[q3k]

There's one big issue with CGNAT for ISPs: compliance.

At least in Poland, you must provide law enforcement with information about your subscriber for any given 5-tuple at a given time (timestamp, {src,dest}{ip,port} and protocol). If you're CGNATing everyone, you have to either:

- log all outgoing connections (which is a GDPR hazard)

- design your CGNAT to use static outgoing ports for a given customer (but then you're running out of ports pretty fast, if you're doing anything close to >=500 subscribers)

With IPv6, you can just immediately tell who the subscriber is based on the IP address, and as such don't have to log anything.

[ec109685]

If you need consistent ports, you could assign many internal IP’s to the NAT to support more ports for your NAT.

[Mathnerd314]

Does the GPDR override the data retention law? I was reading some stuff about VPNs which suggested it might.

[q3k]

No. The GDPR explicitly doesn't concern matters of lawful interception, intelligence, police and justice.

[trollied]

Crikey, the amount of storage required to keep that will be insane. What's the retention period?

[q3k]

One year but not a day more (data protection laws).