> On 5 Jul 2023, at 16:11, Paul Bone <[email protected]> wrote: > I have used several different vendors with varying success, but just > wondering what people are using for CGNAT solutions and how many subscribers? > Particularly interested in scalable solutions from a few hundred subscribers > up to tens of thousands – but I suspect that may well involve hardware > upgrades to do cost effectively.
Paul, Pascal Gloor (from Init7, Switzerland) gave a talk very recently at SwiNOG about the implementation they're taking for large scale NAT for residential access. The talk doesn't address some of the challenges with IP addresses being blocklisted for spam or "monetise your bandwidth" VPNs. It could be a starting point if "iptables on Linux on commodity compute" doesn't scare you away! Presentation: https://www.swinog.ch/wp-content/uploads/2023/06/Pascal_Gloor-Init7-Easy7-opensource_CGNAT_implementation.pdf Video: https://youtu.be/aFSwhiekO3g Caveat: I wouldn't expect the quoted Gbit/sec of real-world performance, though, even with beefy boxes with SFP28 uplinks. I'm basing that on the performance of Linux's networking stack just as a boring old router, let alone tracking millions of sessions. I'd expect a decent handful of Gbit/sec of real world performance (you really want DPDK/VPP, a bit like 6WIND's commercial CGNAT product, to get Mpps per core). Kind regards, -- Marek Isalski (they/he) CTO, Faelix Limited, https://faelix.net/ Faelix Limited: Security, Networks & Software. Registered in England and Wales. Office: The Yard, 11 Bent Street, Manchester, M8 8NF. Company: 5852778. VAT: 889 441470.
