Community discussions

MikroTik App
 
VDR
just joined
Topic Author
Posts: 8
Joined: Thu Sep 30, 2010 11:56 pm

Mikrotik - 10 Gbit NAT

Sun Jan 24, 2021 5:48 pm

Hello everyone,

I would like to ask you for advice. We need to solve a NAT server for 10 Gbit traffic.

What do you recommend?

Mikrotik on X86 or CHR?

Has anyone deployed Mikrotik CHR?

Thank´s a lot for answer.
 
User avatar
StubArea51
Trainer
Trainer
Posts: 1739
Joined: Fri Aug 10, 2012 6:46 am
Location: stubarea51.net
Contact:

Re: Mikrotik - 10 Gbit NAT

Sun Jan 24, 2021 6:18 pm

I'd use the CHR for this task...easy to scale for growth as needed. As the CCR2xxx series matures and they release more models, I expect it will be a good choice as well.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Mikrotik - 10 Gbit NAT

Wed Jan 27, 2021 6:42 pm

Good question about 10-Gig NAT

I have a dozen-plus networks ( wireless and fiber ).
I offer ( at an additional charge Live IP address -- no NAT )
The bulk of my customers are connected to my networks using CGN-NAT on the customer WAN networks. ( Internally , each customer network has their own NAT -- so it's a double NAT ).

Below is an example of how my networks are configured - in reverse - from a customer computer through the networks and out to the Internet.

- Customer PC/workstation ( 192.168.56.x/24 gateway to their Mikrotik NAT router LAN interface )
- Customer Mikrotik WAN is using CGN IP address ( example 100.64.a.b/21 ) which gateways to my NOC Mikrotik distribution router.
- My NOC CHR distribution router combines all remote customer 802.1q trunk networks into a single WAN uplink to my bandwidth manager ( Sonar and Mikrotik CHR )
- My Sonar/Mikrotik CHR router then passes the ( now bandwidth managed ) networks to my CGN-NAT router ( PfSense )
- My CGN-NAT router ( PfSense ) then performs outbound-NAT. ( Example - each /21 CGN network is NATted to 5-IP addresses per each CGN network ). This PfSense CGN-NAT router is a very busy server and during peak times it is CGN-NATting with a throughput of almost sustaining 3+-Gig ( I expect this to be 6-Gig sustained later this year ).

*** I have considered replacing my PfSense CGN Outbound NAT router with a Mikrotik CHR.
So my question is , how well can a CHR outbound-NAT 15 different CGN networks and sustain 3-Gig to 8-Gig throughput ?
Note: Each if my 15+ CGN network has hundreds customer CGN devices connected ( the WAN on customer NAT routers ).
Note: My PfSense outbound-NAT router is processing up to half-a-million established connections and performing outbound CGN NAT at the same time.
Last edited by TomjNorthIdaho on Wed Jan 27, 2021 6:53 pm, edited 3 times in total.
 
User avatar
TomjNorthIdaho
Forum Guru
Forum Guru
Posts: 1492
Joined: Mon Oct 04, 2010 11:25 pm
Location: North Idaho
Contact:

Re: Mikrotik - 10 Gbit NAT

Wed Jan 27, 2021 6:43 pm

OOO - something interesting ....

Since converting all of my Residential customer accounts ( not live IP accounts ) to CGN-NAT, I discovered that the remote sustained Internet probes to my customer WANs has now gone to zero. By eliminating/preventing outside Internet probes to my thousand-plus customer wireless WAN networks, all of my WAN wireless networks have greatly improved in throughput.

I figure that changing from thousands of live IP address on thousands of wireless routers to CGN NAT has completely reduced an average of hundreds/thousands of network probes to zero - which has made all my WISP wireless networks better because my wireless networks no longer have remote unwanted network probes talking to my customer CPE devices.

Who is online

Users browsing this forum: No registered users and 10 guests