Hello everyone,
I would like to ask you for advice. We need to solve a NAT server for 10 Gbit traffic.
What do you recommend?
Mikrotik on X86 or CHR?
Has anyone deployed Mikrotik CHR?
Thank´s a lot for answer.
I’d use the CHR for this task…easy to scale for growth as needed. As the CCR2xxx series matures and they release more models, I expect it will be a good choice as well.
Good question about 10-Gig NAT
I have a dozen-plus networks ( wireless and fiber ).
I offer ( at an additional charge Live IP address – no NAT )
The bulk of my customers are connected to my networks using CGN-NAT on the customer WAN networks. ( Internally , each customer network has their own NAT – so it’s a double NAT ).
Below is an example of how my networks are configured - in reverse - from a customer computer through the networks and out to the Internet.
- Customer PC/workstation ( 192.168.56.x/24 gateway to their Mikrotik NAT router LAN interface )
- Customer Mikrotik WAN is using CGN IP address ( example 100.64.a.b/21 ) which gateways to my NOC Mikrotik distribution router.
- My NOC CHR distribution router combines all remote customer 802.1q trunk networks into a single WAN uplink to my bandwidth manager ( Sonar and Mikrotik CHR )
- My Sonar/Mikrotik CHR router then passes the ( now bandwidth managed ) networks to my CGN-NAT router ( PfSense )
- My CGN-NAT router ( PfSense ) then performs outbound-NAT. ( Example - each /21 CGN network is NATted to 5-IP addresses per each CGN network ). This PfSense CGN-NAT router is a very busy server and during peak times it is CGN-NATting with a throughput of almost sustaining 3±Gig ( I expect this to be 6-Gig sustained later this year ).
*** I have considered replacing my PfSense CGN Outbound NAT router with a Mikrotik CHR.
So my question is , how well can a CHR outbound-NAT 15 different CGN networks and sustain 3-Gig to 8-Gig throughput ?
Note: Each if my 15+ CGN network has hundreds customer CGN devices connected ( the WAN on customer NAT routers ).
Note: My PfSense outbound-NAT router is processing up to half-a-million established connections and performing outbound CGN NAT at the same time.
OOO - something interesting …
Since converting all of my Residential customer accounts ( not live IP accounts ) to CGN-NAT, I discovered that the remote sustained Internet probes to my customer WANs has now gone to zero. By eliminating/preventing outside Internet probes to my thousand-plus customer wireless WAN networks, all of my WAN wireless networks have greatly improved in throughput.
I figure that changing from thousands of live IP address on thousands of wireless routers to CGN NAT has completely reduced an average of hundreds/thousands of network probes to zero - which has made all my WISP wireless networks better because my wireless networks no longer have remote unwanted network probes talking to my customer CPE devices.