Skip to main content
Evening peak brings the CGNAT aggregator at the Wellington POP to 98 percent port-pool utilization. The ISP needs to expand the pool, tune per-subscriber port budgets, keep the abuse-contact registrations current so spam and law-enforcement lookups still work, and document the new IP plan in NetBox.

Systems involved

SystemRole
NetFlow / IPFIX collectorPort-pool utilization.
CGNAT platform (A10 / Cisco NAT44 / MikroTik NAT)Pool configuration, per-subscriber budgets.
NetBox / IPAMIP plan updates.
Abuse-contact registries (ARIN / RIPE / APNIC)Update pool registrations for subpoena cooperation.
SplynxSubscriber counts mapped to pools.
Slack #carrier-opsEngineering channel.
GmailInter-carrier abuse-contact comms.
Studio ProceduresCGNAT pool expansion runbook.

Walkthrough

1

Confirm the capacity problem

Copilot pulls port-pool utilization from the CGNAT platform for the last 14 days. Peak hours hit 98 percent; the distribution of per-subscriber port use is long-tailed — a small number of subscribers drive most of the consumption.
2

Plan the expansion

Add a /23 of public IPv4 to the pool. Recalculate ports-per-subscriber with the new capacity and the current subscriber count. Stage a mild reduction of the per-subscriber hard cap so the long-tail subscribers are not disproportionate.
3

Stage the CGNAT config

SSH into the CGNAT platform. Copilot drafts the configuration to add the new pool range and the new per-subscriber budget, stages it in the staging panel, and shows the expected effect on pool utilization.
4

Announce the new /23 via BGP

On the edge routers, announce the new /23. Verify the advertisement appears in the looking glass and that the ISP’s RPKI ROAs are updated so the prefix is valid.
5

Push the pool change

During the low-traffic window, push the CGNAT config. Monitor for session churn; most sessions continue because the new pool is additive. Only the subscriber-budget change causes a gentle re-NAT cycle.
6

Update IPAM

Update NetBox with the new /23 role, the pool ID, the ASN assignment, and the abuse contact. The IP plan artifact is regenerated and saved to the team drive.
7

Refresh abuse registrations

Through the RIR connectors, update the abuse-contact record for the new /23 so that subpoena requests and spam investigations route to the right ISP team. Draft the inter-carrier courtesy note through Gmail to major abuse partners.
8

Monitor and commit

Over the next three evenings, Copilot watches the pool utilization and flags the new peaks. Utilization settles at 71 percent with headroom for the projected next six months.

Where Studio earns its keep

  • The exhaustion problem, the expansion plan, and the BGP announcement live in one session, with the subscriber impact visible at every step.
  • The RIR abuse-contact update is not a forgotten afterthought — it’s in the runbook and it’s actually executed.
  • NetBox and the ISP’s public prefix list stay synchronized without anyone remembering to email the IP coordinator.
  • The runbook runs again in six months when the next /23 is needed, with the arguments already shaped.

Procedures

CGNAT pool expansion with POP and prefix as arguments.

Memories and search

Save CGNAT platform quirks so they’re not relearned at 22:30.