Community discussions

MikroTik App
 
xtornado
newbie
Topic Author
Posts: 31
Joined: Sun Mar 07, 2010 8:02 pm

CCR2216-1G-12XS-2XQ as 100G NAT device

Sat Apr 30, 2022 2:09 am

Hello

I have a specific scenario that i have do a NAT for /19 local IP adresses to public address

Situation is quite simple;

Specific Public IP will be static routed to the Mikrotik side P2P LAN and then over Mikrotik NATed to the Public IP.
(On Cisco side this VRF on LAN side cannot have public access to the Internet)

Private range scope that will be routed/NATed is size /19 and every local IP will be constantly used a 10Mbps unicast traffic (Video CDN traffic) and have two TCP connection to public IP.

First connection as registration channel, and second connection is "data channel" and will be changed every few minutes (when chunk from video CDN has downloaded) and short amount of  time every (15-20 seconds) every local IP will have maximum 5 connection on data chunk transition time)


Is it possible to CCR2216-1G-12XS-2XQ handle this situation?

Below is scenario, Option 1 and Option 2

Image

https://pasteboard.co/yC2I8pSiu9X7.jpg

Will be hardware L3-Hw-Offloading be possible on both scenarios (because bundle configuration) to handle this situation?

What is exactly meaning from mikrotik youtube video presentation on  CCR2216-1G-12XS-2XQ that is possible 4.5K Fasttrack connection, and what is 8K NAT entries?

Thank you
Best regards
 
adcre
newbie
Posts: 27
Joined: Fri Dec 10, 2021 4:18 pm

Re: CCR2216-1G-12XS-2XQ as 100G NAT device

Sun May 01, 2022 11:58 pm

Hello xtornado

Even if it is technically right I would not made 2nd aproach.

I always try to use symmetric bondings on devices that are inline to the traffic to easy know the behaviour. I also try to have a redundant topology not only having redundant components but also redundant paths.

You should consider carefully bonding method and the ports used for it:
For example following Option2, If you use etherchanel + lacp (802.3ad), as you got too few source ip addesses (you do nat before bonding) and you have a lacp of 8 ports It is possible that traffic go through only one port, so maybe you were limited to only 25gbps. With transmit-has-policy layer3-and-layer4 you can minimize it but it will not be 0.

If you got more segments on internal side maybe you can use more ports on that side using bonding with less drawbacks if you got enought source and destination combinations (will not work well for example if you got an storage array used by 8 servers for the same reason that will not work on the external side).

If it is possible for you I would suggest you to capture some traffic you usually have, to replay it on lab and see what is the best configuration for your environment.

The simplest way I see is to have two routers (to achieve redundancy) each using 100G connectors with a vrrp configuration.

Best Regards,

Diego
 
joegoldman
Forum Veteran
Forum Veteran
Posts: 766
Joined: Mon May 27, 2013 2:05 am

Re: CCR2216-1G-12XS-2XQ as 100G NAT device  [SOLVED]

Mon May 02, 2022 12:52 am

Another thing to consider is that the CCR2216 supports up to 8k NAT entries in hardware offload - where there's 8k+ IP's in a /19, and you want 2 connections per IP being 16k+ NAT entries...

... So once you have to start processing in software, it may limit your ability to reach 100gbps. This might be a situation best put to someone like a consultant or mikrotik support directly to see if you can get their more knowledgeable guys to answer if they think the box is up to this task.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 2989
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: CCR2216-1G-12XS-2XQ as 100G NAT device

Mon May 02, 2022 4:19 am

i think designing around equipment top capacity is a bad idea
 
xtornado
newbie
Topic Author
Posts: 31
Joined: Sun Mar 07, 2010 8:02 pm

Re: CCR2216-1G-12XS-2XQ as 100G NAT device

Mon May 02, 2022 2:42 pm

Hello
Thx all for replyes
I will found another solution probably vrf leaking to resolve this isue.

Best regards

Who is online

Users browsing this forum: No registered users and 17 guests