Too bad. I am kind of scared to not have some kind of hot standby or load sharing that will fail in a graceful manner.
From: Dennis Burgess Sent: Monday, January 15, 2018 12:28 PM To: [email protected] Subject: Re: [AFMUG] IPv4 exhaust again MT does not do stateful failover L sorry. Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: [email protected] From: Af [mailto:[email protected]] On Behalf Of Chuck McCown Sent: Monday, January 15, 2018 1:24 PM To: [email protected] Subject: Re: [AFMUG] IPv4 exhaust again I wonder if it would handle two boxes, sync them and have a nice stateful failover mechanism? From: Steve Jones Sent: Monday, January 15, 2018 12:21 PM To: [email protected] Subject: Re: [AFMUG] IPv4 exhaust again srcnat is what we use. 1800 connections right now from one section of the network On Mon, Jan 15, 2018 at 1:10 PM, Chuck McCown <[email protected]> wrote: What flavor of NAT does mikrotik implement? From: Chuck McCown Sent: Monday, January 15, 2018 12:07 PM To: [email protected] Subject: Re: [AFMUG] IPv4 exhaust again Wonder how heavy we can load that... I would want it to be able to handle 8000 connections. From: Steve Jones Sent: Monday, January 15, 2018 12:05 PM To: [email protected] Subject: Re: [AFMUG] IPv4 exhaust again ccr1072 On Mon, Jan 15, 2018 at 12:59 PM, Chuck McCown <[email protected]> wrote: What are you using? Router NAT or a server or ? From: Steve Jones Sent: Monday, January 15, 2018 11:48 AM To: [email protected] Subject: Re: [AFMUG] IPv4 exhaust again Im not going to lie, we are natting at 1:300 across a handful of publics and have little to no issue, though we really should since the customer router double NATs On Mon, Jan 15, 2018 at 12:39 PM, Chuck McCown <[email protected]> wrote: I need to have about /19 worth of customers natted to as few V4s as is needed to make it work properly. We currently have about 3 /21s I think. Don’t want to have to buy a fourth. From: Dennis Burgess Sent: Monday, January 15, 2018 11:34 AM To: [email protected] Subject: Re: [AFMUG] IPv4 exhaust again Mikrotik can do that, I have a router with 20k NAT rules natting two /21s to less than 254 ips .:) Dennis Burgess – Network Solution Engineer – Consultant MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE For Wireless Hardware/Routers visit www.linktechs.net Radio Frequency Coverages: www.towercoverage.com Office: 314-735-0270 E-Mail: [email protected] From: Af [mailto:[email protected]] On Behalf Of George Skorup Sent: Monday, January 15, 2018 12:28 PM To: [email protected] Subject: Re: [AFMUG] IPv4 exhaust again Dual-stack and CGN? You can get 8:1, 16:1 or even 32:1 out of a single public IPv4 address. Give 8 customers 8k ports each, or 16 customer 4k ports each, 32 customers 2k ports each. That's *source* ports, so they're not limited to 8k, 4k or 2k connections total. You have to look at in both directions. 10.10.10.10:1024 -> 8.8.8.8:53 and 10.10.10.10:1024 -> 8.8.4.4:53 mappings are both valid, and it obviously goes a lot deeper than that. Seems to be a whole lot easier than some crazy NAT appliance that's running the whole network. I haven't done anything like this, but I'm considering it. I think Juniper even lets you do this with a couple commands? Yeah, I'm too cheap for that. Something else to keep in mind is that most consumer grade routers still have a fairly limited connection table. My Cambium cnPilot router I have at home lets you adjust the max table size (up to 8192). Most are 2k or 4k. While even a low-end MikroTik will give you >100k. On 1/15/2018 11:35 AM, Chuck McCown wrote: Planning to buy another /21 or some such thing .... again ...... � So going to attempt to NAT the whole frigging company. � Seems like I am going in reverse here. � If we can make NAT work for most customers, then that will buy us time to build our magic V4 translator gateway box for a V6 only network.� � Any suggestions on the best way to do this?
