| ▲ | eqvinox 2 hours ago | |||||||
They clearly haven't talked to a telco or network device vendor, they would've sold them a VRF/EVPN/L3VPN based solution… for a whole bunch of money :) You can DIY that these days though, plain Linux software stack, with optional hardware offload on some specific things and devices. Basically, you have a traffic distinguisher (VXLAN tunnel, MPLS label, SRv6, heck even GRE tunnel), keep a whole bunch of VRFs (man ip-vrf) around, and have your end services (server side) bind into appropriate VRFs as needed. Also, yeah, with IPv6 you wouldn't have this problem. Regardless of whether it's GUAs or ULAs. Also-also, you can do IPv6 on the server side until the NAT (which is in the same place as in the article), and have that NAT be a NAT64 with distinct IPv6 prefixes for each customer. | ||||||||
| ▲ | pcarroll 16 minutes ago | parent | next [-] | |||||||
I like to think this is what we did. It's a simple Linux software stack - Linux, nftables, WireGuard, Go... But the goal was also to make it automatic and easy to use. It's not for my Mom. But you don't need a CCNP either. The trick is in the automation and not the stack itself. | ||||||||
| ▲ | yardstick an hour ago | parent | prev [-] | |||||||
The problem with talking to a telco, is you have to talk with not just one but any your customer may use. And if at the customer location there’s multiple routers in between the cameras and that telco router, it’s a shitshow trying to configure anything. Much easier to drop some router on site that is telco neutral and connect back to your telco neutral dc/hq. | ||||||||
| ||||||||