Does anyone have experience with large scale NAT using Vyatta/VyOS?
I’m looking at a scenario where there are maybe 130 VLANs terminating on a 1G interface, each NATing to a unique public IP. I would guess 4-5 systems per VLAN max. Say throughput in the 300-400Mbps range, peak. Mostly HTTP traffic.
My question is whether this is sane on a single redundant router pair, given sufficiently powerful hardware . . . or if it is really best to use multiple pairs.
Hi, I think 1 box will do the job, what really matters is number of clients, eg. total new connections per second, and packets per second vs. your configuration and HW/VM performance.
You should better tune conntrackd hash / max connections limit (system conntrack) and disable unused protocols to save packet processing. Also set lower TCP timeouts.
Anyway I would reccomend to try 1 box, and see how it scales in your situation.
Thanks. I plan on making appropriate adjustments to conn tracking - it’s mostly the 100+ NAT rules I’m not sure about. Seems like potentially a lot of packet processing.
We have boxes pushing more bandwidth/PPS than we’ll see here, so that I’m not overly concerned about. I’m expecting we’ll typically have maybe 2 or 3 devices active in most VLANs, this for MDU Internet access in a 120+ unit building.