Cheap LSN/CGN/NAT444 Solution

Mon Jun 30 06:37:41 UTC 2014

On 6/30/2014 1:59 AM, Skeeve Stevens wrote:
> Hi all,
>
> I am sure this is something that a reasonable number of people would have
> done on this list.
>
> I am after a LSN/CGN/NAT444 solution to put about 1000 Residential profile
> NBN speeds (fastest 100/40) services behind.
>
> I am looking at a Cisco ASR1001/2, pfSense and am willing to consider other
> options, including open source.... Obviously the cheaper the better.

Total PPS or bandwidth is the number you need rather than number of 
customers.  Assuming 1Gbps aggregation then almost anything will work 
for your requirements and support NAT.  Obviously if you have a large 
number of 100Mbps customers then 1Gbps wouldn't cut it for aggregation.

Based on your looking at the ASR I would guess you're somewhere around 
1Gbps, maybe 2Gbps.  If you're closer to 1Gbps and want to stay with a 
1RU solution then I would advise checking out the ASA5512 which is much 
cheaper than an ASR.

If you want to go ultra cheap but scalable to 4Gbps you could use a 
Cisco 6500/sup2/FWSM (all used.. probably totals less than $1000USD, but 
I don't know how much it is in Australia).  That would let you replace 
parts later to move to SUP720/ASASM for around 16Gbps throughput.

FWIW, I doubt you'll find a NAT platform with no IPv6 support, so you 
can start your IPv6 work now if need be.  Older stuff like the FWSM 
won't support things like DS-Lite though, so if you plan to go v6-only 
in your backbone then that's something to think about.

>
> This solution is for v4 only, and needs to consider the profile of the
> typical residential users.  Any pitfalls would be helpful to know - as in
> what will and and more importantly wont work - or any work-arounds which
> may work.
>
> This solution is not designed to be long lasting (maybe 6-9 months)... it
> is to get the solution going for up to 1000 users, and once it reaches that
> point then funds will be freed up to roll out a more robust, carrier-grade
> and long term solution (which will include v6). So no criticism on not
> doing v6 straight up please.
Be wary if someone thinks this is going to last 6-9 months.  That's less 
than a funding cycle for a company and longer than an outage. That means 
the boss is pulling the number out of his ass and it could last anywhere 
from 30 days to 10 years depending on any number of factors.

>
> Happy for feedback off-list of any solutions that people have found work
> well...
>
> Note, I am in Australia so any vendors which aren't easily accessible down
> here, won't be useful.
>
>
> ...Skeeve
>
> *Skeeve Stevens - *eintellego Networks Pty Ltd
> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>
> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>
> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
> linkedin.com/in/skeeve
>
> experts360: https://expert360.com/profile/d54a9
>
> twitter.com/theispguy ; blog: www.theispguy.com
>
>
> The Experts Who The Experts Call
> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>