How big is your ip pool for CGNAT? On Wed, Apr 29, 2020 at 10:17 AM Robert Blayzor <rblayzor.bulk@inoc.net> wrote:
On 4/28/20 11:01 PM, Brandon Martin wrote:
Depending on how many IPs you need to reclaim and what your target IP:subscriber ratio is, you may be able to eliminate the need for a lot of logging by assigning a range of TCP/UDP ports to a single inside IP so that the TCP/UDP port number implies a specific subscriber.
You can't get rid of all the state tracking without also having the CPE know which ports to use (in which case you might as well use LW4o6 or MAP), but at least you can get it down to where you really only need to log (or block and dole out public IPs as needed) port-less protocols.
I'm wondering if there are any real world examples of this, namely in the realm of subscriber to IP and range of ports required, etc. ie: Is is a range of 1000 ports enough for one residential subscriber? How about SMB where no global IP is required.
One would think a 1000 ports would be enough, but if you have a dozen devices at home all browsing and doing various things, and with IOT, etc, maybe not?
-- inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP: https://pgp.inoc.net/rblayzor/
-- Sent from Gmail Mobile