Hi Douglas,
There was, long time ago, something developed by ISC, but I think never completed and not updated … 464XLAT is always a solution and becomes much cheaper, than CGN from vendors, even if you need to replace the CPEs. I’m doing that now with 25.000.000 subscribers … (slowed down by the Covid-19). Regards, Jordi @jordipalet El 7/7/20 18:44, "NANOG en nombre de Douglas Fischer" <nanog-bounces+jordi.palet=consulintel...@nanog.org en nombre de fischerdoug...@gmail.com> escribió: We are looking for a CGNAT solution open source based. Yep, I know that basic CGNAT can be done with iptables / nftables, or PF / IPFILTER / IPFW. But I only know Open Source CGNAT recipes with predefined public-ports <-> private IPs mapping. What It brings two types of issues: A - The need to overprovision the number of private IPs (Considering Multiple BNGs behind the CGN). B - The inability of those basic recipes to deal with incoming auxiliary connections of p2p protocols (mostly used by games). Te market solutions that I've dealt with solves those issues beautifully. a - Bulk-Port Allocation - BPA, avoid the need overprovisioning private address that is not being used, and give us an excellent rate between public IPv4 Address vs Private IP Address. b - The support of a framework of protocols(Ex.: UPnP, PCP, EIM/EIF, NAT-PMP, etc...) ensure an acceptable quality of experience to end-users. But, the market solution brings also some down-sides... - The cost, evidently. - The need for detouring the traffic that doesn't need CGNAT(Internal CDNs, Internal Servers, etc), to stay on the license limits of those boxes, sometimes brings some issues. So, I and some friends are(for a long time) looking for an OpenSource solution that can give us something near what the market solutions give. Any of you guys ave some suggestions for that? P.S.: Yes, I know that IPv6 is the only real solution for that, but until there, our customers still want to access a lot os p2p content(mostly audio in game rooms, sip calls, and things like that.) P.S.2: Yes, I also know that 464 could be a good possibility, but is not possible in this scenario. -- Douglas Fernando Fischer Engº de Controle e Automação ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
