I've been reviwing some of the threads related to CGNAT support for the MX platform and I was wondering if anyone has implemented CGNAT on the MX10003 platform. So far, things that I have read are related to the MX480/MX960 platform which include the MultiService cards. Currently don't see an MS card available for the MX10003 which has me wondering if this is supported.
We are considering deploying a pair of MX10003 at the edge and I was considering consolidating our exisiting CGNAT appliance into the MX10003 if this can be accomplished. Current the appliance we are using is doing NAT44,NAT64,DNS64. Total number of users is roughly the equivalent of a /19 with about 2.5Gbps of traffic associated to CGNAT. From a future growth, I can see maybe adding another /21 of customers addresses to this.
As previously stated the MX10003 cannot do CGNAT - only inline 1-1 static NAT.
With that amount of CGNAT traffic, the pricing of an integrated CGNAT solution based on MX480/960 with MS-MPCs does not make sense compared to eg. a cluster of SRX4100 or SRX4200 firewalls doing CGNAT.
An MS-MPC is more than twice the list price of a SRX4100 gateway capable of doing 20G of IMIX traffic and hold 5 million concurrent sessions - and you can later via a license upgrade your SRX4100 to SRX4200 if needed providing roughly twice the throughput and scale without new hardware.
...and you can of course still stick with your current CGNAT solution :-)
I hope you can use this input for your evaluation.
-- Best regards,
Jonas Hauge Jensen Systems Engineer, SEC DATACOM A/S (Denmark)