Well, yes, but that's both a pro and a con :) Here's a writeup on using DANOS to push 10+ Gbps using CGNAT on a Dell PowerEdge R230 - Quad Core Intel(R) Xeon(R) CPU E3-1240 v6 @ 3.70GHz: https://wiki.brasilpeeringforum.org/w/CGNAT_Bulk_Port_Allocation_com_DPDK
https://translate.google.com/translate?sl=auto&tl=en&u=https://wiki.brasilpeeringforum.org/w/CGNAT_Bulk_Port_Allocation_com_DPDK If going the Juniper route, keep in mind that the SRX may also be an option. - Jared > Sent: Monday, March 01, 2021 at 5:12 PM > From: "Adam Moffett" <dmmoff...@gmail.com> > To: af@af.afmug.com > Subject: Re: [AFMUG] Mikrotik Official Limitations > > One thing I'll miss about Mikrotik is every router can use every feature. > > > On 3/1/2021 3:52 PM, fiber...@mail.com wrote: > > I guess it depends on what kind of NAT you want to do. > > > > Here's an overview of CGNAT implementation options: > > https://www.juniper.net/documentation/en_US/junos-space-apps/edge-services-director1.0/topics/topic-map/nat-junos-cgn-implementations.html > > > > And which chassies take which cards: > > https://www.juniper.net/documentation/en_US/junos/topics/topic-map/services-pics-overview.html#id-multiservices-mic-and-multiservices-mpc-ms-mic-and-ms-mpc-overview > > > > You *can* get started with a MS-MIC-16G , but it doesn't have the > > throughput of later cards nor all the bells and whistles. > > > > - Jared > > > >> Sent: Monday, March 01, 2021 at 3:31 PM > >> From: "Adam Moffett" <dmmoff...@gmail.com> > >> To: af@af.afmug.com > >> Subject: Re: [AFMUG] Mikrotik Official Limitations > >> > >> Maybe I was misinformed. > >> > >> The VAR told me JunOS would only do 1:1 NAT unless you had an IP > >> Services card, and that I had to have an MX240, 480, or 960 to use that > >> card. > >> > >> > >> On 3/1/2021 3:27 PM, fiber...@mail.com wrote: > >>> If your needs are more modest, I guess you could get away with an > >>> MS-MIC-16G card in a low end MX router. The MIC can be had for less than > >>> four grand, as can an older MX router. That should be good for CGNAT > >>> needs under 9 Gbps. > >>> > >>> > >>> - Jared > >>> > >>> > >>> > >>> > >>> Sent: Monday, March 01, 2021 at 1:41 PM > >>> From: "Adam Moffett" <dmmoff...@gmail.com> > >>> To: af@af.afmug.com > >>> Subject: Re: [AFMUG] Mikrotik Official Limitations > >>> I should have said it's 5 digits on top of having a Juniper router which > >>> can accept the IP services card (eg MX240, MX480, or MX960). You'll be > >>> into 6 digits before you have the whole BOM. Maybe I should have said > >>> "Lamborghini money". Depends whether you already have the Juniper router > >>> or if you had to start from square one. > >>> I'm not saying there's anything wrong with Juniper, I'm just saying you > >>> have to bring your checkbook if you want to do CG-NAT with them. > >>> > >>> On 3/1/2021 1:06 PM, Adam Moffett wrote: > >>> It's 5 digit numbers, however you choose to label it. > >>> The good news is one box will scale to staggering amounts of traffic. > >>> > >>> > >>> On 3/1/2021 1:03 PM, Bill Prince wrote: > >>> Corvette money. Is that anything like cubic dollars? > >>> > >>> bp > >>> <part15sbs{at}gmail{dot}com> > >>> > >>> On 3/1/2021 9:51 AM, Adam Moffett wrote: > >>> CGNAT on Juniper requires an IP services card. With licensing it's like > >>> Corvette money. > >>> ....but that's kinda where we're at isn't it. > >>> > >>> > >>> On 3/1/2021 12:36 PM, Sterling Jacobson wrote: > >>> I gave up the first time they asked me to record data for them during an > >>> instance and wanted us to let it hang and collect data. > >>> > >>> I was like no, not going to do that. > >>> > >>> And then started removing 1072 connection tracking altogether from my > >>> network. > >>> > >>> For the time being I’m using 1036 for CGNAT as a transition, then will > >>> head to CHR CGNAT, then Juniper. > >>> > >>> I agree that Mikrotik just isn’t focused on the 1072 anymore and this > >>> particular issue seems beyond them to repair. > >>> > >>> Which makes the 1072 a no starter for anything conn track for us ever > >>> again. > >>> > >>> I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. > >>> Watching to see if it bails too, or is capable of doing it for the time > >>> being. > >>> > >>> But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation > >>> of layer2 into our cores where we will do all of the heavy lifting. > >>> > >>> > >>> > >>> > >>> From: AF <af-boun...@af.afmug.com>[mailto:af-boun...@af.afmug.com] On > >>> Behalf Of Steven Kenney > >>> Sent: Monday, March 1, 2021 9:03 AM > >>> To: af <af@af.afmug.com>[mailto:af@af.afmug.com] > >>> Subject: [AFMUG] Mikrotik Official Limitations > >>> > >>> > >>> Still fighting with Mikrotik about the 1072 reboots. New hardware didn't > >>> fix it, had several people check the configs all were good. After 2 > >>> months of going back and forth, escalating to a higher tier tech... I > >>> officially got a response that 1 million connections is too much for the > >>> 1072 and I should expect it to reboot and not function properly. That > >>> was their conclusion. Even though all of the 72 processors are under > >>> 50%, memory usage is only about 20% etc. Turn off connection tracking > >>> is the their solution. > >>> > >>> > >>> > >>> How about those apples? > >>> > >>> > >>> > >>> > >>> > >>> [https://www.wavedirect.net/] > >>> > >>> [https://www.facebook.com/ruralhighspeed] > >>> [https://www.instagram.com/wave.direct/] > >>> [https://www.linkedin.com/company/wavedirect-telecommunication/] > >>> [https://twitter.com/wavedirect1] > >>> [https://www.youtube.com/user/WaveDirect] > >>> STEVEN KENNEY > >>> DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | > >>> Leamington ON > >>> E: st...@wavedirect.org[mailto:st...@wavedirect.org] | P: 519-737-9283 > >>> W: www.wavedirect.net[http://www.wavedirect.net] > >>> > >>> -- AF mailing list AF@af.afmug.com > >>> http://af.afmug.com/mailman/listinfo/af_af.afmug.com[http://af.afmug.com/mailman/listinfo/af_af.afmug.com] > >>> > >> -- > >> AF mailing list > >> AF@af.afmug.com > >> http://af.afmug.com/mailman/listinfo/af_af.afmug.com > >> > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
