Re: [AFMUG] IPv4 exhaust again

[Dave]

We have a PowerV4 router from linktechs and it rocks for our edge not 
doing a lot with a 10G circuit and most of the network
 I really like its flexibility and Horsepower.

On 01/15/2018 02:50 PM, Chuck McCown wrote:
Yes, we have 6000 now and are adding about 1000 each year.
*From:* Mathew Howard
*Sent:* Monday, January 15, 2018 1:47 PM
*To:* af
*Subject:* Re: [AFMUG] IPv4 exhaust again
I'm pretty sure he did mean 8000 subscribers... I would want one of 
the i7 x86 boxes for that kind of load, but I'd imagine that would 
handle it without any problems.
On Mon, Jan 15, 2018 at 2:35 PM, Adam Moffett <dmmoff...@gmail.com> wrote:

    I took him to mean subscribers when he said 8000 connections.
    As far as Layer4 connections we're performing NAT for, I'm not
    totally sure how to tell.
    If I torch the LTE PDN interface, it counts up for awhile and then
    freezes.
    Connection tracking is showing something like 120,000 items but
    that isn't strictly stuff we're NAT'ing.  Some traffic just passes
    through.
    ------ Original Message ------
    From: "Steve Jones" <thatoneguyst...@gmail.com>
    To: af@afmug.com
    Sent: 1/15/2018 2:21:54 PM
    Subject: Re: [AFMUG] IPv4 exhaust again
    srcnat is what we use. 1800 connections right now from one
    section of the network
    On Mon, Jan 15, 2018 at 1:10 PM, Chuck McCown <ch...@wbmfg.com>
    wrote:

        What flavor of NAT does mikrotik implement?
        *From:* Chuck McCown
        *Sent:* Monday, January 15, 2018 12:07 PM
        *To:* af@afmug.com
        *Subject:* Re: [AFMUG] IPv4 exhaust again
        Wonder how heavy we can load that... I would want it to be
        able to handle 8000 connections.
        *From:* Steve Jones
        *Sent:* Monday, January 15, 2018 12:05 PM
        *To:* af@afmug.com
        *Subject:* Re: [AFMUG] IPv4 exhaust again
        ccr1072
        On Mon, Jan 15, 2018 at 12:59 PM, Chuck McCown
        <ch...@wbmfg.com> wrote:

            What are you using? Router NAT or a server or ?
            *From:* Steve Jones
            *Sent:* Monday, January 15, 2018 11:48 AM
            *To:* af@afmug.com
            *Subject:* Re: [AFMUG] IPv4 exhaust again
            Im not going to lie, we are natting at 1:300 across a
            handful of publics and have little to no issue, though we
            really should since the customer router double NATs
            On Mon, Jan 15, 2018 at 12:39 PM, Chuck McCown
            <ch...@wbmfg.com> wrote:

                I need to have about /19 worth of customers natted to
                as few V4s as is needed to make it work properly.
                We currently have about 3 /21s I think.  Don’t want
                to have to buy a fourth.
                *From:* Dennis Burgess
                *Sent:* Monday, January 15, 2018 11:34 AM
                *To:* af@afmug.com
                *Subject:* Re: [AFMUG] IPv4 exhaust again

                Mikrotik can do that, I have a router with 20k NAT
                rules natting two /21s to less than 254 ips .:)

                */_Dennis Burgess_/**–**Network Solution Engineer –
                Consultant ***

                MikroTik Certified Trainer/Consultant
                
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
                – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

                For Wireless Hardware/Routers visit www.linktechs.net
                <http://www.linktechs.net/>

                Radio Frequency Coverages: www.towercoverage.com
                <http://www.towercoverage.com/>

                Office: 314-735-0270 <tel:%28314%29%20735-0270>

                E-Mail: dmburg...@linktechs.net

                *From:*Af [mailto:af-boun...@afmug.com] *On Behalf Of
                *George Skorup
                *Sent:* Monday, January 15, 2018 12:28 PM
                *To:* af@afmug.com
                *Subject:* Re: [AFMUG] IPv4 exhaust again

                Dual-stack and CGN? You can get 8:1, 16:1 or even
                32:1 out of a single public IPv4 address. Give 8
                customers 8k ports each, or 16 customer 4k ports
                each, 32 customers 2k ports each. That's *source*
                ports, so they're not limited to 8k, 4k or 2k
                connections total. You have to look at in both
                directions. 10.10.10.10:1024
                <http://10.10.10.10:1024> -> 8.8.8.8:53
                <http://8.8.8.8:53> and 10.10.10.10:1024
                <http://10.10.10.10:1024> -> 8.8.4.4:53
                <http://8.8.4.4:53> mappings are both valid, and it
                obviously goes a lot deeper than that.

                Seems to be a whole lot easier than some crazy NAT
                appliance that's running the whole network. I haven't
                done anything like this, but I'm considering it. I
                think Juniper even lets you do this with a couple
                commands? Yeah, I'm too cheap for that.

                Something else to keep in mind is that most consumer
                grade routers still have a fairly limited connection
                table. My Cambium cnPilot router I have at home lets
                you adjust the max table size (up to 8192). Most are
                2k or 4k. While even a low-end MikroTik will give you
                >100k.

                On 1/15/2018 11:35 AM, Chuck McCown wrote:

                    Planning to buy another /21 or some such thing
                    .... again ......

                    �

                    So going to attempt to NAT the whole frigging
                    company.

                    �

                    Seems like I am going in reverse here.

                    �

                    If we can make NAT work for most customers, then
                    that will buy us time to build our magic V4
                    translator gateway box for a V6 only network.�

                    �

                    Any suggestions on the best way to do this?


--