Our upstreams route some public IPv4 addresses for us (1 /28 + 1 /29) and we have been using all of them for SRCNAT Internet traffic as well as some of them assigned to some servers, routers and customers for inbound connectivity.
It works and you can use Internet even being NATted to an address that's assigned to something else, but I wonder if there may be issues or if there are already some that we just have failed to found related to this practice.
I can think on something like both NAT and server/customer eventually using same source port for their own connections and response data from remote end getting lost due to wrongly receiving by NAT router or server/customer. Does Linux's connection tracking (we're NATting on MikroTik routers) help somehow NAT to not use a source port it saw in use for a connection just routed for that same IP address?
If happening, source port conflicts tends to get more possible as we get more customers and after deploying CGNAT. I also don't like leaving scarse public IPv4 reserved and unused, neither would want the headache changing CGNAT everytime we need to free up some address for another usage. That's why I am asking advices on this and because it seems to be an interesting thing to deeply understand better :)
Don't mind, we are already getting our own ASN, /22 IPv4 and /32 IPv6, but there will still be CGNAT.
No comments:
Post a Comment