CGNAT Opensource with support to BPA, EIM/EIF, UPnP-PCP
We are looking for a CGNAT solution open source based. Yep, I know that basic CGNAT can be done with iptables / nftables, or PF / IPFILTER / IPFW. But I only know Open Source CGNAT recipes with predefined public-ports <-> private IPs mapping. What It brings two types of issues: A - The need to overprovision the number of private IPs (Considering Multiple BNGs behind the CGN). B - The inability of those basic recipes to deal with incoming auxiliary connections of p2p protocols (mostly used by games). Te market solutions that I've dealt with solves those issues beautifully. a - Bulk-Port Allocation - BPA, avoid the need overprovisioning private address that is not being used, and give us an excellent rate between public IPv4 Address vs Private IP Address. b - The support of a framework of protocols(Ex.: UPnP, PCP, EIM/EIF, NAT-PMP, etc...) ensure an acceptable quality of experience to end-users. But, the market solution brings also some down-sides... - The cost, evidently. - The need for detouring the traffic that doesn't need CGNAT(Internal CDNs, Internal Servers, etc), to stay on the license limits of those boxes, sometimes brings some issues. So, I and some friends are(for a long time) looking for an OpenSource solution that can give us something near what the market solutions give. Any of you guys ave some suggestions for that? P.S.: Yes, I know that IPv6 is the only real solution for that, but until there, our customers still want to access a lot os p2p content(mostly audio in game rooms, sip calls, and things like that.) P.S.2: Yes, I also know that 464 could be a good possibility, but is not possible in this scenario. -- Douglas Fernando Fischer Engº de Controle e Automação
Hi Douglas, There was, long time ago, something developed by ISC, but I think never completed and not updated … 464XLAT is always a solution and becomes much cheaper, than CGN from vendors, even if you need to replace the CPEs. I’m doing that now with 25.000.000 subscribers … (slowed down by the Covid-19). Regards, Jordi @jordipalet El 7/7/20 18:44, "NANOG en nombre de Douglas Fischer" <nanog-bounces+jordi.palet=consulintel.es@nanog.org en nombre de fischerdouglas@gmail.com> escribió: We are looking for a CGNAT solution open source based. Yep, I know that basic CGNAT can be done with iptables / nftables, or PF / IPFILTER / IPFW. But I only know Open Source CGNAT recipes with predefined public-ports <-> private IPs mapping. What It brings two types of issues: A - The need to overprovision the number of private IPs (Considering Multiple BNGs behind the CGN). B - The inability of those basic recipes to deal with incoming auxiliary connections of p2p protocols (mostly used by games). Te market solutions that I've dealt with solves those issues beautifully. a - Bulk-Port Allocation - BPA, avoid the need overprovisioning private address that is not being used, and give us an excellent rate between public IPv4 Address vs Private IP Address. b - The support of a framework of protocols(Ex.: UPnP, PCP, EIM/EIF, NAT-PMP, etc...) ensure an acceptable quality of experience to end-users. But, the market solution brings also some down-sides... - The cost, evidently. - The need for detouring the traffic that doesn't need CGNAT(Internal CDNs, Internal Servers, etc), to stay on the license limits of those boxes, sometimes brings some issues. So, I and some friends are(for a long time) looking for an OpenSource solution that can give us something near what the market solutions give. Any of you guys ave some suggestions for that? P.S.: Yes, I know that IPv6 is the only real solution for that, but until there, our customers still want to access a lot os p2p content(mostly audio in game rooms, sip calls, and things like that.) P.S.2: Yes, I also know that 464 could be a good possibility, but is not possible in this scenario. -- Douglas Fernando Fischer Engº de Controle e Automação ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
On 8 Jul 2020, at 03:23, JORDI PALET MARTINEZ via NANOG <nanog@nanog.org> wrote:
Hi Douglas,
There was, long time ago, something developed by ISC, but I think never completed and not updated …
ISC did a DS-LITE implementation called AFTR. This can be found at: https://ftp.isc.org/isc/aftr/
464XLAT is always a solution and becomes much cheaper, than CGN from vendors, even if you need to replace the CPEs. I’m doing that now with 25.000.000 subscribers … (slowed down by the Covid-19).
Regards, Jordi
@jordipalet
El 7/7/20 18:44, "NANOG en nombre de Douglas Fischer" <nanog-bounces+jordi.palet=consulintel.es@nanog.org en nombre de fischerdouglas@gmail.com> escribió:
We are looking for a CGNAT solution open source based.
Yep, I know that basic CGNAT can be done with iptables / nftables, or PF / IPFILTER / IPFW.
But I only know Open Source CGNAT recipes with predefined public-ports <-> private IPs mapping.
What It brings two types of issues: A - The need to overprovision the number of private IPs (Considering Multiple BNGs behind the CGN). B - The inability of those basic recipes to deal with incoming auxiliary connections of p2p protocols (mostly used by games).
Te market solutions that I've dealt with solves those issues beautifully. a - Bulk-Port Allocation - BPA, avoid the need overprovisioning private address that is not being used, and give us an excellent rate between public IPv4 Address vs Private IP Address. b - The support of a framework of protocols(Ex.: UPnP, PCP, EIM/EIF, NAT-PMP, etc...) ensure an acceptable quality of experience to end-users.
But, the market solution brings also some down-sides... - The cost, evidently. - The need for detouring the traffic that doesn't need CGNAT(Internal CDNs, Internal Servers, etc), to stay on the license limits of those boxes, sometimes brings some issues.
So, I and some friends are(for a long time) looking for an OpenSource solution that can give us something near what the market solutions give.
Any of you guys ave some suggestions for that?
P.S.: Yes, I know that IPv6 is the only real solution for that, but until there, our customers still want to access a lot os p2p content(mostly audio in game rooms, sip calls, and things like that.)
P.S.2: Yes, I also know that 464 could be a good possibility, but is not possible in this scenario.
-- Douglas Fernando Fischer Engº de Controle e Automação
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On 7/Jul/20 19:23, JORDI PALET MARTINEZ via NANOG wrote:
There was, long time ago, something developed by ISC, but I think never completed and not updated …
464XLAT is always a solution and becomes much cheaper, than CGN from vendors, even if you need to replace the CPEs. I’m doing that now with 25.000.000 subscribers … (slowed down by the Covid-19).
I have to agree... as "transition" tech. goes, 464XLAT is the least intrusive solution, because as more of your customers acquire IPv6, the demands you put on your 464XLAT systems reduce, naturally. It also means you don't have to carry out yet-another transition to get the full IPv6 experience. Mark.
DANOS 2005 seems to support a lot of your requirements. https://danosproject.atlassian.net/wiki/spaces/DAN/pages/320634926/DANOS+200... So if you have an x86 box with supported NICS you should be able to get some decent performance from it. The major gotcha in this release is I think route-maps, prefix-lists, access-lists with BGP are broken. On Tue, Jul 7, 2020 at 9:44 AM Douglas Fischer <fischerdouglas@gmail.com> wrote:
We are looking for a CGNAT solution open source based.
Yep, I know that basic CGNAT can be done with iptables / nftables, or PF / IPFILTER / IPFW.
But I only know Open Source CGNAT recipes with predefined public-ports <-> private IPs mapping.
What It brings two types of issues: A - The need to overprovision the number of private IPs (Considering Multiple BNGs behind the CGN). B - The inability of those basic recipes to deal with incoming auxiliary connections of p2p protocols (mostly used by games).
Te market solutions that I've dealt with solves those issues beautifully. a - Bulk-Port Allocation - BPA, avoid the need overprovisioning private address that is not being used, and give us an excellent rate between public IPv4 Address vs Private IP Address. b - The support of a framework of protocols(Ex.: UPnP, PCP, EIM/EIF, NAT-PMP, etc...) ensure an acceptable quality of experience to end-users.
But, the market solution brings also some down-sides... - The cost, evidently. - The need for detouring the traffic that doesn't need CGNAT(Internal CDNs, Internal Servers, etc), to stay on the license limits of those boxes, sometimes brings some issues.
So, I and some friends are(for a long time) looking for an OpenSource solution that can give us something near what the market solutions give.
Any of you guys ave some suggestions for that?
P.S.: Yes, I know that IPv6 is the only real solution for that, but until there, our customers still want to access a lot os p2p content(mostly audio in game rooms, sip calls, and things like that.)
P.S.2: Yes, I also know that 464 could be a good possibility, but is not possible in this scenario.
-- Douglas Fernando Fischer Engº de Controle e Automação
As someone who has spent quite a long time building CGNAT solutions I have some good news for you, there is an easy solution to your below point that works exceptionally well. The solution is dual stack IPv6, its trivial to route your IPv6 to bypass the CGNAT device you are using and pretty much all of the major CDN providers are fully IPv6 enabled. In the real world this halves the amount of traffic your CGNAT solution has to process. Gaming companies (Not Sony!!!!) are also starting to support V6 so that can be a win too. I’m not one of those V6 is the solution to everything engineers as I live in the real world, but in this case it absolutely is a good workable answer. - The need for detouring the traffic that doesn't need CGNAT(Internal CDNs, Internal Servers, etc), to stay on the license limits of those boxes, sometimes brings some issues.
participants (6)
-
Douglas Fischer -
Jared Geiger -
JORDI PALET MARTINEZ -
Mark Andrews -
Mark Tinka -
Tony Wicks