CGNAT Opensource with support to BPA, EIM/EIF, UPnP-PCP

Tue Jul 7 16:42:04 UTC 2020

We are looking for a CGNAT solution open source based.

Yep, I know that basic CGNAT can be done with iptables / nftables, or PF /
IPFILTER / IPFW.

But I only know Open Source CGNAT recipes with predefined public-ports <->
private IPs mapping.

What It brings two types of issues:
A - The need to overprovision the number of private IPs (Considering
Multiple BNGs behind the CGN).
B - The inability of those basic recipes to deal with incoming auxiliary
connections of p2p protocols (mostly used by games).

Te market solutions that I've dealt with solves those issues beautifully.
a - Bulk-Port Allocation - BPA, avoid the need overprovisioning private
address that is not being used, and give us an excellent rate between
public IPv4 Address vs Private IP Address.
b - The support of a framework of protocols(Ex.: UPnP, PCP, EIM/EIF,
NAT-PMP, etc...) ensure an acceptable quality of experience to end-users.

But, the market solution brings also some down-sides...
- The cost, evidently.
- The need for detouring the traffic that doesn't need CGNAT(Internal CDNs,
Internal Servers, etc), to stay on the license limits of those boxes,
sometimes brings some issues.

So, I and some friends are(for a long time) looking for an OpenSource
solution that can give us something near what the market solutions give.

Any of you guys ave some suggestions for that?

P.S.: Yes, I know that IPv6 is the only real solution for that, but until
there, our customers still want to access a lot os p2p content(mostly audio
in game rooms, sip calls, and things like that.)

P.S.2: Yes, I also know that 464 could be a good possibility, but is not
possible in this scenario.

-- 
Douglas Fernando Fischer
Engº de Controle e Automação
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200707/e88fff1d/attachment.html>