[144281] in North American Network Operators' Group
Re: NAT444 or ?
daemon@ATHENA.MIT.EDU (Seth Mos)
Wed Sep 7 15:25:14 2011
From: Seth Mos <seth.mos@dds.nl>
In-Reply-To: <OFE03D0C83.D3E7AC70-ON85257904.005DDB08-85257904.005DF395@videotron.com>
Date: Wed, 7 Sep 2011 21:24:19 +0200
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Op 7 sep 2011, om 19:06 heeft Jean-Francois.TremblayING@videotron.com =
het volgende geschreven:
> On Wed, Sep 07, 2011 at 12:16:28PM +0200, Randy Bush wrote:
>>> I'm going to have to deploy NAT444 with dual-stack real soon now.
>> you may want to review the presentations from last week's apnic =
meeting
>> in busan. real mesurements. sufficiently scary that people who were
>> heavily pushing nat444 for the last two years suddenly started to say
>> "it was not me who pushed nat444, it was him!" as if none of us had =
a
>> memory.=20
>>=20
>> Hm, I fail to find relevant slides discussing that. Could you please
>> point us to those?
>=20
> I had the same question. I found Miyakawa-san's presentation has some=20=
> dramatic examples of CGN NAT444 effects using Google Maps:=20
> =
http://meetings.apnic.net/__data/assets/file/0011/38297/Miyakawa-APNIC-KEY=
NOTE-IPv6-2011-8.pptx.pdf=20
>=20
>=20
> However these are with a very high address-sharing ratio (several=20
> thousands users per address). Using a sparser density (<=3D 64 users =
per=20
> address) is likely to show much less dramatic user impacts.=20
I think you have the numbers off, he started with 1000 users sharing the =
same IP, since you can only do 62k sessions or so and with a "normal" =
timeout on those sessions you ran into issues quickly.
The summary is that with anything less then 20 tcp sessions per user =
simultaneous google maps or earth was problematic. =46rom 15 and =
downwards almost unsable.
He deducted from testing that about 10 users per IP was a more realistic =
limit without taking out the entire CGN "experience".
On a personal note, this isn't even taking into question things like =
broken virus scanners or other software updates that will happily try to =
do 5 sessions per second, or a msn client lost trying to do 10 per =
second. The most the windows IP stack will allow on client versions.
The real big issue that will be the downfall of NAT444 is the issue with =
ACLS and automatic blocklists and the loss of granular access control on =
that which the ISP has no control of. Which roughly estimates to the =
internet.
=20
Regards,
Seth=
