CGNAT Opensource with support to BPA, EIM/EIF, UPnP-PCP
Jared Geiger
compuwizz at gmail.com
Tue Jul 7 17:59:38 UTC 2020
DANOS 2005 seems to support a lot of your requirements.
https://danosproject.atlassian.net/wiki/spaces/DAN/pages/320634926/DANOS+2005+Release+Notes
So if you have an x86 box with supported NICS you should be able to get
some decent performance from it.
The major gotcha in this release is I think route-maps, prefix-lists,
access-lists with BGP are broken.
On Tue, Jul 7, 2020 at 9:44 AM Douglas Fischer <fischerdouglas at gmail.com>
wrote:
> We are looking for a CGNAT solution open source based.
>
> Yep, I know that basic CGNAT can be done with iptables / nftables, or PF /
> IPFILTER / IPFW.
>
> But I only know Open Source CGNAT recipes with predefined public-ports <->
> private IPs mapping.
>
> What It brings two types of issues:
> A - The need to overprovision the number of private IPs (Considering
> Multiple BNGs behind the CGN).
> B - The inability of those basic recipes to deal with incoming auxiliary
> connections of p2p protocols (mostly used by games).
>
> Te market solutions that I've dealt with solves those issues beautifully.
> a - Bulk-Port Allocation - BPA, avoid the need overprovisioning private
> address that is not being used, and give us an excellent rate between
> public IPv4 Address vs Private IP Address.
> b - The support of a framework of protocols(Ex.: UPnP, PCP, EIM/EIF,
> NAT-PMP, etc...) ensure an acceptable quality of experience to end-users.
>
> But, the market solution brings also some down-sides...
> - The cost, evidently.
> - The need for detouring the traffic that doesn't need CGNAT(Internal
> CDNs, Internal Servers, etc), to stay on the license limits of those boxes,
> sometimes brings some issues.
>
> So, I and some friends are(for a long time) looking for an OpenSource
> solution that can give us something near what the market solutions give.
>
> Any of you guys ave some suggestions for that?
>
>
> P.S.: Yes, I know that IPv6 is the only real solution for that, but until
> there, our customers still want to access a lot os p2p content(mostly audio
> in game rooms, sip calls, and things like that.)
>
> P.S.2: Yes, I also know that 464 could be a good possibility, but is not
> possible in this scenario.
>
> --
> Douglas Fernando Fischer
> Engº de Controle e Automação
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200707/0b23e3c0/attachment.html>
More information about the NANOG
mailing list