Does MT have something larger?
I would need two for redundancy. I presume use policy based routing sending
all the 10.x.x.x source IP traffic to one of the two NAT boxes that will be set
up for load sharing. Core would send everything else to the edge.
Details details, I let the router experts sweat that stuff.
From: Adam Moffett
Sent: Monday, January 15, 2018 12:17 PM
To: af@afmug.com ; af@afmug.com
Subject: Re: [AFMUG] IPv4 exhaust again
the 1072 has 72 cores. We have a 1036 (36 core) doing NAT for over a thousand
LTE+Wimax customers. CPU usage is like 30%. The "firewall" and "networking"
processes account for most of the usage.
We could extrapolate that to say a 1072 could maybe 4,000 with 60% CPU
usage.....just a guess obviously. There's nothing to say it would scale
linearly.
------ Original Message ------
From: "Chuck McCown" <ch...@wbmfg.com>
To: af@afmug.com
Sent: 1/15/2018 2:07:39 PM
Subject: Re: [AFMUG] IPv4 exhaust again
Wonder how heavy we can load that... I would want it to be able to handle
8000 connections.
From: Steve Jones
Sent: Monday, January 15, 2018 12:05 PM
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 exhaust again
ccr1072
On Mon, Jan 15, 2018 at 12:59 PM, Chuck McCown <ch...@wbmfg.com> wrote:
What are you using? Router NAT or a server or ?
From: Steve Jones
Sent: Monday, January 15, 2018 11:48 AM
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 exhaust again
Im not going to lie, we are natting at 1:300 across a handful of publics
and have little to no issue, though we really should since the customer router
double NATs
On Mon, Jan 15, 2018 at 12:39 PM, Chuck McCown <ch...@wbmfg.com> wrote:
I need to have about /19 worth of customers natted to as few V4s as is
needed to make it work properly.
We currently have about 3 /21s I think. Don’t want to have to buy a
fourth.
From: Dennis Burgess
Sent: Monday, January 15, 2018 11:34 AM
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 exhaust again
Mikrotik can do that, I have a router with 20k NAT rules natting two /21s
to less than 254 ips .:)
Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE,
MTCINE
For Wireless Hardware/Routers visit www.linktechs.net
Radio Frequency Coverages: www.towercoverage.com
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net
From: Af [mailto:af-boun...@afmug.com] On Behalf Of George Skorup
Sent: Monday, January 15, 2018 12:28 PM
To: af@afmug.com
Subject: Re: [AFMUG] IPv4 exhaust again
Dual-stack and CGN? You can get 8:1, 16:1 or even 32:1 out of a single
public IPv4 address. Give 8 customers 8k ports each, or 16 customer 4k ports
each, 32 customers 2k ports each. That's *source* ports, so they're not limited
to 8k, 4k or 2k connections total. You have to look at in both directions.
10.10.10.10:1024 -> 8.8.8.8:53 and 10.10.10.10:1024 -> 8.8.4.4:53 mappings are
both valid, and it obviously goes a lot deeper than that.
Seems to be a whole lot easier than some crazy NAT appliance that's
running the whole network. I haven't done anything like this, but I'm
considering it. I think Juniper even lets you do this with a couple commands?
Yeah, I'm too cheap for that.
Something else to keep in mind is that most consumer grade routers still
have a fairly limited connection table. My Cambium cnPilot router I have at
home lets you adjust the max table size (up to 8192). Most are 2k or 4k. While
even a low-end MikroTik will give you >100k.
On 1/15/2018 11:35 AM, Chuck McCown wrote:
Planning to buy another /21 or some such thing .... again ......
�
So going to attempt to NAT the whole frigging company.
�
Seems like I am going in reverse here.
�
If we can make NAT work for most customers, then that will buy us time
to build our magic V4 translator gateway box for a V6 only network.�
�
Any suggestions on the best way to do this?
