RE: CGNAT scaling cost (was Re: V6 still not supported)

@nanog.org] On Behalf Of Masataka Ohta Sent: Thursday, March 31, 2022 3:56 AM To: nanog@nanog.org Subject: Re: CGNAT scaling cost (was Re: V6 still not supported) Vasilenko Eduard via NANOG wrote: > CGNAT cost was very close to 3x compared to routers of the same > performance. That

Re: CGNAT scaling cost (was Re: V6 still not supported)

Vasilenko Eduard via NANOG wrote: CGNAT cost was very close to 3x compared to routers of the same performance. That should be because you are comparing cost of carrier, that is telco, grade NAT and consumer grade routers. Remember the cost of carrier grade datalink of SONET/SDH.

RE: RE: CGNAT scaling cost (was V6 still not supported)

for a big system?) then the port cost would start from 2x (+ common components). Eduard -Original Message- From: Jared Brown [mailto:nanog-...@mail.com] Sent: Wednesday, March 30, 2022 8:17 PM To: Vasilenko Eduard Cc: nanog@nanog.org Subject: Re: RE: CGNAT scaling cost (was V6 still

Re: RE: CGNAT scaling cost (was V6 still not supported)

Hi Eduard, Do I interpret your findings correctly, if this means that CGNAT costs scale more or less linearly with traffic growth over time? And as a corollary, that the cost of scaling CGNAT in itself isn't likely a primary driver for IPv6 adoption? - Jared Vasilenko Eduard wrote: > >

RE: CGNAT scaling cost (was Re: V6 still not supported)

CGNAT cost was very close to 3x compared to routers of the same performance. Hence, 1 hop through CGNAT = 3 hops through routers. 3 router hops maybe the 50% of overall hops in the particular Carrier (or even less). DWDM is 3x more expensive per hop. Fiber is much more expensive (greatly varies

RE: CGNAT

We thought about it for a while at the ISP where I work, and went with Juniper MX960's w/MS-MPC-128G. Been working quite nice for us. Initially, we went with smaller MX104 w/MS-MIC-16G to prove it out on our ~4,000 lower bandwidth DSL customers... when convinced, we then went all in with

RE: CGNAT

ESA "cards" are a massively scalable option. -Original Message- From: NANOG On Behalf Of Kevin Burke Sent: Thursday, 4 March 2021 6:42 am To: Jared Brown ; nanog@nanog.org Subject: Re: CGNAT Can you share your cost comparison?

Re: CGNAT

e. To echo Owen, in general, the economics today still work out to make purchasing addresses more favorable than CGNAT. - Jared Sent: Tue Feb 2314:36:48 UTC 2021 From: Kevin Burke kburke at burlingtontelecom.com To: nanog@nanog.org Subject: Re: CGNAT We are looking at im

Re: CGNAT

Feb 2314:36:48 UTC 2021 From: Kevin Burke kburke at burlingtontelecom.com To: nanog@nanog.org Subject: Re: CGNAT We are looking at implementing a similar solution with A10 for CGNAT. We've been in touch with A10. Just wondering if there are some alternative vendors that anyone would recommend

Re: CGNAT

out first deploying IPv6 are burning cash. Yep. I still think that implementing CGN is a good way to burn cash vs. the alternatives, but YMMV. Owen > > - Jima > > From: NANOG On Behalf Of Owen DeLong > Sent: Sunday, February 21, 2021 16:59 &g

Re: CGNAT

t: Sunday, February 21, 2021 16:59 > To: Steve Saner > Cc: nanog@nanog.org > Subject: Re: CGNAT > > > On Feb 18, 2021, at 8:38 AM, Steve Saner wrote: > >> We are starting to look at CGNAT solutions. The primary motivation at the >> moment is to extend current IP

Re: CGNAT

t: Saturday, 20 February 2021, 9:04 am >> To: Steve Saner >> Cc: nanog@nanog.org >> Subject: Re: CGNAT >> >> Why not go whole hog and provide IPv4 as a service? That way you are not >> waiting for your customers to turn up IPv6 to take the load off your

Re: CGNAT

, 9:04 am > To: Steve Saner > Cc: nanog@nanog.org > Subject: Re: CGNAT > > Why not go whole hog and provide IPv4 as a service? That way you are not > waiting for your customers to turn up IPv6 to take the load off your NAT box. > > Yes, you can do it dual stack but yo

Re: CGNAT

Hi Steve We are looking at implementing a similar solution with A10 for CGNAT. We've been in touch with A10. Just wondering if there are some alternative vendors that anyone would recommend. We'd probably be looking at a solution to support 5k to 15k customers and bandwidth up to around 30-40

RE: CGNAT

rning cash. - Jima From: NANOG On Behalf Of Owen DeLong Sent: Sunday, February 21, 2021 16:59 To: Steve Saner Cc: nanog@nanog.org Subject: Re: CGNAT On Feb 18, 2021, at 8:38 AM, Steve Saner wrote: > We are starting to look at CGNAT solutions. The primary motivation at the > moment is t

Re: CGNAT

> On Feb 18, 2021, at 8:38 AM, Steve Saner wrote: > > We are starting to look at CGNAT solutions. The primary motivation at the > moment is to extend current IPv4 resources, but IPv6 migration is also a > factor. IPv6 Migration is generally not aided by CGNAT. In general, the economics

Re: CGNAT

On 19/02/2021 20:11, Tony Wicks wrote: > Because then a large part of the Internet won't work Hey, look on the bright side: customers won't be able to use Twitter to complain! :D Ofc, IPv4aaS has many good success stories out there; Sky Italia are running MAP-T, many, many mobile ISPs are

Re: CGNAT

0 February 2021, 9:04 am > To: Steve Saner > Cc: nanog@nanog.org > Subject: Re: CGNAT > > Why not go whole hog and provide IPv4 as a service? That way you are not > waiting for your customers to turn up IPv6 to take the load off your NAT box. > > Yes, you can do it dual s

Re: CGNAT

rom: NANOG on behalf of Mark Andrews Sent: Saturday, 20 February 2021, 9:04 am To: Steve Saner Cc: nanog@nanog.org Subject: Re: CGNAT Why not go whole hog and provide IPv4 as a service? That way you are not waiting for your customers to turn up IPv6 to take the load off your NAT box. Yes,

Re: CGNAT

Because then a large part of the Internet won't workFrom: NANOG on behalf of Mark Andrews Sent: Saturday, 20 February 2021, 9:04 amTo: Steve SanerCc: nanog@nanog.orgSubject: Re: CGNATWhy not go whole hog and provide IPv4 as a service? That way you are not waiting for your customers to turn up

Re: CGNAT

Why not go whole hog and provide IPv4 as a service? That way you are not waiting for your customers to turn up IPv6 to take the load off your NAT box. Yes, you can do it dual stack but you have waited so long you may as well miss that step along the deployment path. -- Mark Andrews > On 20

RE: CGNAT

Not the Cheapest option out there but the most rock solid one I have found is to install the extended service/multi service cards in the BNG and do it locally there. We are currently using both Juniper MX480/960 with MS-MPC cards and Nokia 7750 SR with ISA or ESA cards. Its also well worth

Re: CGNAT

I recommend you to take a look at DANOS. https://danosproject.atlassian.net/wiki/spaces/DAN/pages/416153601/Carrier+Grade+NAT+CGNAT - A very active open-source project. - Sponsored by AT - Uses Vyatta (and DPDK for good performance) - The Routing Engine is based on FRR. - Syntax sounds like

Re: CGNAT Opensource with support to BPA, EIM/EIF, UPnP-PCP

On 7/Jul/20 19:23, JORDI PALET MARTINEZ via NANOG wrote: >   > > There was, long time ago, something developed by ISC, but I think > never completed and not updated … > >   > > 464XLAT is always a solution and becomes much cheaper, than CGN from > vendors, even if you need to replace the CPEs.

Re: CGNAT Opensource with support to BPA, EIM/EIF, UPnP-PCP

> On 8 Jul 2020, at 03:23, JORDI PALET MARTINEZ via NANOG > wrote: > > Hi Douglas, > > There was, long time ago, something developed by ISC, but I think never > completed and not updated … ISC did a DS-LITE implementation called AFTR. This can be found at:

RE: CGNAT Opensource with support to BPA, EIM/EIF, UPnP-PCP

As someone who has spent quite a long time building CGNAT solutions I have some good news for you, there is an easy solution to your below point that works exceptionally well. The solution is dual stack IPv6, its trivial to route your IPv6 to bypass the CGNAT device you are using and pretty

Re: CGNAT Opensource with support to BPA, EIM/EIF, UPnP-PCP

DANOS 2005 seems to support a lot of your requirements. https://danosproject.atlassian.net/wiki/spaces/DAN/pages/320634926/DANOS+2005+Release+Notes So if you have an x86 box with supported NICS you should be able to get some decent performance from it. The major gotcha in this release is I think

Re: CGNAT Opensource with support to BPA, EIM/EIF, UPnP-PCP

Hi Douglas, There was, long time ago, something developed by ISC, but I think never completed and not updated … 464XLAT is always a solution and becomes much cheaper, than CGN from vendors, even if you need to replace the CPEs. I’m doing that now with 25.000.000 subscribers … (slowed

Re: CGNAT Solutions

Ca By wrote: The proper number to be considered should be percentage of IPv6 hosts which can not communicate with IPv4 only hosts. Isn't it 0%? I think you agree with me, here. For those of us running networks, especially growing networks, uniquely numbering hosts is our goal and ipv6 fits

Re: CGNAT Solutions

And more and more CPE providers support it. See RFC8585. I inititally started using OpenWRT, but now I already got samples from several vendors. Regards, Jordi @jordipalet El 30/4/20 6:16, "NANOG en nombre de Ca By" escribió: On Wed, Apr 29, 2020 at 7:17 PM

Re: CGNAT Solutions

On Wed, Apr 29, 2020 at 7:17 PM Brandon Martin wrote: > On 4/29/20 10:12 PM, William Herrin wrote: > >> What allows them to work with v6 in such an efficient manner? > > A piece of client software is installed on every phone that presents > > an IPv4 address to the phone and then translates

Re: CGNAT Solutions

On Wed, Apr 29, 2020 at 7:46 PM Masataka Ohta < mo...@necom830.hpcl.titech.ac.jp> wrote: > Ca By wrote: > > >>>You can't eliminate that unless the CPE also knows what internal > port > >>> range it's mapped to so that it restricts what range it uses. If you > >>> can do that, you can get rid

Re: CGNAT Solutions

Ca By wrote: You can't eliminate that unless the CPE also knows what internal port range it's mapped to so that it restricts what range it uses. If you can do that, you can get rid of the programmatic state tracking entirely and just use static translations for TCP and UDP which, while

Re: CGNAT Solutions

On 4/29/20 10:12 PM, William Herrin wrote: What allows them to work with v6 in such an efficient manner? A piece of client software is installed on every phone that presents an IPv4 address to the phone and then translates packets to IPv6 for relay over the network. This works because T-Mobile

Re: CGNAT Solutions

On Wed, Apr 29, 2020 at 5:27 PM Thomas Scott wrote: > > cell-phone environment. A classic small ISP fills a different niche. > > I've dealt with traditional cable and fiber SP environments, but I'm curious > how the architecture differs so drastically with T-Mobile to allow v6 to work > so

Re: CGNAT Solutions

On Wed, Apr 29, 2020 at 7:19 AM Ca By wrote: > Since we are talking numbers ans hard facts > > 42% of usa accesses google on ipv6 > > https://www.google.com/intl/en/ipv6/statistics.html Be careful with those stats; they might not be telling you what you think they are. For example, phone clients

RE: CGNAT Solutions

ron -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Robert Blayzor Sent: Wednesday, April 29, 2020 9:14 AM To: nanog@nanog.org Subject: Re: CGNAT Solutions On 4/28/20 11:01 PM, Brandon Martin wrote: > Depending on how many IPs you need to reclaim and what your

Re: CGNAT Solutions

On Wed, 29 Apr 2020, Robert Blayzor wrote: So as a happy medium of about 2048 ports per subscriber, that's roughly a 32:1 NAT/IP over-subscription ? Yes, around that. -- Mikael Abrahamssonemail: swm...@swm.pp.se

Re: CGNAT Solutions

Thank you everyone for the suggestions. To clarify small ISP. 12K subscribers 35 Gigs traffic at peak. Growing about 500 megs per month traffic. John On Tue, Apr 28, 2020 at 3:12 PM John Alcock wrote: > Afternoon, > > I run a small ISP in Tennessee. COVID has forced a lot of people to work

Re: CGNAT Solutions

On 4/29/20 10:29 AM, Mikael Abrahamsson wrote: > There are some numbers in there for instance talking about 1024 ports > per subscriber as a good number. In presentations I have seen over time, > people typically talk about 512-4096 as being a good number for the bulk > port allocation size. So

Re: CGNAT Solutions

I haven't used them, but 6-WIND is pretty proud of their CGNAT performance. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "John Alcock" To: nanog@nanog.org Sent: Tuesday, April 28,

Re: CGNAT Solutions

On Wed, 29 Apr 2020, Robert Blayzor wrote: One would think a 1000 ports would be enough, but if you have a dozen devices at home all browsing and doing various things, and with IOT, etc, maybe not? https://www.juniper.net/documentation/en_US/junos/topics/concept/nat-best-practices.html

Re: CGNAT Solutions

How big is your ip pool for CGNAT? On Wed, Apr 29, 2020 at 10:17 AM Robert Blayzor wrote: > On 4/28/20 11:01 PM, Brandon Martin wrote: > > Depending on how many IPs you need to reclaim and what your target > > IP:subscriber ratio is, you may be able to eliminate the need for a lot > > of

Re: CGNAT Solutions

hey, I'm wondering if there are any real world examples of this, namely in the realm of subscriber to IP and range of ports required, etc. ie: Is is a range of 1000 ports enough for one residential subscriber? How about SMB where no global IP is required. One would think a 1000 ports would be

Re: CGNAT Solutions

On Wed, Apr 29, 2020 at 1:06 AM Masataka Ohta < mo...@necom830.hpcl.titech.ac.jp> wrote: > Brandon Martin wrote: > > >> If you mean getting rid of logging, not necessarily. It is enough if > >> CPEs are statically allocated ranges of external port numbers. > > > > Yes, you can get rid of the

Re: CGNAT Solutions

On 4/28/20 11:01 PM, Brandon Martin wrote: > Depending on how many IPs you need to reclaim and what your target > IP:subscriber ratio is, you may be able to eliminate the need for a lot > of logging by assigning a range of TCP/UDP ports to a single inside IP > so that the TCP/UDP port number

Re: CGNAT Solutions

Brandon Martin wrote: If you mean getting rid of logging, not necessarily. It is enough if CPEs are statically allocated ranges of external port numbers. Yes, you can get rid of the logging by statically allocating ranges of port numbers to a particular customer. And, that was the original

Re: CGNAT Solutions

On 4/29/20 2:35 AM, Masataka Ohta wrote: If you mean getting rid of logging, not necessarily. It is enough if CPEs are statically allocated ranges of external port numbers. Yes, you can get rid of the logging by statically allocating ranges of port numbers to a particular customer. What I

Re: CGNAT Solutions

Brandon Martin wrote: You can't get rid of all the state tracking without also having the CPE know which ports to use If you mean getting rid of logging, not necessarily. It is enough if CPEs are statically allocated ranges of external port numbers.

Re: CGNAT Solutions

On 4/28/20 4:53 PM, William Herrin wrote: How small is small? Up to a certain size regular NAT with enough logging to trace back abusers will tend to work fine. if we're talking single-digit gbps, it may not be worth the effort to consider the wonderful world of CGNAT. Depending on how many

Re: CGNAT Solutions

Take a look at DANOS for CG-NAT as a free solution or Netgate's TNSR has a CG-NAT feature https://www.tnsr.com/features On Tue, Apr 28, 2020 at 2:57 PM JORDI PALET MARTINEZ via NANOG < nanog@nanog.org> wrote: > I will say it is much better to consider 464XLAT with NAT64, if the CPEs > allow it.

Re: CGNAT Solutions

I will say it is much better to consider 464XLAT with NAT64, if the CPEs allow it. https://datatracker.ietf.org/doc/rfc8683/ I’m right now doing a deployment for 25.000.000 customers of an ISP (GPON, DLS and cellular mix), all the testing has been done, and all doing fine. I’ve done

Re: CGNAT Solutions

On Tue, Apr 28, 2020 at 12:12 PM John Alcock wrote: > I run a small ISP in Tennessee. I am starting to run low on IP's and need to > consider CGNAT. Hi John, How small is small? Up to a certain size regular NAT with enough logging to trace back abusers will tend to work fine. if we're talking

RE: CGNAT Solutions

Hi John, I run a small/medium ISP in Texas. A few years ago, needing to do the same thing you are speaking of, I lab evaluated the Cisco ASR9k VSM-500 and Juniper MX104 MS-MIC-16G… in the end I went with Juniper. No regrets, been good and holding strong. I’ve scaled it way beyond what I

Re: CGNAT Solutions

Just go with Linux and iptables. It is by far the cheapest option and it just works. tir. 28. apr. 2020 21.13 skrev John Alcock : > Afternoon, > > I run a small ISP in Tennessee. COVID has forced a lot of people to work > from home. I am starting to run low on IP's and need to consider CGNAT.

Re: CGNAT

; 256.256.130.4:80 Drop O 1 UDP256.256.191.133:2 -> 256.256.130.4:80 Drop O 1 - Aaron -Original Message- From: Compton, Rich A [mailto:rich.comp...@charter.com] Sent: Thursday, April 6, 2017 3:49 PM To

RE: CGNAT

harter.com] Sent: Thursday, April 6, 2017 3:49 PM To: Aaron Gould; 'Ahmed Munaf'; 'Nanog@Nanog' Subject: Re: CGNAT Hi Aaron, thanks for the info. I¹m curious what you or others do about DDoS attacks to CGNAT devices. It seems that a single attack could affect the thousands of customers that use

Re: cgnat - how do you handle customer issues

IPv6. Even while many web sites and apps don't support > IPv4, enough do that it relieves some pressure on your CGN. > > Lee >> >> - Aaron >> >> >> From: Michael Crapse [mailto:mich...@wi-fiber.io] >> Sent: Tuesday, February 27, 2018 11:19 AM >

Re: cgnat - how do you handle customer issues

. Lee - Aaron From: Michael Crapse [mailto:mich...@wi-fiber.io] Sent: Tuesday, February 27, 2018 11:19 AM To: Mike Hammett Cc: Aaron Gould; NANOG list Subject: Re: cgnat - how do you handle customer issues For number 2, I'm a fan of what mike suggests. I believe the technical term

Re: cgnat - how do you handle customer issues

On 02/27/2018 11:30 AM, Aaron Gould wrote: Couple questions please. When you put thousands of customers behind a cgnat boundary, how do you all handle customer complaints about the following. 1 - for external connectivity to the customers premise devices, not being able to access web

Re: cgnat - how do you handle customer issues

ary 27, 2018 12:54 To: 'Michael Crapse'; 'Mike Hammett' Cc: 'NANOG list' Subject: RE: cgnat - how do you handle customer issues Thanks For #2 – what if the ports allocated aren’t enough for the amount of inet traffic the customer site uses ? …is the customer denied service based on insufficien

RE: cgnat - how do you handle customer issues

? - Aaron From: Michael Crapse [mailto:mich...@wi-fiber.io] Sent: Tuesday, February 27, 2018 11:19 AM To: Mike Hammett Cc: Aaron Gould; NANOG list Subject: Re: cgnat - how do you handle customer issues For number 2, I'm a fan of what mike suggests. I believe the technical term is MAP-T

Re: cgnat - how do you handle customer issues

For number 2, I'm a fan of what mike suggests. I believe the technical term is MAP-T. For number 1, anyone who wants one, gets one. We provide free public static IP to any customer who asks for one. Another solution, using above solution is to ask them which ports they need, and forward those to

Re: cgnat - how do you handle customer issues

I'm a fan of nailing each customer IP to a particular range of ports on a given public IP. Real easy to track who did what and to prevent shifting IPs. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From:

Re: CGNAT

With a ~59% dual-stack percentage and a 8% ds-lite percentage (aka 67% of our subscriber base has IPv6), we get around 40% of IPv6 traffic. -- Tassos Radu-Adrian Feurdean wrote on 10/4/2017 1:11 μμ: > On Fri, Apr 7, 2017, at 20:03, Mikael Abrahamsson wrote: >> On Fri, 7 Apr 2017, Max Tulyev

Re: CGNAT

On Fri, Apr 7, 2017, at 20:03, Mikael Abrahamsson wrote: > On Fri, 7 Apr 2017, Max Tulyev wrote: > > > BTW, does somebody check how implementing a native IPv6 decrease actual > > load of CGNAT? > > Reports are that 30-50% of traffic will be IPv6 when you enable dual > stack. This would be

Re: CGNAT

A lot depends on the CGNAT features you are looking to support, some considerations: - Are you looking for port block allocation for bulk logging, where a given subscriber is given a block of source TCP/UDP ports on a translated IP address - How many translations and session rate are you looking

Re: CGNAT

Hi Aaron, thanks for the info. I¹m curious what you or others do about DDoS attacks to CGNAT devices. It seems that a single attack could affect the thousands of customers that use those devices. Also, do you have issues detecting attacks vs. legitimate traffic when you have so much traffic

Re: CGNAT

I can confirm that percentage (at least with residential customer base). All big content providers and a number of CDNs will do IPv6 by default. One thing that will heavily affect this is the CPE equipment (which might not have IPv6 enabled or even be capable of it). kind regards Pshem On Sat,

RE: CGNAT

Thanks Max, I've thought about that and tested some ipv6 (6vpe, mpls l3vpn w/ipv6 dual stacked) in my network. In my CGNAT testing for my 7,000 dsl customers, I've already tested the inter-vrf route leaks that will be required for ipv6-flow-around to bypass the IPv4 CGNAT boundary so, I have

Re: CGNAT

On Fri, 7 Apr 2017, Max Tulyev wrote: BTW, does somebody check how implementing a native IPv6 decrease actual load of CGNAT? Reports are that 30-50% of traffic will be IPv6 when you enable dual stack. This would be traffic that will not traverse your CGNAT. -- Mikael Abrahamssonemail:

Re: CGNAT

BTW, does somebody check how implementing a native IPv6 decrease actual load of CGNAT? On 06.04.17 23:33, Aaron Gould wrote: > Last year I evaluated Cisco ASR9006/VSM-500 and Juniper MX104/MS-MIC-16G in > my lab. > > I went with MX104/MS-MIC-16G. I love it. > > I deployed (2) MX104's. Each

RE: CGNAT

Thanks Rich, you bring up some good points. Yes it would seem that an attack aimed at a target IP address would in-fact now have a greater surface since that IP address is being used by many people. When we remotely-trigger-black-hole (RTBH) route an ip address (/32 host route) into a black hole

RE: CGNAT

Last year I evaluated Cisco ASR9006/VSM-500 and Juniper MX104/MS-MIC-16G in my lab. I went with MX104/MS-MIC-16G. I love it. I deployed (2) MX104's. Each MX104 has a single MX-MIC-16G card in it. I integrated this CGNAT with MPLS L3VPN's for NAT Inside vrf and NAT outside vrf. Both MX104's

Re: CGNAT

Hello Ahmad,I am using F5 for CGNAT, right now 250K subscriber with 28Gbps bandwidth, I will double it with the second appliance easily soon.Its high performance and I like it.Any time Any QuestionThanks

Re: CGNAT - Seeking Real World Experience

I had given some numbers for PBA in http://puck.nether.net/pipermail/cisco-nsp/2016-February/101908.html -- Tassos Adam wrote on 23/11/16 23:17: > I'm crunching the numbers on the cost effectiveness of implementing CGN vs > IPv4 auctions. The determining factor is how many ephemeral ports are >

Re: CGNAT - Seeking Real World Experience

Don't try detereministic NAT, it's not worth it. You'll waste a lot of port capacity on most users, and it might still be problematic for power users. Just try to match one user to one real IP, many sites/applications don't like when there are several requests from one user with different

Re: CGNAT - Seeking Real World Experience

On Thu, Nov 24, 2016 at 7:05 PM Adam wrote: > I'm crunching the numbers on the cost effectiveness of implementing CGN vs > IPv4 auctions. The determining factor is how many ephemeral ports are > reserved for each customer. This is for a residential broadband > environment. > >