@nanog.org] On
Behalf Of Masataka Ohta
Sent: Thursday, March 31, 2022 3:56 AM
To: nanog@nanog.org
Subject: Re: CGNAT scaling cost (was Re: V6 still not supported)
Vasilenko Eduard via NANOG wrote:
> CGNAT cost was very close to 3x compared to routers of the same
> performance.
That
Vasilenko Eduard via NANOG wrote:
CGNAT cost was very close to 3x compared to routers of the
same performance.
That should be because you are comparing cost of carrier,
that is telco, grade NAT and consumer grade routers.
Remember the cost of carrier grade datalink of SONET/SDH.
for a big system?) then
the port cost would start from 2x (+ common components).
Eduard
-Original Message-
From: Jared Brown [mailto:nanog-...@mail.com]
Sent: Wednesday, March 30, 2022 8:17 PM
To: Vasilenko Eduard
Cc: nanog@nanog.org
Subject: Re: RE: CGNAT scaling cost (was V6 still
Hi Eduard,
Do I interpret your findings correctly, if this means that CGNAT costs scale
more or less linearly with traffic growth over time?
And as a corollary, that the cost of scaling CGNAT in itself isn't likely a
primary driver for IPv6 adoption?
- Jared
Vasilenko Eduard wrote:
>
>
CGNAT cost was very close to 3x compared to routers of the same performance.
Hence, 1 hop through CGNAT = 3 hops through routers.
3 router hops maybe the 50% of overall hops in the particular Carrier (or even
less).
DWDM is 3x more expensive per hop. Fiber is much more expensive (greatly varies
We thought about it for a while at the ISP where I work, and went with Juniper
MX960's w/MS-MPC-128G. Been working quite nice for us.
Initially, we went with smaller MX104 w/MS-MIC-16G to prove it out on our
~4,000 lower bandwidth DSL customers... when convinced, we then went all in
with
ESA "cards" are a massively scalable
option.
-Original Message-
From: NANOG On Behalf Of Kevin Burke
Sent: Thursday, 4 March 2021 6:42 am
To: Jared Brown ; nanog@nanog.org
Subject: Re: CGNAT
Can you share your cost comparison?
e.
To echo Owen, in general, the economics today still work out to make
purchasing addresses more favorable than CGNAT.
- Jared
Sent: Tue Feb 2314:36:48 UTC 2021
From: Kevin Burke kburke at burlingtontelecom.com
To: nanog@nanog.org
Subject: Re: CGNAT
We are looking at im
Feb 2314:36:48 UTC 2021
From: Kevin Burke kburke at burlingtontelecom.com
To: nanog@nanog.org
Subject: Re: CGNAT
We are looking at implementing a similar solution with A10 for CGNAT.
We've been in touch with A10. Just wondering if there are some alternative
vendors that anyone would recommend
out first deploying IPv6 are burning cash.
Yep.
I still think that implementing CGN is a good way to burn cash vs. the
alternatives, but YMMV.
Owen
>
> - Jima
>
> From: NANOG On Behalf Of Owen DeLong
> Sent: Sunday, February 21, 2021 16:59
&g
t: Sunday, February 21, 2021 16:59
> To: Steve Saner
> Cc: nanog@nanog.org
> Subject: Re: CGNAT
>
>
> On Feb 18, 2021, at 8:38 AM, Steve Saner wrote:
>
>> We are starting to look at CGNAT solutions. The primary motivation at the
>> moment is to extend current IP
t: Saturday, 20 February 2021, 9:04 am
>> To: Steve Saner
>> Cc: nanog@nanog.org
>> Subject: Re: CGNAT
>>
>> Why not go whole hog and provide IPv4 as a service? That way you are not
>> waiting for your customers to turn up IPv6 to take the load off your
, 9:04 am
> To: Steve Saner
> Cc: nanog@nanog.org
> Subject: Re: CGNAT
>
> Why not go whole hog and provide IPv4 as a service? That way you are not
> waiting for your customers to turn up IPv6 to take the load off your NAT box.
>
> Yes, you can do it dual stack but yo
Hi Steve
We are looking at implementing a similar solution with A10 for CGNAT.
We've been in touch with A10. Just wondering if there are some alternative
vendors that anyone would recommend. We'd probably be looking at a solution to
support 5k to 15k customers and bandwidth up to around 30-40
rning cash.
- Jima
From: NANOG On Behalf Of Owen DeLong
Sent: Sunday, February 21, 2021 16:59
To: Steve Saner
Cc: nanog@nanog.org
Subject: Re: CGNAT
On Feb 18, 2021, at 8:38 AM, Steve Saner wrote:
> We are starting to look at CGNAT solutions. The primary motivation at the
> moment is t
> On Feb 18, 2021, at 8:38 AM, Steve Saner wrote:
>
> We are starting to look at CGNAT solutions. The primary motivation at the
> moment is to extend current IPv4 resources, but IPv6 migration is also a
> factor.
IPv6 Migration is generally not aided by CGNAT.
In general, the economics
On 19/02/2021 20:11, Tony Wicks wrote:
> Because then a large part of the Internet won't work
Hey, look on the bright side: customers won't be able to use Twitter to
complain! :D
Ofc, IPv4aaS has many good success stories out there; Sky Italia are
running MAP-T, many, many mobile ISPs are
0 February 2021, 9:04 am
> To: Steve Saner
> Cc: nanog@nanog.org
> Subject: Re: CGNAT
>
> Why not go whole hog and provide IPv4 as a service? That way you are not
> waiting for your customers to turn up IPv6 to take the load off your NAT box.
>
> Yes, you can do it dual s
rom: NANOG on behalf of Mark
Andrews
Sent: Saturday, 20 February 2021, 9:04 am
To: Steve Saner
Cc: nanog@nanog.org
Subject: Re: CGNAT
Why not go whole hog and provide IPv4 as a service? That way you are not
waiting for your customers to turn up IPv6 to take the load off your NAT box.
Yes,
Because then a large part of the Internet won't workFrom: NANOG on behalf of Mark Andrews Sent: Saturday, 20 February 2021, 9:04 amTo: Steve SanerCc: nanog@nanog.orgSubject: Re: CGNATWhy not go whole hog and provide IPv4 as a service? That way you are not waiting for your customers to turn up
Why not go whole hog and provide IPv4 as a service? That way you are not
waiting for your customers to turn up IPv6 to take the load off your NAT box.
Yes, you can do it dual stack but you have waited so long you may as well miss
that step along the deployment path.
--
Mark Andrews
> On 20
Not the Cheapest option out there but the most rock solid one I have found is
to install the extended service/multi service cards in the BNG and do it
locally there. We are currently using both Juniper MX480/960 with MS-MPC cards
and Nokia 7750 SR with ISA or ESA cards. Its also well worth
I recommend you to take a look at DANOS.
https://danosproject.atlassian.net/wiki/spaces/DAN/pages/416153601/Carrier+Grade+NAT+CGNAT
- A very active open-source project.
- Sponsored by AT
- Uses Vyatta (and DPDK for good performance)
- The Routing Engine is based on FRR.
- Syntax sounds like
On 7/Jul/20 19:23, JORDI PALET MARTINEZ via NANOG wrote:
>
>
> There was, long time ago, something developed by ISC, but I think
> never completed and not updated …
>
>
>
> 464XLAT is always a solution and becomes much cheaper, than CGN from
> vendors, even if you need to replace the CPEs.
> On 8 Jul 2020, at 03:23, JORDI PALET MARTINEZ via NANOG
> wrote:
>
> Hi Douglas,
>
> There was, long time ago, something developed by ISC, but I think never
> completed and not updated …
ISC did a DS-LITE implementation called AFTR. This can be found at:
As someone who has spent quite a long time building CGNAT solutions I have some
good news for you, there is an easy solution to your below point that works
exceptionally well. The solution is dual stack IPv6, its trivial to route your
IPv6 to bypass the CGNAT device you are using and pretty
DANOS 2005 seems to support a lot of your requirements.
https://danosproject.atlassian.net/wiki/spaces/DAN/pages/320634926/DANOS+2005+Release+Notes
So if you have an x86 box with supported NICS you should be able to get
some decent performance from it.
The major gotcha in this release is I think
Hi Douglas,
There was, long time ago, something developed by ISC, but I think never
completed and not updated …
464XLAT is always a solution and becomes much cheaper, than CGN from vendors,
even if you need to replace the CPEs. I’m doing that now with 25.000.000
subscribers … (slowed
Ca By wrote:
The proper number to be considered should be percentage of IPv6
hosts which can not communicate with IPv4 only hosts.
Isn't it 0%?
I think you agree with me, here.
For those of us running networks, especially growing networks, uniquely
numbering hosts is our goal and ipv6 fits
And more and more CPE providers support it.
See RFC8585.
I inititally started using OpenWRT, but now I already got samples from several
vendors.
Regards,
Jordi
@jordipalet
El 30/4/20 6:16, "NANOG en nombre de Ca By" escribió:
On Wed, Apr 29, 2020 at 7:17 PM
On Wed, Apr 29, 2020 at 7:17 PM Brandon Martin
wrote:
> On 4/29/20 10:12 PM, William Herrin wrote:
> >> What allows them to work with v6 in such an efficient manner?
> > A piece of client software is installed on every phone that presents
> > an IPv4 address to the phone and then translates
On Wed, Apr 29, 2020 at 7:46 PM Masataka Ohta <
mo...@necom830.hpcl.titech.ac.jp> wrote:
> Ca By wrote:
>
> >>>You can't eliminate that unless the CPE also knows what internal
> port
> >>> range it's mapped to so that it restricts what range it uses. If you
> >>> can do that, you can get rid
Ca By wrote:
You can't eliminate that unless the CPE also knows what internal port
range it's mapped to so that it restricts what range it uses. If you
can do that, you can get rid of the programmatic state tracking entirely
and just use static translations for TCP and UDP which, while
On 4/29/20 10:12 PM, William Herrin wrote:
What allows them to work with v6 in such an efficient manner?
A piece of client software is installed on every phone that presents
an IPv4 address to the phone and then translates packets to IPv6 for
relay over the network. This works because T-Mobile
On Wed, Apr 29, 2020 at 5:27 PM Thomas Scott wrote:
> > cell-phone environment. A classic small ISP fills a different niche.
>
> I've dealt with traditional cable and fiber SP environments, but I'm curious
> how the architecture differs so drastically with T-Mobile to allow v6 to work
> so
On Wed, Apr 29, 2020 at 7:19 AM Ca By wrote:
> Since we are talking numbers ans hard facts
>
> 42% of usa accesses google on ipv6
>
> https://www.google.com/intl/en/ipv6/statistics.html
Be careful with those stats; they might not be telling you what you
think they are. For example, phone clients
ron
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Robert Blayzor
Sent: Wednesday, April 29, 2020 9:14 AM
To: nanog@nanog.org
Subject: Re: CGNAT Solutions
On 4/28/20 11:01 PM, Brandon Martin wrote:
> Depending on how many IPs you need to reclaim and what your
On Wed, 29 Apr 2020, Robert Blayzor wrote:
So as a happy medium of about 2048 ports per subscriber, that's roughly
a 32:1 NAT/IP over-subscription ?
Yes, around that.
--
Mikael Abrahamssonemail: swm...@swm.pp.se
Thank you everyone for the suggestions.
To clarify small ISP.
12K subscribers
35 Gigs traffic at peak.
Growing about 500 megs per month traffic.
John
On Tue, Apr 28, 2020 at 3:12 PM John Alcock wrote:
> Afternoon,
>
> I run a small ISP in Tennessee. COVID has forced a lot of people to work
On 4/29/20 10:29 AM, Mikael Abrahamsson wrote:
> There are some numbers in there for instance talking about 1024 ports
> per subscriber as a good number. In presentations I have seen over time,
> people typically talk about 512-4096 as being a good number for the bulk
> port allocation size.
So
I haven't used them, but 6-WIND is pretty proud of their CGNAT performance.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: "John Alcock"
To: nanog@nanog.org
Sent: Tuesday, April 28,
On Wed, 29 Apr 2020, Robert Blayzor wrote:
One would think a 1000 ports would be enough, but if you have a dozen
devices at home all browsing and doing various things, and with IOT,
etc, maybe not?
https://www.juniper.net/documentation/en_US/junos/topics/concept/nat-best-practices.html
How big is your ip pool for CGNAT?
On Wed, Apr 29, 2020 at 10:17 AM Robert Blayzor
wrote:
> On 4/28/20 11:01 PM, Brandon Martin wrote:
> > Depending on how many IPs you need to reclaim and what your target
> > IP:subscriber ratio is, you may be able to eliminate the need for a lot
> > of
hey,
I'm wondering if there are any real world examples of this, namely in
the realm of subscriber to IP and range of ports required, etc. ie: Is
is a range of 1000 ports enough for one residential subscriber? How
about SMB where no global IP is required.
One would think a 1000 ports would be
On Wed, Apr 29, 2020 at 1:06 AM Masataka Ohta <
mo...@necom830.hpcl.titech.ac.jp> wrote:
> Brandon Martin wrote:
>
> >> If you mean getting rid of logging, not necessarily. It is enough if
> >> CPEs are statically allocated ranges of external port numbers.
> >
> > Yes, you can get rid of the
On 4/28/20 11:01 PM, Brandon Martin wrote:
> Depending on how many IPs you need to reclaim and what your target
> IP:subscriber ratio is, you may be able to eliminate the need for a lot
> of logging by assigning a range of TCP/UDP ports to a single inside IP
> so that the TCP/UDP port number
Brandon Martin wrote:
If you mean getting rid of logging, not necessarily. It is enough if
CPEs are statically allocated ranges of external port numbers.
Yes, you can get rid of the logging by statically allocating ranges of
port numbers to a particular customer.
And, that was the original
On 4/29/20 2:35 AM, Masataka Ohta wrote:
If you mean getting rid of logging, not necessarily. It is enough if
CPEs are statically allocated ranges of external port numbers.
Yes, you can get rid of the logging by statically allocating ranges of
port numbers to a particular customer.
What I
Brandon Martin wrote:
You can't get rid of all the state tracking without also having the CPE
know which ports to use
If you mean getting rid of logging, not necessarily. It is enough if
CPEs are statically allocated ranges of external port numbers.
On 4/28/20 4:53 PM, William Herrin wrote:
How small is small? Up to a certain size regular NAT with enough
logging to trace back abusers will tend to work fine. if we're talking
single-digit gbps, it may not be worth the effort to consider the
wonderful world of CGNAT.
Depending on how many
Take a look at DANOS for CG-NAT as a free solution or Netgate's TNSR has a
CG-NAT feature https://www.tnsr.com/features
On Tue, Apr 28, 2020 at 2:57 PM JORDI PALET MARTINEZ via NANOG <
nanog@nanog.org> wrote:
> I will say it is much better to consider 464XLAT with NAT64, if the CPEs
> allow it.
I will say it is much better to consider 464XLAT with NAT64, if the CPEs allow
it.
https://datatracker.ietf.org/doc/rfc8683/
I’m right now doing a deployment for 25.000.000 customers of an ISP (GPON, DLS
and cellular mix), all the testing has been done, and all doing fine.
I’ve done
On Tue, Apr 28, 2020 at 12:12 PM John Alcock wrote:
> I run a small ISP in Tennessee. I am starting to run low on IP's and need to
> consider CGNAT.
Hi John,
How small is small? Up to a certain size regular NAT with enough
logging to trace back abusers will tend to work fine. if we're talking
Hi John, I run a small/medium ISP in Texas. A few years ago, needing to do the
same thing you are speaking of, I lab evaluated the Cisco ASR9k VSM-500 and
Juniper MX104 MS-MIC-16G… in the end I went with Juniper. No regrets, been
good and holding strong. I’ve scaled it way beyond what I
Just go with Linux and iptables. It is by far the cheapest option and it
just works.
tir. 28. apr. 2020 21.13 skrev John Alcock :
> Afternoon,
>
> I run a small ISP in Tennessee. COVID has forced a lot of people to work
> from home. I am starting to run low on IP's and need to consider CGNAT.
; 256.256.130.4:80 Drop O
1
UDP256.256.191.133:2 -> 256.256.130.4:80 Drop O
1
- Aaron
-Original Message-
From: Compton, Rich A [mailto:rich.comp...@charter.com]
Sent: Thursday, April 6, 2017 3:49 PM
To
harter.com]
Sent: Thursday, April 6, 2017 3:49 PM
To: Aaron Gould; 'Ahmed Munaf'; 'Nanog@Nanog'
Subject: Re: CGNAT
Hi Aaron, thanks for the info. I¹m curious what you or others do about
DDoS attacks to CGNAT devices. It seems that a single attack could affect
the thousands of customers that use
IPv6. Even while many web sites and apps don't support
> IPv4, enough do that it relieves some pressure on your CGN.
>
> Lee
>>
>> - Aaron
>>
>>
>> From: Michael Crapse [mailto:mich...@wi-fiber.io]
>> Sent: Tuesday, February 27, 2018 11:19 AM
>
.
Lee
- Aaron
From: Michael Crapse [mailto:mich...@wi-fiber.io]
Sent: Tuesday, February 27, 2018 11:19 AM
To: Mike Hammett
Cc: Aaron Gould; NANOG list
Subject: Re: cgnat - how do you handle customer issues
For number 2, I'm a fan of what mike suggests. I believe the technical term
On 02/27/2018 11:30 AM, Aaron Gould wrote:
Couple questions please. When you put thousands of customers behind a cgnat
boundary, how do you all handle customer complaints about the following.
1 - for external connectivity to the customers premise devices, not being
able to access web
ary 27, 2018 12:54
To: 'Michael Crapse'; 'Mike Hammett'
Cc: 'NANOG list'
Subject: RE: cgnat - how do you handle customer issues
Thanks
For #2 – what if the ports allocated aren’t enough for the amount of inet
traffic the customer site uses ? …is the customer denied service based on
insufficien
?
- Aaron
From: Michael Crapse [mailto:mich...@wi-fiber.io]
Sent: Tuesday, February 27, 2018 11:19 AM
To: Mike Hammett
Cc: Aaron Gould; NANOG list
Subject: Re: cgnat - how do you handle customer issues
For number 2, I'm a fan of what mike suggests. I believe the technical term is
MAP-T
For number 2, I'm a fan of what mike suggests. I believe the technical term
is MAP-T.
For number 1, anyone who wants one, gets one. We provide free public static
IP to any customer who asks for one. Another solution, using above solution
is to ask them which ports they need, and forward those to
I'm a fan of nailing each customer IP to a particular range of ports on a given
public IP. Real easy to track who did what and to prevent shifting IPs.
-
Mike Hammett
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
- Original Message -
From:
With a ~59% dual-stack percentage and a 8% ds-lite percentage (aka 67%
of our subscriber base has IPv6), we get around 40% of IPv6 traffic.
--
Tassos
Radu-Adrian Feurdean wrote on 10/4/2017 1:11 μμ:
> On Fri, Apr 7, 2017, at 20:03, Mikael Abrahamsson wrote:
>> On Fri, 7 Apr 2017, Max Tulyev
On Fri, Apr 7, 2017, at 20:03, Mikael Abrahamsson wrote:
> On Fri, 7 Apr 2017, Max Tulyev wrote:
>
> > BTW, does somebody check how implementing a native IPv6 decrease actual
> > load of CGNAT?
>
> Reports are that 30-50% of traffic will be IPv6 when you enable dual
> stack. This would be
A lot depends on the CGNAT features you are looking to support, some
considerations:
- Are you looking for port block allocation for bulk logging, where a given
subscriber is given a block of source TCP/UDP ports on a translated IP
address
- How many translations and session rate are you looking
Hi Aaron, thanks for the info. I¹m curious what you or others do about
DDoS attacks to CGNAT devices. It seems that a single attack could affect
the thousands of customers that use those devices. Also, do you have
issues detecting attacks vs. legitimate traffic when you have so much
traffic
I can confirm that percentage (at least with residential customer base).
All big content providers and a number of CDNs will do IPv6 by default. One
thing that will heavily affect this is the CPE equipment (which might not
have IPv6 enabled or even be capable of it).
kind regards
Pshem
On Sat,
Thanks Max, I've thought about that and tested some ipv6 (6vpe, mpls l3vpn
w/ipv6 dual stacked) in my network.
In my CGNAT testing for my 7,000 dsl customers, I've already tested the
inter-vrf route leaks that will be required for ipv6-flow-around to bypass
the IPv4 CGNAT boundary so, I have
On Fri, 7 Apr 2017, Max Tulyev wrote:
BTW, does somebody check how implementing a native IPv6 decrease actual
load of CGNAT?
Reports are that 30-50% of traffic will be IPv6 when you enable dual
stack. This would be traffic that will not traverse your CGNAT.
--
Mikael Abrahamssonemail:
BTW, does somebody check how implementing a native IPv6 decrease actual
load of CGNAT?
On 06.04.17 23:33, Aaron Gould wrote:
> Last year I evaluated Cisco ASR9006/VSM-500 and Juniper MX104/MS-MIC-16G in
> my lab.
>
> I went with MX104/MS-MIC-16G. I love it.
>
> I deployed (2) MX104's. Each
Thanks Rich, you bring up some good points. Yes it would seem that an
attack aimed at a target IP address would in-fact now have a greater surface
since that IP address is being used by many people. When we
remotely-trigger-black-hole (RTBH) route an ip address (/32 host route) into
a black hole
Last year I evaluated Cisco ASR9006/VSM-500 and Juniper MX104/MS-MIC-16G in
my lab.
I went with MX104/MS-MIC-16G. I love it.
I deployed (2) MX104's. Each MX104 has a single MX-MIC-16G card in it. I
integrated this CGNAT with MPLS L3VPN's for NAT Inside vrf and NAT outside
vrf. Both MX104's
Hello Ahmad,I am using F5 for CGNAT, right now 250K subscriber
with 28Gbps bandwidth, I will double it with the second appliance easily
soon.Its high performance and I like it.Any time Any QuestionThanks
I had given some numbers for PBA in
http://puck.nether.net/pipermail/cisco-nsp/2016-February/101908.html
--
Tassos
Adam wrote on 23/11/16 23:17:
> I'm crunching the numbers on the cost effectiveness of implementing CGN vs
> IPv4 auctions. The determining factor is how many ephemeral ports are
>
Don't try detereministic NAT, it's not worth it. You'll waste a lot of
port capacity on most users, and it might still be problematic for power
users.
Just try to match one user to one real IP, many sites/applications don't
like when there are several requests from one user with different
On Thu, Nov 24, 2016 at 7:05 PM Adam wrote:
> I'm crunching the numbers on the cost effectiveness of implementing CGN vs
> IPv4 auctions. The determining factor is how many ephemeral ports are
> reserved for each customer. This is for a residential broadband
> environment.
>
>
78 matches
Mail list logo