@nail2k wrote:
Thank you for your answer. It helps me a lot. Nevertheless, I need a clarification.
Let assume I have a topology similar to the one from www.juniper.net/us/en/local/pdf/implementation-guides/8010076-en.pdf page 5 (figure 2). All the flows are aggregated to one interface. So according to the limits from the previous post, I can handle only 1200*8 (each rule services 8 users) users when using interface service style set (if only one service set can be referenced under an interface configuration).
Using interface-style service-sets, more than 1 service-set can be referenced under logical interface.I have personally seen 12 interface-style service-sets referenced under same logical interface with different service-filters and it's all working fine.
Each MSDPC has 2 NPUs. Assuming interface-style service-sets, You have to direct traffic into NPUs based on private source IP, and in opposite direction matching on public NAT pool IP - You cannot reuse same service-set containing same public NAT pool on different NPUs anyway.
You have to construct very specific service-filters to properly direct traffic into different service-sets.
Nexthop-style service-sets require VR/VRFs to work with NAT (one VR/VRF per service-set) - I personally prefer interface-style since it's less time-consuming to configure.
However, if you have internet inside VRF, NH-style may be a better choice.
If you need each public NAT pool IP to be used exactly by 8 private users, and you do care which private IP uses which pool (which is a valid requirement e.g as substitute for NAT logging), then indeed you have to configure 12,500 terms and 12,500 pools. However, if you only require statistically-multiplexed 8:1 private-IP-to-public-IP ratio, then 1 big NAT pool with round-robin address-allocation and 1 service-set with 2 service-filters (1 in each direction) should be fine.
Lastly, the numbers I gave in my previous post are those I personally tested and witnessed in the lab with Spirent and IXIA traffic generators. JUNOS 10.4R2 and 10.4R4.
Rgds
Alex