about 2 or 3 years ago).  Learned 
a lot during that one.  A lot about ecmp, inet.3 mp-ibgp route choices, (set protocols ldp track-igp-metric… is your 
friend), app, eim, eif, ams/mams interfaces and load-balancing on the source-ip…. Let that ride for a year or so…then…

 

…went after our FTTH communities.  Probably about 30 or 40 thousand ip’s were recoup’d here.  FTTH was nat’d behind (4) 
additional MS-MPC-128G modules in (4) other 100 gig mpls ring mx960 nodes.

 

There have been recent concerns about uPNP not working behind the cgnat’s.

 

All in all, we are getting lots of use out of our Juniper CGNat solution.  All told, it’s about 50,000 customers behind 
the (2) MX104’s and (6) MX960’s getting nat’d.

 

-Aaron

 

 

 

From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of John Alcock
Sent: Tuesday, April 28, 2020 2:12 PM
To: nanog () nanog org
Subject: CGNAT Solutions

 

Afternoon,

 

I run a small ISP in Tennessee.  COVID has forced a lot of people to work from home.  I am starting to run low on IP's 
and need to consider CGNAT.

 

I do have IPV6 space, but we all know that until we force everyone to move to IPV6, we need to keep IPV4 up and running.

 

I could buy more space, but I am really wondering if that is the best option.  It is expensive. I know CGNAT devices 
are expensive as well, but it looks like I could stretch it out a bit.

 

My thinking is to convert about 50% of my subscribers to CGNAT.

 

I am interested in vendors or devices you have used in the past.  I already know about the pitfalls many of my 
subscribers will have with CGNAT such as VPN's, Gamers, etc.

 

What are your thoughts on CGNAT vendors?  

 

A10Networks

F5Networks

Others?