Re: Sudden surge in CGNAT blacklisting

[Jon Lewis via NANOG <nanog () lists nanog org>]

On Thu, 15 May 2025, Eric C. Miller via NANOG wrote:

> Has anyone else experienced a sudden increase in the past 2 weeks of blocks getting flagged as "VPN" or "Proxy?" We have some older 
> leased space from HE and Cogent that got hammered seemingly all at once. We've started accelerating our migration to our ARIN space, but it's 
> still odd why it's all of a sudden.
>
> Most of the addresses are between 32:1 and 256:1 CGNAT pool IPs, and there are other 256:1 IPs that remain unaffected. 
> Each customer behind an IP is in the same subdivision.

You're getting away with 256:1 CGNAT and not having customers run out of 
ports?

Flagged (and presumably blocked) by who / what sorts of services/networks?

Have you done anything (SWIPs, suggestive PTRs, etc.) to indicate to 
outsiders that the IP blocks in question are CGNAT?

I know some VPN providers have utilized NAT for years, and some content 
providers (i.e. streaming services) have played a years long game of cat & 
mouse / whack-a-mole trying to block these VPNs to prevent "out of region" 
eyeballs from accessing content they're not supposed to be permitted to 
see.  To their algorithms, I wouldn't be surprised if VPNs using NAT and 
service providers using CGNAT were indistinguishable.

CGNAT is an unfortunate fact of life for many service providers in a world 
that's running out of v4 space but unwilling to fully (or even mostly) 
transition to v6...so I would hope nobody is blocking service 
provider CGNAT space intentionally.

----------------------------------------------------------------------
 Jon Lewis, MCP :)              |  I route
 Blue Stream Fiber, Sr. Neteng  |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/UOLKHF7V4ZVZBP4XV6U2W2HSCOVXQDUI/