The suggestions below look promising. Thank you for posting them. Stefan, you are correct in guessing that we have to overcome the limitations of a monitoring tool, actually *many* monitoring and management tools. Our monitoring system is capable of siting a data collector inside each customer's network, but we have 40+ data centers, each with hundreds of customers, so this is not always practical ... and we have other tools that need to reach in as well.
Thank you both for the suggestions. I do know a bit about namespaces and will try it. From: Jool-list <[email protected]> on behalf of Alberto Leiva via Jool-list <[email protected]> Sent: Tuesday, December 15, 2020 16:43 Not sure exactly how you're setting things up, but if your translator is an SIIT, chances are you only need one instance, and you just need to add each customer network as an entry to the Explicit Address Mappings Table: [0] Otherwise you can indeed set up multiple Jool instances and match their traffic with iptables: [1] [0] https://jool.mx/en/usr-flags-eamt.html [1] https://jool.mx/en/usr-flags-instance.html On Tue, Dec 15, 2020 at 3:11 AM Stefan Brudny via Jool-list <[email protected]> wrote: Hi, Let's focus on use case. I am guessing using ipv6 and single address space is an approach to overcome limitation of a monitoring tool. If so, I'd suggest: * use single ipv6 /48 for all customers. You are not assigning networks, so RIPE doesn't bound you this time. Your monitoring tool may assign any subnet, /96 is fine, for a customer. Jool doesn't need to be aware of that assignment, it's business side, except constructing entries in name spaces. * use network namespace for each customer translation. * stateful NAT64 could be used to embed the customer traffic in a namespace * be ready to master routing in namespaces: what is planned to connect the customers networks? Vlan, gre, openvpn, wireguard? _______________________________________________ Jool-list mailing list [email protected] https://mail-lists.nic.mx/listas/listinfo/jool-list
