MikroTik

I couldn't find this information anywhere on this site or elsewhere. How many private IPs can be srcnatted behind one public IP before problems start to occur? I'm assuming that when the srcnat occurs, the private ip is given the public IP and an empty port. With 65535 ports, I would think you could have quite a few privates. However, is there a best practice for this? I would be fine with a /24 subnet using one public, as we have enough publics to use. If one public would be fine for, say, 1000 customers, though, that would be nice as well. I look forward to any response!

Theoretically you can NAT unlimited number of private IPs using one public IP. because NAT does not assign fixed port for each private IP. what it does it assign one port for every connection(session) and once this session is closed the port is free to be used again for another connection.

How ever! your main concern should be how many connection your router can handle? well thats depend on the router you are using and the services that been activated. for example Mikrotik RB750 which is for SOHO use it can handle more than 400K connection

Hi,

Number of connections router can handle depends on available RAM.
RB750 can handle 32k, not 400k.
For 400k I suggest RB450G, RB493G, RB800 or RB1100.

RB750 can handle 32k, not 400k.
For 400k I suggest RB450G, RB493G, RB800 or RB1100.

ditonet is right. i was looking at RB450 when i said 400K.

That's good to know! We started with an RB450 with an RB1100 on order. Things worked great!

I tried putting in an RB1100 when it arrived. However, customers' links were getting dropped, Netflix movies would not stream, etc. All kinds of issues. With the RB450 back in place, everything worked smoothly. I'm hoping it's not a flaky RB1100, but I have to do some testing. That was my reasoning for asking about the NAT capabilities. I'll look at some other topics to see if others have had any issues with the RB1100. Hopefully it's not just programmer error!

Thanks for the replies!

Hi,

Number of connections router can handle depends on available RAM.
RB750 can handle 32k, not 400k.
For 400k I suggest RB450G, RB493G, RB800 or RB1100.

hi
you mean 400,000 by 400k?
how many active connections can support (For example RB1100?)?
Thanks

There's no generic answer to that question. In the lab you may be able to push 400,000 connections in the connection table by opening them up one by one and setting a high expiration timer so that the router is essentially idle. That's not a real world scenario. In the real world the router will not just be keeping idle connections in a table, it'll be routing packets. How much it can support is going to depend on the kind of traffic, as well as what else you're having the router do. Queuing, firewall rules, god knows what.

For 400k I suggest RB450G, RB493G, RB800 or RB1100.

It was only example how conntrack table size depends on available RAM.
As fewi wrote, router performance depends on few others factors.
IMHO in real world with 1000 customers behind NAT there will be
no more than 50,000 simultanous connections.
Assuming there is no P2P traffic.

Regards,

That's good to know! We started with an RB450 with an RB1100 on order. Things worked great!

I tried putting in an RB1100 when it arrived. However, customers' links were getting dropped, Netflix movies would not stream, etc. All kinds of issues. With the RB450 back in place, everything worked smoothly. I'm hoping it's not a flaky RB1100, but I have to do some testing. That was my reasoning for asking about the NAT capabilities. I'll look at some other topics to see if others have had any issues with the RB1100. Hopefully it's not just programmer error!

Thanks for the replies!

That's because mikrotik can't make the 1100 work right. Have a brick sitting here that constantly flops up/down on ether 11,12,13.

7 months. No fix.

Thanks for the answers
I just want to use a RB to implement VPN (PPTP & L2TP) for the foreign users to use free internet. so they will connect to the RB by VPN to use internet without filtering.
The main question is that which router is the best and how many active connections can be handled?
i use 5 ADSL connections (about 40Mbps total speed) to serve them.
1- can RB support at least 2000 Active connections? (Which RB is the best?)
2- if more active connections needed (more than 2000) can i use another RB and load balance them?

Thanks

There's no generic answer to that question. In the lab you may be able to push 400,000 connections in the connection table by opening them up one by one and setting a high expiration timer so that the router is essentially idle. That's not a real world scenario. In the real world the router will not just be keeping idle connections in a table, it'll be routing packets. How much it can support is going to depend on the kind of traffic, as well as what else you're having the router do. Queuing, firewall rules, god knows what.

Yes, this is good answer.
No one can tell me that RB450G can handle 400.000 connections (400.000 ping connection maybe...). Maybe it can, but in real world RB450G on 100Mbit link with srcnat and nothing else is on 100% all the time with CPU clocked to 800MHz and it can route 30-40Mbits. Even RB800 clocked to 1000MHz can't handle that amount of trafiic. CPU is around 70-80% but offten goues to 100 and stays there for minute or so.