![[NANOG] Re: CGNAT growing pains](/storage/media/uploads/article/10871/main/68021bb65ca31-nanog-img.png)
nanog mailing list archives
From: Jon Lewis via NANOG <nanog () lists nanog org>
Date: Thu, 17 Apr 2025 16:50:43 -0400 (EDT)
On Thu, 10 Oct 2024, Andrew Peterson via NANOG wrote:
From what I've seen, rolling out dual-stack will take about 40% of your traffic to native v6. YMMV of course.
More like 10% here.
With respect to the port usage, I've seen some CGN solutions that pre-allocate a block of ports per inside IP, but allow overflow, so they will allocate additional blocks of ports as needed. That seems to be a good balance because you don't burn a ton of ports for lighter users, and the logging requirements are pretty minimal since a log only gets generated when an additional block is allocated. It does mean that one user's traffic could be popping out of two different public IPs.
Juniper does support overflow, but IIRC, in a later release than we're currently running, and the overflow requires a separate dedicated overflow pool. We already had to move from a single pool to seven to solve the IP
Geo problem "one big pool" had caused. Configuring overflow pools without
breaking IP Geo [again] would mean doubling the number of pools (one
overflow pool for each regional pool). While not technically un-doable,
it's not something I want to add to our config...not to mention, it means
"stealing" some IP/port resources from the existing pools or adding
additional IPs. As you mention, I also have unanswered questions about
how well it plays, if at all, with address pooling paired.
Theoretically, it could still work, since Junos will let you configure the
overflow pool using the same IPs as the main pool, splitting the IPs
between pools by each pool using different port ranges.
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Blue Stream Fiber, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ _______________________________________________NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/ZEMTXMKNC6LXENWFAZX7FM3WDWY2YXMU/
Current thread:
- [NANOG] Re: CGNAT growing pains Jon Lewis via NANOG (Apr 17)
- <Possible follow-ups>
- [NANOG] Re: CGNAT growing pains Jon Lewis via NANOG (Apr 17)
Related Articles
Stay Informed
Get the best articles every day for FREE. Cancel anytime.