Hi, Jonas Lochmann wrote:
I tried to use a stateful source address rewriting instead. With nftables, this is easy to implement and it works if the prefix length of the uplink is longer (smaller subnet) than the internal network: Just keep the prefix and replace the bits after it with the original source address. With this, I can use local addresses in the local network and additionally provide the public address/es of one or more uplinks. I am using this in production at one location since multiple years and thus know that this works. I am interested in other approaches, experiences and feedback for this method.
Maria’s comment about BGP multihoming is correct and reasonable if you have one location/few locations and use access circuits that providers are willing to run BGP over. It doesn’t help if you are trying to arrange low-cost resilient internet access over low cost FTTx/cellular to, say, hundreds or thousands of branch offices. It’s one use-case for v4 NAT which, even this NAT denier, agrees works well. Is your solution based on any published standard, Jonas, or has it been implemented as a feature on any commercial small router? Best wishes, Andy Davidson (AJBD-RIPE)