I took him to mean subscribers when he said 8000 connections.
As far as Layer4 connections we're performing NAT for, I'm not totally
sure how to tell.
If I torch the LTE PDN interface, it counts up for awhile and then
freezes.
Connection tracking is showing something like 120,000 items but that
isn't strictly stuff we're NAT'ing. Some traffic just passes through.
------ Original Message ------
From: "Steve Jones" <[email protected]>
To: [email protected]
Sent: 1/15/2018 2:21:54 PM
Subject: Re: [AFMUG] IPv4 exhaust again
srcnat is what we use. 1800 connections right now from one section of
the network
On Mon, Jan 15, 2018 at 1:10 PM, Chuck McCown <[email protected]> wrote:
What flavor of NAT does mikrotik implement?
From:Chuck McCown
Sent: Monday, January 15, 2018 12:07 PM
To:[email protected]
Subject: Re: [AFMUG] IPv4 exhaust again
Wonder how heavy we can load that... I would want it to be able to
handle 8000 connections.
From:Steve Jones
Sent: Monday, January 15, 2018 12:05 PM
To:[email protected]
Subject: Re: [AFMUG] IPv4 exhaust again
ccr1072
On Mon, Jan 15, 2018 at 12:59 PM, Chuck McCown <[email protected]>
wrote:
What are you using? Router NAT or a server or ?
From:Steve Jones
Sent: Monday, January 15, 2018 11:48 AM
To:[email protected]
Subject: Re: [AFMUG] IPv4 exhaust again
Im not going to lie, we are natting at 1:300 across a handful of
publics and have little to no issue, though we really should since
the customer router double NATs
On Mon, Jan 15, 2018 at 12:39 PM, Chuck McCown <[email protected]>
wrote:
I need to have about /19 worth of customers natted to as few V4s as
is needed to make it work properly.
We currently have about 3 /21s I think. Don’t want to have to buy a
fourth.
From:Dennis Burgess
Sent: Monday, January 15, 2018 11:34 AM
To:[email protected]
Subject: Re: [AFMUG] IPv4 exhaust again
Mikrotik can do that, I have a router with 20k NAT rules natting two
/21s to less than 254 ips .:)
Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified Trainer/Consultant
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> –
MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
For Wireless Hardware/Routers visit www.linktechs.net
Radio Frequency Coverages: www.towercoverage.com
Office: 314-735-0270 <tel:(314)%20735-0270>
E-Mail: [email protected]
From: Af [mailto:[email protected]] On Behalf Of George Skorup
Sent: Monday, January 15, 2018 12:28 PM
To:[email protected]
Subject: Re: [AFMUG] IPv4 exhaust again
Dual-stack and CGN? You can get 8:1, 16:1 or even 32:1 out of a
single public IPv4 address. Give 8 customers 8k ports each, or 16
customer 4k ports each, 32 customers 2k ports each. That's *source*
ports, so they're not limited to 8k, 4k or 2k connections total. You
have to look at in both directions. 10.10.10.10:1024 -> 8.8.8.8:53
and 10.10.10.10:1024 -> 8.8.4.4:53 mappings are both valid, and it
obviously goes a lot deeper than that.
Seems to be a whole lot easier than some crazy NAT appliance that's
running the whole network. I haven't done anything like this, but
I'm considering it. I think Juniper even lets you do this with a
couple commands? Yeah, I'm too cheap for that.
Something else to keep in mind is that most consumer grade routers
still have a fairly limited connection table. My Cambium cnPilot
router I have at home lets you adjust the max table size (up to
8192). Most are 2k or 4k. While even a low-end MikroTik will give
you >100k.
On 1/15/2018 11:35 AM, Chuck McCown wrote:
Planning to buy another /21 or some such thing .... again ......
�
So going to attempt to NAT the whole frigging company.
�
Seems like I am going in reverse here.
�
If we can make NAT work for most customers, then that will buy us
time to build our magic V4 translator gateway box for a V6 only
network.�
�
Any suggestions on the best way to do this?
