[144288] in North American Network Operators' Group
Re: NAT444 or ?
daemon@ATHENA.MIT.EDU (David Israel)
Wed Sep 7 16:22:57 2011
Date: Wed, 07 Sep 2011 16:21:35 -0400
From: David Israel <davei@otd.com>
To: nanog@nanog.org
In-Reply-To: <7315DFDF-C5D2-4894-8980-F3E44C355D28@dds.nl>
X-otd-MailScanner-From: davei@otd.com
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 9/7/2011 3:24 PM, Seth Mos wrote:
> I think you have the numbers off, he started with 1000 users sharing the same IP, since you can only do 62k sessions or so and with a "normal" timeout on those sessions you ran into issues quickly.
>
Remember that a TCP session is defined not just by the port, but by the
combination of source address:source port:destination
address:destination port. So that's 62k sessions *per destination* per
ip address. In theory, this particular performance problem should only
arise when the NAT gear insists on a unique port per session (which is
common, but unnecessary) or when a particular destination is
inordinately popular; the latter problem could be addressed by
increasing the number of addresses that facebook.com and google.com
resolve to.
I'm not advocating CGN; my point is not that this problem *should* be
solved, merely that it *can* be.
-Dave
