DANOS 2005 seems to support a lot of your requirements. https://danosproject.atlassian.net/wiki/spaces/DAN/pages/320634926/DANOS+2005+Release+Notes
So if you have an x86 box with supported NICS you should be able to get some decent performance from it. The major gotcha in this release is I think route-maps, prefix-lists, access-lists with BGP are broken. On Tue, Jul 7, 2020 at 9:44 AM Douglas Fischer <fischerdoug...@gmail.com> wrote: > We are looking for a CGNAT solution open source based. > > Yep, I know that basic CGNAT can be done with iptables / nftables, or PF / > IPFILTER / IPFW. > > But I only know Open Source CGNAT recipes with predefined public-ports <-> > private IPs mapping. > > What It brings two types of issues: > A - The need to overprovision the number of private IPs (Considering > Multiple BNGs behind the CGN). > B - The inability of those basic recipes to deal with incoming auxiliary > connections of p2p protocols (mostly used by games). > > Te market solutions that I've dealt with solves those issues beautifully. > a - Bulk-Port Allocation - BPA, avoid the need overprovisioning private > address that is not being used, and give us an excellent rate between > public IPv4 Address vs Private IP Address. > b - The support of a framework of protocols(Ex.: UPnP, PCP, EIM/EIF, > NAT-PMP, etc...) ensure an acceptable quality of experience to end-users. > > But, the market solution brings also some down-sides... > - The cost, evidently. > - The need for detouring the traffic that doesn't need CGNAT(Internal > CDNs, Internal Servers, etc), to stay on the license limits of those boxes, > sometimes brings some issues. > > So, I and some friends are(for a long time) looking for an OpenSource > solution that can give us something near what the market solutions give. > > Any of you guys ave some suggestions for that? > > > P.S.: Yes, I know that IPv6 is the only real solution for that, but until > there, our customers still want to access a lot os p2p content(mostly audio > in game rooms, sip calls, and things like that.) > > P.S.2: Yes, I also know that 464 could be a good possibility, but is not > possible in this scenario. > > -- > Douglas Fernando Fischer > Engº de Controle e Automação >
