Comment by eqvinox

Comment by eqvinox 3 days ago

0 replies

View on Hacker News

That is a valid point. Though I would probably check first what the scaling limits on VRFs actually are; there was some netdev work a while back to fix scaling with 100k to 1M devices (a VRF is a device, though also a bit more than that). It's only the server ("technician") that needs to have all of these (depends on the setup if that helps or not), intermediate devices just need to forward without looking at the tags, and the VPN entry point only cares about its own subset of customers.

I'd probably use the IPv6 + NAT64 setup in your situation.