FTTC router capable of multiple WAN IPs

Hi all,

I'm looking to move to a FTTC connection, and I'm trying to figure out what routers might actually be suitable for my purposes. Basically, I'm looking for a router that can manage to handle a small subnet on the WAN side - bridged or NAT (in the true sense) is fine for me. So far, all the routers I've looked at seem to skip over the possibility of having more than one IP on the WAN side. I've spent some time trying to read manuals for various different devices, but with little joy.

Can anyone suggest any devices that can handle this situation?

to make sure I'm awake, you want a router where the single WAN port has multiple IP addresses ?

and this router will be the one doing the PPPoE session ?

perhaps worth asking what you are looking to achieve in overall terms.

Edited by yarwell (Sat 30-Nov-13 12:57:16)

In reply to a post by GrahamM242:

Can anyone suggest any devices that can handle this situation?

I assume you're using an ISP such as Zen or AAISP who can supply you a routed block of IP addresses over a connection, as very few ISPs can handle routed blocks on domestic connections (ADSL or VDSL/Fibre).

If so the traditional answer has been look at Draytek or Billion kit.

Thanks for the questions - I could have been clearer!
Yes, I'm looking for a device that can do multiple IP addresses on a single WAN port, and the router would be the one doing the PPPoE session. Basically I've got a routed IP block, and several different services exposed to the outside (IPSec VPN, email etc).

I'm happy to do either NAT between internal and external, or routed IPs.

I've noted that some people indicate that PPPoE causes more of an overhead on the router - is this much of an issue for modern devices?

In reply to a post by GrahamM242:

I've noted that some people indicate that PPPoE causes more of an overhead on the router - is this much of an issue for modern devices?

It all seems to depend on the WAN speed. If you have 300megabit FTTP then yes, its an issue - there was a thread on that topic in the FTTC forum in the summer - may routers didn't have enough CPU to handle PPPoE without slowing down the 300megabit to 120 or so. Since then ASUS routers now claim to have hardware acceleration for PPPoE and no idea if that helps. (The BT HomeHub 3 did handle it okay, but its a very basic PPPoE or oA box with NAT).

However if you're on FTTC then you're unlikely to get a problem with the modern kit. Not all ISPs use PPPoE either, but probably all the ones selling routed IP blocks.

One to ask the ISP perhaps?

It'd be nice to have FTTP, but I don't see that happening any time soon! Currently I'm with Zen, so I presume they're going to be using PPPoE. I can check that one out. Thanks for the pointers so far!

Do you happen to know if Billion provide online manuals for their devices? I was looking at a couple of their devices earlier, and sadly I couldn't anything more than a brochure for them.

Wouldn't this be the same situation as ADSL where the ISP supplies a block of IPs all coming to the single ADSL WAN port? Then using NAT Address Mapping to separate them?

In reply to a post by GrahamM242:

Yes, I'm looking for a device that can do multiple IP addresses on a single WAN port, and the router would be the one doing the PPPoE session. Basically I've got a routed IP block, and several different services exposed to the outside (IPSec VPN, email etc).

Ok, so the multiple public IPs will be on servers on the LAN side and the router will have a single WAN side public IP via PPPoE.

Several routers can handle this, sometimes called Multi-NAT. As described at http://www.tp-link.us/article/?id=383 (which happens to be an ADSL router).

If that's what you're after we'll see who pops up with experience, I don't have FTTC.

In reply to a post by yarwell:

Ok, so the multiple public IPs will be on servers on the LAN side and the router will have a single WAN side public IP via PPPoE.

Several routers can handle this, sometimes called Multi-NAT.

Methinks that would not be NAT of any flavour as no network address is being translated. It sounds like a routed subnet to me and is generally the configuration I run for all my connections with a real world IP address from the external interface available on an internal interface of the router. Internal servers then each have their own real world IP address from the same subnet as the router.

Please note this is not how BT supplies static routed blocks over xDSL.

On FTTC I use a Cisco 887VA for this configuration (without Openreach modem).

In reply to a post by caffn8me:

Methinks that would not be NAT of any flavour as no network address is being translated.


It is called Multinat by some vendors, as it does NAT at the same time as the routed subnet IPs being used on the LAN side.

Yes, the subnet is delivered to the router over the WAN side. I'm not particularly worried if it's NAT (in the literal sense of NAT!) or externally routable addresses.

I get slightly frustrated that vendors continue to provide what they call "NAT", when they mean PAT. Then, when they do want to provide NAT, they then have to call it something else! So, for me, NAT = one to one relationship. PAT = many to one relationship. It has been a long time (>8 years) since I did much in the way of network design commercially, but I don't see that much has really changed.

So from my perspective, multiNAT just seems to be NAT.

It must be a term coined by marketing people, not techies who actually understand networking. It's not defined in any RFC.

I don't think the ability to run routed subnets and NAT simultaneously is a particularly difficult or unusual requirement.

Edited by caffn8me (Mon 02-Dec-13 13:56:32)

In reply to a post by GrahamM242:

So from my perspective, multiNAT just seems to be NAT.

Indeed. There's nothing 'multi' about it.

In reply to a post by GrahamM242:

So from my perspective, multiNAT just seems to be NAT.

In the vernacular NAT is "only" NAT whereas "Multi NAT" or the like is NAT with routed external IPs.

I mentioned it (probably regret it to be honest) to help locate kit with the appropriate features, rather than low end stuff that will only NAT from a group of private addresses via a single WAN.

It's helpful - don't get me wrong! Knowing the marketing terms for features is good, even if technicality they're the wrong terms - otherwise I'd have no clue what I was looking for. It's good to know what devices are capable of NAT and PAT at the same time.

In reply to a post by XRaySpeX:

Wouldn't this be the same situation as ADSL where the ISP supplies a block of IPs all coming to the single ADSL WAN port? Then using NAT Address Mapping to separate them?

Kinda but not quite right terminology. There's no NAT involved in this solution, the ISP sticks a single IP address on the WAN side and routes the subnet through it. The single IP is usually one of the range but doesn't have to be.

The point of having a subnet is that everything is routed, no NAT needed

In reply to a post by yarwell:

In the vernacular NAT is "only" NAT whereas "Multi NAT" or the like is NAT with routed external IPs.

I reckon that term goes back to the original 512k start of ADSL with BT openworld and their business products. BT always had a strange way of handling computer network stuff.

In reply to a post by yarwell:

we'll see who pops up with experience, I don't have FTTC.

I'm using pfSense 2.1 as a router with Zen FTTC and a /28 block. If you are interested in this approach, the choice of hardware depends on what you want to do - basic PPP/router/firewall functionality will run on much more modest hardware than if you use traffic shaping, IDS (i.e. Snort) and VPN endpoint functionality.

In reply to a post by jchamier:

In reply to a post by GrahamM242:

If so the traditional answer has been look at Draytek or Billion kit.

I found a manual for a BiPAC 7800VDP(O)X, which suggests it's more than capable of dealing with my requirements. It even looks like it might act as an endpoint for my IPv6 tunnel, which could be handy to have a single firewall dealing with v4 and v6.

In reply to a post by David_W:

In reply to a post by yarwell:

we'll see who pops up with experience, I don't have FTTC.

I'm using pfSense 2.1 as a router with Zen FTTC and a /28 block.

pfSense looks interesting, although hardware wise I'd prefer to go for low power consumption. I'm presuming that as it's FreeBSD, it's limited to x86 architecture? That said, I'm not sure I'd want to mess around trying to get it onto an ARM board or similar.

At the moment pfSense is limited to i386 and amd64 platforms - though there are some low power single board computers using these architectures.

The ARM port of FreeBSD is getting significantly more mature over time. FreeBSD 10, which is shortly to launch, has official support for Raspberry Pi (unfortunately a poor platform for a router - the Ethernet interface is a USB device). The next release of pfSense is likely to jump from being FreeBSD 8.3 based to FreeBSD 10 based.

If you're after something to connect to the BT supplied modem then I _think_ a routerboard might fit the bill ( e.g. http://routerboard.com/RB750UP)

RouterBoards look interesting, although I'm slightly wary of having to work out exactly what board offers what.

Back around 2004 when i had a block of 8 IPs from Zen i had common machines NATted to a single IP from that block, but certain machines (such as servers) NATted one-to-one to different IPs.

This was done on a Linksys WRT54GL running the Tomato firmware and was extremely simple to set up IIRC.

There are routers that ship with this functionality (i had a Draytek 2820vn that i did it on, but never again. Worst router i've ever owned) but, IMO, rather than spend lots of money on a business-class router you're better off getting one that will take a third-party opensource firmware.

Anything that will run Tomato or OpenWRT can be configured to do what you want.

As for speed, any decently specced recently released router will be able to max out even an 80Mbps PPPoE connection. A few months ago i benchmarked the TP-Link WDR4900 with OpenWRT firmware and was able to hit 340Mbps over PPPoE, although if i had a connection of that speed i'd probably build a pfSense box.

I ended up picking up a WDR4900. It is fast enough for the connection, but I do note that running a speed test from a host on the network takes around 45-48% of the router's CPU servicing interrupts, suggesting it would probably max out around 160Mbit/sec mark. That workload includes NAT as well as PPPoE.