Meanwhile, I’m still over here dying on a hill stating that CGNAT has no business in fiber to the premises deployments… and this is just additional evidence. :-)
Trying to do hacky things with CGNAT to save a buck is, IMHO, inexcusable, especially when lots of FTTP operators are now overbuilding legacy ILECs/cablecos with fiber that is typically being promoted as “superior in every way”. If a company can spend thousands in construction costs to build to a house, hundreds per house on CPE, excessive quantities of money on marketing, $35 (and going down) per public IP on the secondary market is pennies in comparison when it comes to customer acquisition cost. Just my opinion, nobody else’s, as someone that is no longer involved in the eyeball network business ;-) Tim > On May 16, 2025, at 14:37, Eric C. Miller via NANOG <nanog@lists.nanog.org> > wrote: > > "You're getting away with 256:1 CGNAT and not having customers run out of > ports?" > > I would like to apologize to the greater community for the hack job that I > have done in the name of getting users online. 256:1 in our early networks > was based on retail adoption in a community, and it quickly falls down when > penetration improves. We use dynamic port allocation, so power users can get > more ports from users that are lighter. > > We've published our RFC8805 geofeed, and that helps with some groups like > Maxmind, and we've also communicated with IP Quality Score about how we do > CGNAT, but I'm not sure if they just reset their database, or if something > else occurred. We had to roll CGNAT IPs for about 10,000 customers across 3 > regions (CA, TX, FL) in 72 hours. We have more space now, so we're assigning > space at an average ratio of 40:1. > > I really don't believe that the Cat and Mouse gets "fixed" for IPv4 CGNAT. > IPv6 has to be made a priority. > > Eric > ________________________________ > From: Jon Lewis <jle...@lewis.org> > Sent: Friday, May 16, 2025 9:46 AM > To: Eric C. Miller via NANOG <nanog@lists.nanog.org> > Cc: Eric C. Miller <e...@ericheather.com> > Subject: Re: Sudden surge in CGNAT blacklisting > >> On Thu, 15 May 2025, Eric C. Miller via NANOG wrote: >> >> Has anyone else experienced a sudden increase in the past 2 weeks of blocks >> getting flagged as "VPN" or "Proxy?" We have some older leased space from HE >> and Cogent that got hammered seemingly all at once. We've started >> accelerating our migration to our ARIN space, but it's still odd why it's >> all of a sudden. >> >> Most of the addresses are between 32:1 and 256:1 CGNAT pool IPs, and there >> are other 256:1 IPs that remain unaffected. Each customer behind an IP is in >> the same subdivision. > > You're getting away with 256:1 CGNAT and not having customers run out of > ports? > > Flagged (and presumably blocked) by who / what sorts of services/networks? > > Have you done anything (SWIPs, suggestive PTRs, etc.) to indicate to > outsiders that the IP blocks in question are CGNAT? > > I know some VPN providers have utilized NAT for years, and some content > providers (i.e. streaming services) have played a years long game of cat & > mouse / whack-a-mole trying to block these VPNs to prevent "out of region" > eyeballs from accessing content they're not supposed to be permitted to > see. To their algorithms, I wouldn't be surprised if VPNs using NAT and > service providers using CGNAT were indistinguishable. > > CGNAT is an unfortunate fact of life for many service providers in a world > that's running out of v4 space but unwilling to fully (or even mostly) > transition to v6...so I would hope nobody is blocking service > provider CGNAT space intentionally. > > ---------------------------------------------------------------------- > Jon Lewis, MCP :) | I route > Blue Stream Fiber, Sr. Neteng | therefore you are > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ > _______________________________________________ > NANOG mailing list > https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/YH5HSIQCTFPBKSWZ6XECR534IIYC3RJ2/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/TYNLRAMRM4BSXCTCPSA5HE7VJZB7ABTJ/
