Good point. And ARIN is still handing out IPv4 on the wait list as well.
But we went ahead and just went CGNAT across everything just to push for IPv6 and the future. Some customers complained about servers they were hosting that we didn’t know about, and some complained about some games on Xbox/Playstation not working even on IPv6. So we do rent out $5 a month static public IPv4 space now and have reversed our cash flow on that. Used to be we had 4 x /24 nets rented at about $200 a month each block or $800 a month outgoing. This month we finished our CGNAT and switched everything to our own ARIN blocks and rented out IP’s. So that $800 outgoing became something like $250 incoming, or a delta of about $1k positive cash flow going CGNAT. From: AF <af-boun...@af.afmug.com> On Behalf Of Carl Peterson Sent: Tuesday, March 2, 2021 7:16 AM To: AnimalFarm Microwave Users Group <af@af.afmug.com> Subject: Re: [AFMUG] Mikrotik Official Limitations When I looked at the long term (greater than 10 year) cost of CGNAT on Juniper vs buying more IPV4, buying more IPV4 came out ahead. Your results may vary. On Tue, Mar 2, 2021 at 7:50 AM dave <dmilho...@wletc.com<mailto:dmilho...@wletc.com>> wrote: +1 Dennis, I look at not only the hardware specs but it interface limitation as well. Having multiple 10G ports sets that model up for a good edge router not intended for nat. [cid:image001.jpg@01D70F4E.688E4920] On 3/1/21 4:22 PM, Dennis Burgess wrote: We have customers with dual 10gig bonded links running 12-15gig inbound with 1072s and full tables without issues. Note, no connecting tracking. Its more about knowing their limitations and working around those. We would simply put NAT at each tower vs at the network edge, creates better design and allows for each tower to be natted to its local IP. Just my two cents. Dennis Burgess Mikrotik : Trainer, Network Associate, Routing Engineer, Wireless Engineer, Traffic Control Engineer, Inter-Networking Engineer, Security Engineer, Enterprise Wireless Engineer Hurricane Electric: IPv6 Sage Level Cambium: ePMP Author of "Learn RouterOS- Second Edition” Link Technologies, Inc -- Mikrotik & WISP Support Services Office: 314-735-0270 Website: http://www.linktechs.net Create Wireless Coverage’s with www.towercoverage.com<http://www.towercoverage.com> How did we do today? -----Original Message----- From: AF <af-boun...@af.afmug.com><mailto:af-boun...@af.afmug.com> On Behalf Of Adam Moffett Sent: Monday, March 1, 2021 4:13 PM To: af@af.afmug.com<mailto:af@af.afmug.com> Subject: Re: [AFMUG] Mikrotik Official Limitations One thing I'll miss about Mikrotik is every router can use every feature. On 3/1/2021 3:52 PM, fiber...@mail.com<mailto:fiber...@mail.com> wrote: I guess it depends on what kind of NAT you want to do. Here's an overview of CGNAT implementation options: https://www.juniper.net/documentation/en_US/junos-space-apps/edge-serv ices-director1.0/topics/topic-map/nat-junos-cgn-implementations.html And which chassies take which cards: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/ser vices-pics-overview.html#id-multiservices-mic-and-multiservices-mpc-ms -mic-and-ms-mpc-overview You *can* get started with a MS-MIC-16G , but it doesn't have the throughput of later cards nor all the bells and whistles. - Jared Sent: Monday, March 01, 2021 at 3:31 PM From: "Adam Moffett" <dmmoff...@gmail.com><mailto:dmmoff...@gmail.com> To: af@af.afmug.com<mailto:af@af.afmug.com> Subject: Re: [AFMUG] Mikrotik Official Limitations Maybe I was misinformed. The VAR told me JunOS would only do 1:1 NAT unless you had an IP Services card, and that I had to have an MX240, 480, or 960 to use that card. On 3/1/2021 3:27 PM, fiber...@mail.com<mailto:fiber...@mail.com> wrote: If your needs are more modest, I guess you could get away with an MS-MIC-16G card in a low end MX router. The MIC can be had for less than four grand, as can an older MX router. That should be good for CGNAT needs under 9 Gbps. - Jared Sent: Monday, March 01, 2021 at 1:41 PM From: "Adam Moffett" <dmmoff...@gmail.com><mailto:dmmoff...@gmail.com> To: af@af.afmug.com<mailto:af@af.afmug.com> Subject: Re: [AFMUG] Mikrotik Official Limitations I should have said it's 5 digits on top of having a Juniper router which can accept the IP services card (eg MX240, MX480, or MX960). You'll be into 6 digits before you have the whole BOM. Maybe I should have said "Lamborghini money". Depends whether you already have the Juniper router or if you had to start from square one. I'm not saying there's anything wrong with Juniper, I'm just saying you have to bring your checkbook if you want to do CG-NAT with them. On 3/1/2021 1:06 PM, Adam Moffett wrote: It's 5 digit numbers, however you choose to label it. The good news is one box will scale to staggering amounts of traffic. On 3/1/2021 1:03 PM, Bill Prince wrote: Corvette money. Is that anything like cubic dollars? bp <part15sbs{at}gmail{dot}com> On 3/1/2021 9:51 AM, Adam Moffett wrote: CGNAT on Juniper requires an IP services card. With licensing it's like Corvette money. ....but that's kinda where we're at isn't it. On 3/1/2021 12:36 PM, Sterling Jacobson wrote: I gave up the first time they asked me to record data for them during an instance and wanted us to let it hang and collect data. I was like no, not going to do that. And then started removing 1072 connection tracking altogether from my network. For the time being I’m using 1036 for CGNAT as a transition, then will head to CHR CGNAT, then Juniper. I agree that Mikrotik just isn’t focused on the 1072 anymore and this particular issue seems beyond them to repair. Which makes the 1072 a no starter for anything conn track for us ever again. I’ve got one 2004 doing the CGNAT now, and it’s on latest Stable release. Watching to see if it bails too, or is capable of doing it for the time being. But our end game it MPLS/VPLS and/or direct switch VLAN type segmentation of layer2 into our cores where we will do all of the heavy lifting. From: AF <af-boun...@af.afmug.com><mailto:af-boun...@af.afmug.com>[mailto:af-boun...@af.afmug.com] On Behalf Of Steven Kenney Sent: Monday, March 1, 2021 9:03 AM To: af <af@af.afmug.com><mailto:af@af.afmug.com>[mailto:af@af.afmug.com] Subject: [AFMUG] Mikrotik Official Limitations Still fighting with Mikrotik about the 1072 reboots. New hardware didn't fix it, had several people check the configs all were good. After 2 months of going back and forth, escalating to a higher tier tech... I officially got a response that 1 million connections is too much for the 1072 and I should expect it to reboot and not function properly. That was their conclusion. Even though all of the 72 processors are under 50%, memory usage is only about 20% etc. Turn off connection tracking is the their solution. How about those apples? [https://imsva91-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fwww.wavedirect.net%2f&umid=716DA45E-BC81-1105-BEAE-5D4264E4CB8A&auth=079c058f437b7c6303d36c6513e5e8848d0c5ac4-428bd6b2f07c08fbddbe541bc8783eb8b160e3af] [https://www.facebook.com/ruralhighspeed] [https://www.instagram.com/wave.direct/] [https://www.linkedin.com/company/wavedirect-telecommunication/] [https://twitter.com/wavedirect1] [https://www.youtube.com/user/WaveDirect] STEVEN KENNEY DIRECTOR OF GLOBAL CONNECTIVITY & CONTINUITY A: 158 Erie St. N | Leamington ON E: st...@wavedirect.org<mailto:st...@wavedirect.org>[mailto:st...@wavedirect.org] | P: 519-737-9283 W: www.wavedirect.net<http://www.wavedirect.net>[http://www.wavedirect.net] -- AF mailing list AF@af.afmug.com<mailto:AF@af.afmug.com> http://af.afmug.com/mailman/listinfo/af_af.afmug.com[http://af.afmug .com/mailman/listinfo/af_af.afmug.com<http://af_af.afmug.com>] -- AF mailing list AF@af.afmug.com<mailto:AF@af.afmug.com> http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com<mailto:AF@af.afmug.com> http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- Carl Peterson PORT NETWORKS 401 E Pratt St, Ste 2553 Baltimore, MD 21202 (410) 637-3707
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
