DENOG12

Building your own CGN boxes with Linux
2020-11-10, 12:00–12:30, Main Stage

This talk will show how to build your own simple, cheap and scalable CGN solutions with stateful-failover with commodity servers with a decent NIC running Linux, nftables, and bird.


We were in need to introduce NAT into the network and a commercial solution would have required a 6 figure invest, so we build it ourselves for <10% of that cost.

Two Dell servers with a recent CPU, two Mellanox NICs and nftables as well as bird do the trick and make for a simple, cheap and scalable CGN box, supporting ECMP, simple draining and orchestration by your usual Linux tool chain as well as stateful-failover.

By day Maximilian Wilhelm is working as a Senior Infrastructure Architect in the central computing department of the University of Paderborn, by night he's hacking on the infrastructure of the Freifunk Hochstift network and some Open Source projects. Since the early 2000s he has a heart for Linux and Open Source, developed a weaknes for networking, IPv6 and routing a long while ago and has beed a speaker and tutor at the #Routingdays and @frosconNetTrack. Lately he got his hands dirty with ifupdown2, VXLAN, Linux VRFs, infrastructure automation with Salt Stack and "kommunistischen Frickelnetzen" and is afraid of SDNs ever since. In his spare time he likes playing piano and the organ, taking pictures of natures and cute animals, and trying to stay on the board while Windsurfing.

This speaker also holds: