Hello NANOG (and friends),
Asking if anyone would care to share their CGNAT and NAT ratios. We’re looking at some best practices and I wanted to see what the community at large has seen working, and not working.
I am by no means a NAT expert, and usually I see the other end where it’s clearly not working.
Does anyone have estimating formulas for devices/users to internal blocks to public IPs?
Regards,
I currently have about ~2750 public IP’s (11 /24’s) for ~53,000 broadband customers. (ftth, cable modem and dsl)
I cap them at 3,000 ports using PBA, port block allocation…. Blocks of 100 at a time, and 30 blocks per subscriber. (100*30=3000)
I usually see, when a private internal IP is using up the full 3,000 ports, when we look closer at the sessions, they usually look suspect, as if the end host is infected or has malware causing lots of connections
I run all this though, (6) MX960’s with (1) MS-MPC-128G in each chassis, and (2) MX104’s with (1) MS-MIC-16G per 104. The utilization as far as I’ve seen, regarding memory and load on the service modules seems fine at the levels we are at.
Hope that helps.
-Aaron