On Thu, 15 May 2025, Eric C. Miller via NANOG wrote:
Has anyone else experienced a sudden increase in the past 2 weeks of blocks getting flagged as "VPN" or "Proxy?" We have some older leased space from HE and Cogent that got hammered seemingly all at once. We've started accelerating our migration to our ARIN space, but it's still odd why it's all of a sudden.
Most of the addresses are between 32:1 and 256:1 CGNAT pool IPs, and there are other 256:1 IPs that remain unaffected. Each customer behind an IP is in the same subdivision.
You're getting away with 256:1 CGNAT and not having customers run out of ports? Flagged (and presumably blocked) by who / what sorts of services/networks? Have you done anything (SWIPs, suggestive PTRs, etc.) to indicate to outsiders that the IP blocks in question are CGNAT? I know some VPN providers have utilized NAT for years, and some content providers (i.e. streaming services) have played a years long game of cat & mouse / whack-a-mole trying to block these VPNs to prevent "out of region" eyeballs from accessing content they're not supposed to be permitted to see. To their algorithms, I wouldn't be surprised if VPNs using NAT and service providers using CGNAT were indistinguishable. CGNAT is an unfortunate fact of life for many service providers in a world that's running out of v4 space but unwilling to fully (or even mostly) transition to v6...so I would hope nobody is blocking service provider CGNAT space intentionally. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Blue Stream Fiber, Sr. Neteng | therefore you are _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________