El 7/7/20 18:44, "NANOG en nombre de Douglas Fischer" <nanog-bounces+jordi.palet=consulintel.es@nanog.org en nombre de fischerdouglas@gmail.com> escribió:

We are looking for a CGNAT solution open source based.

Yep, I know that basic CGNAT can be done with iptables / nftables, or PF / IPFILTER / IPFW.

But I only know Open Source CGNAT recipes with predefined public-ports <-> private IPs mapping.

What It brings two types of issues:
A - The need to overprovision the number of private IPs (Considering Multiple BNGs behind the CGN).
B - The inability of those basic recipes to deal with incoming auxiliary connections of p2p protocols (mostly used by games).

Te market solutions that I've dealt with solves those issues beautifully.
a - Bulk-Port Allocation - BPA, avoid the need overprovisioning private address that is not being used, and give us an excellent rate between public IPv4 Address vs Private IP Address.
b - The support of a framework of protocols(Ex.: UPnP, PCP, EIM/EIF, NAT-PMP, etc...) ensure an acceptable quality of experience to end-users.

But, the market solution brings also some down-sides...
- The cost, evidently.
- The need for detouring the traffic that doesn't need CGNAT(Internal CDNs, Internal Servers, etc), to stay on the license limits of those boxes, sometimes brings some issues.

So, I and some friends are(for a long time) looking for an OpenSource solution that can give us something near what the market solutions give.

Any of you guys ave some suggestions for that?


P.S.: Yes, I know that IPv6 is the only real solution for that, but until there, our customers still want to access a lot os p2p content(mostly audio in game rooms, sip calls, and things like that.)

P.S.2: Yes, I also know that 464 could be a good possibility, but is not possible in this scenario.

Douglas Fernando Fischer
Engº de Controle e Automação