[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NAT444 or ?

Subject: NAT444 or ?
From: davei at otd.com (David Israel)
Date: Wed, 07 Sep 2011 16:21:35 -0400
In-reply-to: <[email protected]>
References: <OFE03D0C83.D3E7AC70-ON85257904.005DDB08-85257904.005DF395@videotron.com> <[email protected]>

On 9/7/2011 3:24 PM, Seth Mos wrote:
> I think you have the numbers off, he started with 1000 users sharing the same IP, since you can only do 62k sessions or so and with a "normal" timeout on those sessions you ran into issues quickly.
>

Remember that a TCP session is defined not just by the port, but by the 
combination of source address:source port:destination 
address:destination port.  So that's 62k sessions *per destination* per 
ip address.   In theory, this particular performance problem should only 
arise when the NAT gear insists on a unique port per session (which is 
common, but unnecessary) or when a particular destination is 
inordinately popular; the latter problem could be addressed by 
increasing the number of addresses that facebook.com and google.com 
resolve to.

I'm not advocating CGN; my point is not that this problem *should* be 
solved, merely that it *can* be.

-Dave

Follow-Ups:
- NAT444 or ?
  - From: leigh.porter at ukbroadband.com (Leigh Porter)
- NAT444 or ?
  - From: simon.perreault at viagenie.ca (Simon Perreault)

References:
- NAT444 or ?
  - From: Jean-Francois.TremblayING at videotron.com (Jean-Francois.TremblayING at videotron.com)
- NAT444 or ?
  - From: seth.mos at dds.nl (Seth Mos)

Prev by Date: NAT444 or ?
Next by Date: Mailing list/group for datacenter facilities folks
Previous by thread: NAT444 or ?
Next by thread: NAT444 or ?
Index(es):
- Date
- Thread