On Thu, Sep 23, 2021 at 3:42 AM Baldur Norddahl <baldur.norddahl@gmail.com> wrote:
tor. 23. sep. 2021 01.39 skrev Colton Conor <colton.conor@gmail.com>:
Where does this "You can only have about 200-300 subscribers per IPv4 address on a CGN." limit come from? I have seen several apartment complexes run on a single static IPv4 address using a Mikrotik with NAT.
It is our observation as the limit before you regularly run out of ports using Linux as a CGN server.
It will still work if you have more users on an IP. The users will just experience session failures at peak. Low levels of that might show up as pictures that fail to load on a web page and be ok when the user reloads. This will increase the number of support calls and the number of customers that asks to escape the CGN. Or people will live with it and just think that the Internet connection is low quality.
This sounds like very naive nat state management behavior. Ideally, you'd be able to maintain state of: original-src/dst/ports/proto -> in-interface/external ip/port/proto unless some internal/original src is double using port/proto ... you should really have the ability to nat quite a large number of things to a single ipv4 address. Of course as layers of nat get deeper you may lose some useful state :( you may be able to use tcp seq numbers or other items in the state though to overcome.