Re: Sudden surge in CGNAT blacklisting

[Brandon Martin via NANOG <nanog () lists nanog org>]

On 5/16/25 17:30, Tim Burke via NANOG wrote:
> Trying to do hacky things with CGNAT to save a buck is, IMHO, inexcusable, especially when lots of FTTP operators are 
> now overbuilding legacy ILECs/cablecos with fiber that is typically being promoted as “superior in every way”.

If customers were willing to pay for it, they'd be more likely to get 
it. Unfortunately, getting a customer to pay more than what the 
incumbent LEC/MSO charges for legacy DSL/DOCSIS service is tough, and 
the only part of the equation that a new greenfield fiber carrier can 
compete on is speed since it's effectively unlimited for them.

I've taken to putting residential customers behind statically-mapped 
16:1 or 32:1 CGNAT444 (with native, hardware-forwarded IPv6) by default 
and then just moving them to 1:1 public space upon request or for any 
form of repeated trouble calls that seem like they may be related to NAT 
in one way or another.  That drastically cuts down the number of 
addresses necessary while keeping almost everybody (including customer 
support on my end) reasonably happy.

I'm trying very hard to get IPv4aaS-over-IPv6 usable so that I can make 
things even simpler and more transparent for my users.  Sadly this has 
not taken off nearly as quickly as I would have liked aside from 464XLAT 
which really doesn't solve the problem I care to solve (in fact, it 
arguably makes it worse).

I've also sadly still seen far too often CPEs and public Internet 
endpoints neglecting IPv6 to the extent that it performs noticeably 
worse than IPv4 even when the observed AS-paths are identical.  This 
definitely does not help matters as it tends to drive end users to 
disable that native IPv6 that I do provide.
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/YUCYNO5MK2ZEOJTDX34XXAPJRROYKQK2/