Well the "one address" bit sure :) but given the scale supported by CGNAT systems today, I don't think being able to support an entire country behind a single cluster is that far off. At which point the difficulty becomes "is the 100.64.0.0/10 block big enough"? Or maybe they're using DS-lite for the hauling from private network to the NAT.
Fred
joined 1 year ago
As @shane@feddit.nl says, you can use the same public port for many different destination address, vendors may call it something like "port overloading".
More importantly, you can install a large pool of public address on your CGNAT. For instance if you install a /20 pool, work with a 100 users / public address multiplexing, you can have 400,000 users on that CGNAT. 100 users / address is a comfortable ratio that will not affect most users. 1000 users / address would be pushing it, but I'm sure some ISP will try it.
If you search for "CGNAT datasheet" for products you can deploy today, the first couple of results:
- https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortinet-cgnat-solution.pdf Fortinet claiming 1.8 billion concurrent TCP sessions, supporting 25 million new TCP session/s
- https://www.f5.com/pdf/products/big-ip-cgnat-datasheet.pdf F5 claiming "Scales up to 310 Gbps of throughput at Layer 7 with over 480 million concurrent sessions"
- https://www.a10networks.com/wp-content/uploads/A10-DS-Thunder-CGN.pdf A10 Thunder 8665S 800 million concurrent TCP sessions
Don't forget the tech giants are all IPv6 enabled. Google Netflix Apple xhamster Facebook Microsoft are all reachable over v6.