Hello NANOG (and friends), Asking if anyone would care to share their CGNAT and NAT ratios. We're looking at some best practices and I wanted to see what the community at large has seen working, and not working. I am by no means a NAT expert, and usually I see the other end where it's clearly *not* working. Does anyone have estimating formulas for devices/users to internal blocks to public IPs? Regards, [cid:image001.png@01D74BF4.DDAC29B0]<https://www.intelsat.com/> Thomas Scott Engineer, Network Operations 2875 Fork Creek Church Road, Ellenwood, GA 30294 +1 404-381-2446 | M +1 480-241-7422 www.intelsat.com<http://www.intelsat.com/> [https://www.intelsat.com/wp-content/uploads/2020/12/INTELSAT-Logo-Horiz_4C_2...] As the foundational architects of satellite technology, Intelsat operates the largest, most advanced satellite fleet and connectivity infrastructure in the world. We apply our unparalleled expertise and global scale to reliably and seamlessly connect people, devices and networks in even the most challenging and remote locations. Transformation happens when businesses, governments and communities build a ubiquitous connected future through Intelsat's next-generation global network and simplified managed services. At Intelsat, we turn possibilities into reality. Imagine Here, with us, at Intelsat.com. For more information, visit www.intelsat.com<http://www.intelsat.com> and follow us on Facebook<https://www.facebook.com/#%21/pages/Intelsat/106822915740>, Twitter<https://twitter.com/INTELSAT> and LinkedIn<http://www.linkedin.com/company/5071?trk=vsrp_companies_res_name&trkInfo=VSRPsearchId%3A858898061376423570001%2CVSRPtargetId%3A5071%2CVSRPcmpt%3Aprimary> This email message is for the sole use of the intended recipients and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Intelsat S.A. and its subsidiaries.

I currently have about ~2750 public IP's (11 /24's) for ~53,000 broadband customers. (ftth, cable modem and dsl) I cap them at 3,000 ports using PBA, port block allocation.. Blocks of 100 at a time, and 30 blocks per subscriber. (100*30=3000) I usually see, when a private internal IP is using up the full 3,000 ports, when we look closer at the sessions, they usually look suspect, as if the end host is infected or has malware causing lots of connections I run all this though, (6) MX960's with (1) MS-MPC-128G in each chassis, and (2) MX104's with (1) MS-MIC-16G per 104. The utilization as far as I've seen, regarding memory and load on the service modules seems fine at the levels we are at. Hope that helps. -Aaron
participants (2)
Scott, Thomas