- #Mikrotik netmap or dstnat trial
- #Mikrotik netmap or dstnat windows
OP is running mini ISP with around 200 active subscribers. Later I also used Solarwind Syslog server for small networkĬGNAT logging to remote syslog server with some customization.VM Guest#2 Ubuntu 16.4 as SYSLOG-NG for LOGS storage of Mikrotik & other devices on the network like Cisco switches / barracuda / etc.VM Guest#1 Ubuntu 18.4 with Freeradius 3.20 for AAA.
IBM Xseries 3650 M5, Xeon 8 Cores CPU x 2 / 64 GB RAM / 600GB 10k rpm SAS x 16 Disks in RAID10 mode for fast read/write access, Vmware ESXI 6.7u3 installed.In my personal experience, Deployment is somewhat hectic, & tracking any request is daunting task ! Used in this post:
#Mikrotik netmap or dstnat trial
There is a lot of trial and error on the part of ISP’s Many operators are still not familiar with CG-NAT complexities. Some super fast computing resources (including preferably RAID10 or SSD based storage) and fine tune DB would be required Tracking Logsis not an easy task particularly when you have tongs of Logging (in a DB).Logging every NAT translation is resource consuming. Tracking of users for legal reasons means searching hundreds GB’s of logging would be required, as multiple end users go behind one (or more) public IP address(es).
#Mikrotik netmap or dstnat windows
You should deploy additional SYSLOG server (either windows or linux base) to store logs. ISP deploying IP address sharing techniques should also deploy a corresponding logging architecture to maintain records of the relation between a customer’s identity and IP/port resources utilized. CGNAT is not sustainable in the long term, hectic to manage the private/public pools especially if you have multiple NASes doing same job. Some possible disadvantages of using CGNAT concept: Note: Please note that CGNAT concept is mostly for UDP/TCP and its generally not meant for other protocols. This is by no means a solution, & the OP should get public IP space (either ipv4 or ipv6) to comply with the LAW. To combat with this IPV4 exhausting issue, we can use CGNAT as a workaround. In terms of RouterOS functionality it’s simple SRC NAT rule. ĬGNAT concept is used to share one or preferably more public IP addresses with large number of private ip addresses on ratio basis.CGNAT/NAT444 is a conception, not a function. However – I do my best, learn from my mistakes and try to help others I make mistakes just like everybody else. So, please don’t hold me/my-postings to be always 100 percent correct. And, If I don’t know something then I read & learn all about it. So I am not speaking/posting about stuff I am formerly trained in, I pretty much go with experience and what I have learned on my own. When you are enslaved by private job & working as one man army, you have to perform many task in which you are not formally trained for. However I have worked with some networks and I read, research & try stuff all of the time. My humble request, Kindly donot consider me as an expert on this stuff, I am NOT certified in anything Mikrotik/Cisco/Linux or Windows. But this method is ok too to comply with the Law using little resources. Second method of NETMAP will be added later (if time will allow) which is I feel far more simple & efficient as compared to the src-nat method.
0 kommentar(er)
