The first thing that comes to mind is to check the NAT timers. By default, TCP is 86400 seconds or 24h. Udp is usually shorter at around 300 seconds or 5 minutes. This is not a standard, but it seems to be broadly accepted in the industry. I am not sure, if UDP/443 should be left at 300 or increase a bit. Anyone? Jean P.S.: I'm not a fan of Quic. It's opening the gates to massive DDoS for Akamai and all the others CDN. Good luck -----Original Message----- From: NANOG <nanog-bounces+jean=ddostest.me@nanog.org> On Behalf Of Robert Brockway Sent: May 31, 2021 11:15 PM To: The source of all things networking <nanog@nanog.org> Subject: QUIC, Connection IDs and NAT QUIC has Connection IDs independent from IP. This was done to make it easier to move from one IP network to another while keeping connections active, as most here will know. Does the existence of Connection IDs separate from IP mean that the host/IP contention ratio in CGNAT can be higher? IE, can a single CGNAT device provide Internet access for a greater number of end-users? And if so, does this reduce demand on IPv4 resources? It's ok, I'm wearing a fire-resistant suit with self-contained breathing apparatus as I type this. Rob