Over time I have noticed that our functionality around public IPs has gotten more and more complex and as a result, may be a little difficult to understand the design intent.  In this article I will explain the expected use case when these features were implemented.

There are a couple of scaffolds that will be brought together.

Step one in the ability to allow account holders to use public IP addresses is adding the additional public IP addresses to the rXg.  This can be done by browsing to Network >> WAN.  

In this example the additional addresses we will be adding fall within the currently defined WAN subnet.  As a result we can use the existing defined uplink.

If the addresses are in consecutive order and the lowest addess is already defined in the Network Address scaffold, adding additional public IPs is as simple as changing one value.

Currently the rXg is using 24.240.254.4/28 as the primary IP.  If I want to add .5, .6, etc., I can adjust the Span setting to a higher number.  For example, setting SPAN to 2 will configure both 24.240.254.4 and 24.240.254.5 on the WAN interface.

If the addresses are non-sequential, I can add a separate block that falls within the same subnet.

This is what the config looks like if you run ifconfig vmx0 from console.

For the next step we will browse to Network >> NAT >> Dynamic BiNAT Pools.  This is where we will define a pool of IP addresses that will be used for accounts.

We will need to make two entries since the IP addresses are not in consecutive order.

At the very bottom of the above screen shot you will see the first pool I defined only has one IP address and has been associated to the Business policy.

Once I hit create, the second pool will be added.

If you want to see a summary of your NAT configuration and how the addresses will be used, you can navigate to Instruments >> NAT Assignments.

Under the NAT Assignments table you will see all of the current NAT assignments.  The key thing to notice here is that all of the current devices are NATing out the primary IP address.  This is because all of the other IP addresses have been reserved for the BiNAT pools.  If those pools did not exist, they would have automatically been distributed using carrier grade NAT.

The NAT Pool Stats table shows only one usable IP address for NAT, again because the others are reserved.  The assigned value indicates how many private addresses are being NAT’d.  The Avg per IP indicates about how many private addresses are being NAT’d through one public IP.  Next you will see stats on your BiNAT pools such as total number of available address, amount currently assigned, and total number remaining for assignment.

In the BiNAT Pool Stats you will see the same breakdown by individual pool that we created.

The key takeaway here is that we have assigned four public IP addresses to the rXg.  One is being used for the general population of devices and three are reserved for individual account usage.

Now that we have created the BiNAT pools, we can configure an account to use one of the addresses.  I am going to be doing this as a system administrator, but this can also be configured to allow account holders to upgrade their usage plan to include a public IP address.

Step 1 will be to allow the account to have a public IP address by setting Max dedicated IPs to a value greater than 1.  In our case we will use two.  Also note that my account is using the Business policy which is the same policy that we selected when using the BiNAT pools earlier.  If my account was using a different policy, I would not be assigned a static IP

If I bounce back over to NAT Assignments, I can see that one address from the pool has now been used.  All of the devices in my account will now share the assigned public address instead of using cgNAT and sharing the primary address for the rXg.

At this point, the public address that was assigned is dynamic.  If all of my devices leave the account at the same time, that address will be returned to the pool and could be assigned to a different account.  If you want to make the the address static for the account, you can tick the Dedicated IPs are static option.

After updating the account, I can browse back to Network >> NAT >> Static IPs and see that the scaffold has been updated with the new static IP records.

Now that I have multiple static IP addresses for my account, I can go back to my account record and edit which devices use which IPs.
 

I can confirm this is happening by browsing back to Instrument >> NAT Assignments.

Finally, If I want one of these addresses to be bidirectional, I can tick the box at the end of the device scaffold row called BiNAT.  This will enable inbound access to this device as well as outbound.