Ah, forgive me. I miscounted the 255 in the netmask. So yeah, that's significantly better than what I assumed.
In this sort of network I personally would think some sort of automatic address assignment would be essential. Aside from that, 254 maximum peers per endpoint isn't bad
per se, but I would start grouping specific games onto specific subnets and figure out some way to automatically change depending on the game being played.
Networking is hard. Really hard. Hard to do, even harder to do in a clean and elegant manner.
I dont have a second switch to collect wire traffic from ninty's servers from, but the solution people really want is more like pvpgn, and less like a big vpn. (that is to say, emulates match making and pals, by emulating a ninty server)
Don't get me wrong, this is a neat feature, but not what the kids are really looking for. We do have the tools to realtime debug switch titles on the switch, so we can in fact see what the games are looking for in terms of response messages. We can spy on the messages themselves with things like wireshark.
It would be a pain in the ass, but I can see nothing technologically preventing a full nintendo server emulation except effort and difficulty. (needs a special skillset, and concerted interest.) Even the unique ID thing is not really important, as our server could just ignore it and approve immediately (that's what pvpgn does). (however, if nintendo uses it to encrypt traffic, that might be a buzz kill.)
opening up a full private network with untrusted peers like this solution does is not really sensible nor safe. It's one player with a network worm infected computer away from getting everyone in the virtual network infected. (switch consoles would be fine, most likely--- but we are talking the OTHER things in your network.)