another router has a little over 7k established customer nat connections right now, not sure what our radio and infrastructure count is. running 2% cpu load with ospf and bgp. If I look at any other tcp state the number just keeps going up
On Mon, Jan 15, 2018 at 1:25 PM, Mathew Howard <[email protected]> wrote: > You can't get x86 Miktorik boxes that are will handle more. I think > Linktechs and Balticnetworks both sell some decent ones (not built by > Mikrotik, but they use hardware that's well tested with routerOS). > > On Mon, Jan 15, 2018 at 1:20 PM, Chuck McCown <[email protected]> wrote: > >> Does MT have something larger? >> >> I would need two for redundancy. I presume use policy based routing >> sending all the 10.x.x.x source IP traffic to one of the two NAT boxes that >> will be set up for load sharing. Core would send everything else to the >> edge. >> >> Details details, I let the router experts sweat that stuff. >> >> *From:* Adam Moffett >> *Sent:* Monday, January 15, 2018 12:17 PM >> *To:* [email protected] ; [email protected] >> *Subject:* Re: [AFMUG] IPv4 exhaust again >> >> the 1072 has 72 cores. We have a 1036 (36 core) doing NAT for over a >> thousand LTE+Wimax customers. CPU usage is like 30%. The "firewall" and >> "networking" processes account for most of the usage. >> >> We could extrapolate that to say a 1072 could maybe 4,000 with 60% CPU >> usage.....just a guess obviously. There's nothing to say it would scale >> linearly. >> >> >> >> ------ Original Message ------ >> From: "Chuck McCown" <[email protected]> >> To: [email protected] >> Sent: 1/15/2018 2:07:39 PM >> Subject: Re: [AFMUG] IPv4 exhaust again >> >> >> Wonder how heavy we can load that... I would want it to be able to handle >> 8000 connections. >> >> *From:* Steve Jones >> *Sent:* Monday, January 15, 2018 12:05 PM >> *To:* [email protected] >> *Subject:* Re: [AFMUG] IPv4 exhaust again >> >> ccr1072 >> >> On Mon, Jan 15, 2018 at 12:59 PM, Chuck McCown <[email protected]> wrote: >> >>> What are you using? Router NAT or a server or ? >>> >>> *From:* Steve Jones >>> *Sent:* Monday, January 15, 2018 11:48 AM >>> *To:* [email protected] >>> *Subject:* Re: [AFMUG] IPv4 exhaust again >>> >>> Im not going to lie, we are natting at 1:300 across a handful of publics >>> and have little to no issue, though we really should since the customer >>> router double NATs >>> >>> On Mon, Jan 15, 2018 at 12:39 PM, Chuck McCown <[email protected]> wrote: >>> >>>> I need to have about /19 worth of customers natted to as few V4s as is >>>> needed to make it work properly. >>>> >>>> We currently have about 3 /21s I think. Don’t want to have to buy a >>>> fourth. >>>> >>>> *From:* Dennis Burgess >>>> *Sent:* Monday, January 15, 2018 11:34 AM >>>> *To:* [email protected] >>>> *Subject:* Re: [AFMUG] IPv4 exhaust again >>>> >>>> >>>> Mikrotik can do that, I have a router with 20k NAT rules natting two >>>> /21s to less than 254 ips .:) >>>> >>>> >>>> >>>> >>>> >>>> *Dennis Burgess** –** Network Solution Engineer – Consultant * >>>> >>>> MikroTik Certified Trainer/Consultant >>>> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – >>>> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE >>>> >>>> >>>> >>>> For Wireless Hardware/Routers visit www.linktechs.net >>>> >>>> Radio Frequency Coverages: www.towercoverage.com >>>> >>>> Office: 314-735-0270 <(314)%20735-0270> >>>> >>>> E-Mail: [email protected] >>>> >>>> >>>> >>>> *From:* Af [mailto:[email protected]] *On Behalf Of *George Skorup >>>> *Sent:* Monday, January 15, 2018 12:28 PM >>>> *To:* [email protected] >>>> *Subject:* Re: [AFMUG] IPv4 exhaust again >>>> >>>> >>>> >>>> Dual-stack and CGN? You can get 8:1, 16:1 or even 32:1 out of a single >>>> public IPv4 address. Give 8 customers 8k ports each, or 16 customer 4k >>>> ports each, 32 customers 2k ports each. That's *source* ports, so they're >>>> not limited to 8k, 4k or 2k connections total. You have to look at in both >>>> directions. 10.10.10.10:1024 -> 8.8.8.8:53 and 10.10.10.10:1024 -> >>>> 8.8.4.4:53 mappings are both valid, and it obviously goes a lot deeper >>>> than that. >>>> >>>> Seems to be a whole lot easier than some crazy NAT appliance that's >>>> running the whole network. I haven't done anything like this, but I'm >>>> considering it. I think Juniper even lets you do this with a couple >>>> commands? Yeah, I'm too cheap for that. >>>> >>>> Something else to keep in mind is that most consumer grade routers >>>> still have a fairly limited connection table. My Cambium cnPilot router I >>>> have at home lets you adjust the max table size (up to 8192). Most are 2k >>>> or 4k. While even a low-end MikroTik will give you >100k. >>>> >>>> On 1/15/2018 11:35 AM, Chuck McCown wrote: >>>> >>>> Planning to buy another /21 or some such thing .... again ...... >>>> >>>> � >>>> >>>> So going to attempt to NAT the whole frigging company. >>>> >>>> � >>>> >>>> Seems like I am going in reverse here. >>>> >>>> � >>>> >>>> If we can make NAT work for most customers, then that will buy us time >>>> to build our magic V4 translator gateway box for a V6 only network.� >>>> >>>> � >>>> >>>> Any suggestions on the best way to do this? >>>> >>>> >>>> >>> >>> >> >> >> >
