I work for a small ISP that has a Cisco ISR, and this device is limited in bandwidth to 1Gb due to it’s licensing, for the chassis. We can go to 2Gb with another license upgrade. We are looking for alternatives to this limitation by considering building our own routing device from off the shelf x86 rack mount servers similar to what we would use in our VMWare environment as hosts. We plan on using Intel 10Gb NICs with the ability to queue as I’ve read on the forums. Thankfully we already use these same Intel cards in our VMWare.
From what I’m seeing I can build routers with more over all throughput and redundancy (using VRRP) for much less than the next Cisco license (short term) or a new hardware purchase to the next level such as an ASR, and we will get what we need from commodity parts.
I do have prior Vyatta/VyOS experience from using various forms of the Ubiquiti Edgerouter line and I am comfortable with the CLI. Most of my experience though with the Edgerouter line has been in the form of standard NAT “office” type of environment and for VPN site-to-site tunnels.
I’m looking for some answers concerning how we would convert our current Cisco configuration to VyOS. Here are my specific questions so far:
- We use a mixture of public IPs (business customers) and private IPs (residential customers). Yes, the residential customers are double NAT. I am working on changing this but our upstream provider will only give us IPv6 subnets now and we are a bit of time away from being ready to implement IPv6 or to even dual stack IPv4 & 6.
On the Cisco router I have:
eth0 with a /30 to our upstream provider
eth1 with 4 smaller subnets of our /24 provided by the upstream ( /26s and a /27 I think offhand, although not specifically relevant)
eth3 with various VLAN subnets of 10.50.x.x for customer data
eth4 with various VLAN subnets for customer and network management
I need these IPs public IPs on eth1 to route to eth0’s IP, as I already have on my Cisco. I get that part. I also understand that everything is routing to that next hop on eth0.
My main concern is how do I NAT just specific subinterfaces for the residential customers? On the Cisco I just define the interfaces that are outside with “ip nat outside” ( i.e. eth0 ) and the interfaces that are inside with “ip nat inside” on the specific interfaces and public IPs from eth1 that are assigned to NAT pools with policies that define which subnets use which pool of public IPs. How would this be approached?