CGNAT has multiple flavors; some of them are compatible with OCAs, some are not. In general, Netflix advises not to use OCAs in a CGNAT context, however if this is mandatory to your organization, make sure this is mentioned in the early steps of the discussion.
Some important notes:
- RFC1918 and RFC6598 prefixes announced to OCAs are filtered and therefore cannot be used to deliver traffic to privately-addressed end users.
- OCAs cannot have their IP interface addressed with an RFC1918 or RFC6598 IP (100.64.0.0/10), even if this IP has a 1-to-1 NAT equivalent from the outside. OCAs must be assigned a publicly routable IPv4 address, as described in the router interface configuration section of the Network configuration article.
- All traffic steering serves internet routable prefixes. All CGNAT prefixes will be served from whatever internet routable prefix they are behind. If you have a CGNAT prefix that is not being served, then you likely have a misconfiguration of your CGNAT, or a routing problem inside your network. For some troubleshooting steps, see: Troubleshooting customer streaming issues