On Thu, Sep 23, 2021 at 3:42 AM Baldur Norddahl <baldur.nordd...@gmail.com> wrote:
> > > tor. 23. sep. 2021 01.39 skrev Colton Conor <colton.co...@gmail.com>: > >> Where does this "You can only have about 200-300 subscribers per IPv4 >> address on a CGN." limit come from? I have seen several apartment >> complexes run on a single static IPv4 address using a Mikrotik with >> NAT. >> > > It is our observation as the limit before you regularly run out of ports > using Linux as a CGN server. > > It will still work if you have more users on an IP. The users will just > experience session failures at peak. Low levels of that might show up as > pictures that fail to load on a web page and be ok when the user reloads. > This will increase the number of support calls and the number of customers > that asks to escape the CGN. Or people will live with it and just think > that the Internet connection is low quality. > > This sounds like very naive nat state management behavior. Ideally, you'd be able to maintain state of: original-src/dst/ports/proto -> in-interface/external ip/port/proto unless some internal/original src is double using port/proto ... you should really have the ability to nat quite a large number of things to a single ipv4 address. Of course as layers of nat get deeper you may lose some useful state :( you may be able to use tcp seq numbers or other items in the state though to overcome.
