I guess it depends on what kind of NAT you want to do. Here's an overview of CGNAT implementation options: https://www.juniper.net/documentation/en_US/junos-space-apps/edge-services-director1.0/topics/topic-map/nat-junos-cgn-implementations.html
And which chassies take which cards: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/services-pics-overview.html#id-multiservices-mic-and-multiservices-mpc-ms-mic-and-ms-mpc-overview You *can* get started with a MS-MIC-16G , but it doesn't have the throughput of later cards nor all the bells and whistles. - Jared > Sent: Monday, March 01, 2021 at 3:31 PM > From: "Adam Moffett" <dmmoff...@gmail.com> > To: af@af.afmug.com > Subject: Re: [AFMUG] Mikrotik Official Limitations > > Maybe I was misinformed. > > The VAR told me JunOS would only do 1:1 NAT unless you had an IP > Services card, and that I had to have an MX240, 480, or 960 to use that > card. > > > On 3/1/2021 3:27 PM, fiber...@mail.com wrote: > > If your needs are more modest, I guess you could get away with an > > MS-MIC-16G card in a low end MX router. The MIC can be had for less than > > four grand, as can an older MX router. That should be good for CGNAT needs > > under 9 Gbps. > > > > > > - Jared > > > > > > > > > > Sent: Monday, March 01, 2021 at 1:41 PM > > From: "Adam Moffett" <dmmoff...@gmail.com> > > To: af@af.afmug.com > > Subject: Re: [AFMUG] Mikrotik Official Limitations > > I should have said it's 5 digits on top of having a Juniper router which > > can accept the IP services card (eg MX240, MX480, or MX960). You'll be > > into 6 digits before you have the whole BOM. Maybe I should have said > > "Lamborghini money". Depends whether you already have the Juniper router > > or if you had to start from square one. > > I'm not saying there's anything wrong with Juniper, I'm just saying you > > have to bring your checkbook if you want to do CG-NAT with them. > > > > On 3/1/2021 1:06 PM, Adam Moffett wrote: > > It's 5 digit numbers, however you choose to label it. > > The good news is one box will scale to staggering amounts of traffic. > > > > > > On 3/1/2021 1:03 PM, Bill Prince wrote: > > Corvette money. Is that anything like cubic dollars? > > > > bp > > <part15sbs{at}gmail{dot}com> > > > > On 3/1/2021 9:51 AM, Adam Moffett wrote: > > CGNAT on Juniper requires an IP services card. With licensing it's like > > Corvette money. > > ....but that's kinda where we're at isn't it. > > > > > > On 3/1/2021 12:36 PM, Sterling Jacobson wrote: > > I gave up the first time they asked me to record data for them during an > > instance and wanted us to let it hang and collect data. > > > > I was like no, not going to do that. > > > > And then started removing 1072 connection tracking altogether from my > > network. > > > > For the time being I’m using 1036 for CGNAT as a transition, then will head > > to CHR CGNAT, then Juniper. > > > > I agree that Mikrotik just isn’t focused on the 1072 anymore and this > > particular issue seems beyond them to repair. > > > > Which makes the 1072 a no starter for anything conn track for us ever again. > > > > I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. > > Watching to see if it bails too, or is capable of doing it for the time > > being. > > > > But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation > > of layer2 into our cores where we will do all of the heavy lifting. > > > > > > > > > > From: AF <af-boun...@af.afmug.com>[mailto:af-boun...@af.afmug.com] On > > Behalf Of Steven Kenney > > Sent: Monday, March 1, 2021 9:03 AM > > To: af <af@af.afmug.com>[mailto:af@af.afmug.com] > > Subject: [AFMUG] Mikrotik Official Limitations > > > > > > Still fighting with Mikrotik about the 1072 reboots. New hardware didn't > > fix it, had several people check the configs all were good. After 2 months > > of going back and forth, escalating to a higher tier tech... I officially > > got a response that 1 million connections is too much for the 1072 and I > > should expect it to reboot and not function properly. That was their > > conclusion. Even though all of the 72 processors are under 50%, memory > > usage is only about 20% etc. Turn off connection tracking is the their > > solution. > > > > > > > > How about those apples? > > > > > > > > > > > > [https://www.wavedirect.net/] > > > > [https://www.facebook.com/ruralhighspeed] > > [https://www.instagram.com/wave.direct/] > > [https://www.linkedin.com/company/wavedirect-telecommunication/] > > [https://twitter.com/wavedirect1] [https://www.youtube.com/user/WaveDirect] > > STEVEN KENNEY > > DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington > > ON > > E: st...@wavedirect.org[mailto:st...@wavedirect.org] | P: 519-737-9283 > > W: www.wavedirect.net[http://www.wavedirect.net] > > > > -- AF mailing list AF@af.afmug.com > > http://af.afmug.com/mailman/listinfo/af_af.afmug.com[http://af.afmug.com/mailman/listinfo/af_af.afmug.com] > > > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > -- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
