> ## Documentation Index
> Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# CGNAT pool exhaustion: alert to expanded capacity

> NetFlow flags CGNAT port-pool exhaustion on a regional aggregator. Add pool capacity, reduce per-subscriber port budget safely, notify abuse partners about the pool changes, and document the new IP plan.

Evening peak brings the CGNAT aggregator at the Wellington POP to 98 percent port-pool utilization. The ISP needs to expand the pool, tune per-subscriber port budgets, keep the abuse-contact registrations current so spam and law-enforcement lookups still work, and document the new IP plan in NetBox.

## Systems involved

| System                                            | Role                                                |
| ------------------------------------------------- | --------------------------------------------------- |
| NetFlow / IPFIX collector                         | Port-pool utilization.                              |
| CGNAT platform (A10 / Cisco NAT44 / MikroTik NAT) | Pool configuration, per-subscriber budgets.         |
| NetBox / IPAM                                     | IP plan updates.                                    |
| Abuse-contact registries (ARIN / RIPE / APNIC)    | Update pool registrations for subpoena cooperation. |
| Splynx                                            | Subscriber counts mapped to pools.                  |
| Slack `#carrier-ops`                              | Engineering channel.                                |
| Gmail                                             | Inter-carrier abuse-contact comms.                  |
| Studio Procedures                                 | `CGNAT pool expansion` runbook.                     |

## Walkthrough

<Steps>
  <Step title="Confirm the capacity problem">
    Copilot pulls port-pool utilization from the CGNAT platform for the last 14 days. Peak hours hit 98 percent; the distribution of per-subscriber port use is long-tailed — a small number of subscribers drive most of the consumption.
  </Step>

  <Step title="Plan the expansion">
    Add a /23 of public IPv4 to the pool. Recalculate ports-per-subscriber with the new capacity and the current subscriber count. Stage a mild reduction of the per-subscriber hard cap so the long-tail subscribers are not disproportionate.
  </Step>

  <Step title="Stage the CGNAT config">
    SSH into the CGNAT platform. Copilot drafts the configuration to add the new pool range and the new per-subscriber budget, stages it in the staging panel, and shows the expected effect on pool utilization.
  </Step>

  <Step title="Announce the new /23 via BGP">
    On the edge routers, announce the new /23. Verify the advertisement appears in the looking glass and that the ISP's RPKI ROAs are updated so the prefix is valid.
  </Step>

  <Step title="Push the pool change">
    During the low-traffic window, push the CGNAT config. Monitor for session churn; most sessions continue because the new pool is additive. Only the subscriber-budget change causes a gentle re-NAT cycle.
  </Step>

  <Step title="Update IPAM">
    Update NetBox with the new /23 role, the pool ID, the ASN assignment, and the abuse contact. The IP plan artifact is regenerated and saved to the team drive.
  </Step>

  <Step title="Refresh abuse registrations">
    Through the RIR connectors, update the abuse-contact record for the new /23 so that subpoena requests and spam investigations route to the right ISP team. Draft the inter-carrier courtesy note through Gmail to major abuse partners.
  </Step>

  <Step title="Monitor and commit">
    Over the next three evenings, Copilot watches the pool utilization and flags the new peaks. Utilization settles at 71 percent with headroom for the projected next six months.
  </Step>
</Steps>

## Where Studio earns its keep

* The exhaustion problem, the expansion plan, and the BGP announcement live in one session, with the subscriber impact visible at every step.
* The RIR abuse-contact update is not a forgotten afterthought — it's in the runbook and it's actually executed.
* NetBox and the ISP's public prefix list stay synchronized without anyone remembering to email the IP coordinator.
* The runbook runs again in six months when the next /23 is needed, with the arguments already shaped.

## Related

<CardGroup cols={2}>
  <Card title="Procedures" icon="workflow" href="../../procedures" arrow="true" cta="Save it">
    `CGNAT pool expansion` with POP and prefix as arguments.
  </Card>

  <Card title="Memories and search" icon="brain" href="../../memories-and-search" arrow="true" cta="Capture quirks">
    Save CGNAT platform quirks so they're not relearned at 22:30.
  </Card>
</CardGroup>