[144324] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

RE: NAT444 or ?

daemon@ATHENA.MIT.EDU (Dan Wing)
Thu Sep 8 13:10:55 2011

From: "Dan Wing" <dwing@cisco.com>
To: "'Simon Perreault'" <simon.perreault@viagenie.ca>, <nanog@nanog.org>
In-Reply-To: <4E67E22C.80807@viagenie.ca>
Date: Thu, 8 Sep 2011 10:10:24 -0700
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

> -----Original Message-----
> From: Simon Perreault [mailto:simon.perreault@viagenie.ca]
> Sent: Wednesday, September 07, 2011 2:29 PM
> To: nanog@nanog.org
> Subject: Re: NAT444 or ?
> 
> David Israel wrote, on 09/07/2011 04:21 PM:
> > In theory, this
> > particular performance problem should only arise when the NAT gear
> insists on a
> > unique port per session (which is common, but unnecessary)
> 
> What you're describing is known as "endpoint-independent mapping"
> behaviour. It
> is good for not breaking applications, not so good for scalability. RFC
> 4787 section 4.1 makes it a MUST.

There are two dimensions of that scalability, of course:

Endpoint-independent mapping means better scaling of the NAT itself, 
because it stores less state (slightly less memory for each active 
mapping and slightly less per-packet processing).  This savings
is exchanged for worse IPv4 utilization -- which I agree is not so
good for scalability.

-d


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[144324] in North American Network Operators' Group

RE: NAT444 or ?

daemon@ATHENA.MIT.EDU (Dan Wing)Thu Sep 8 13:10:55 2011

daemon@ATHENA.MIT.EDU (Dan Wing)
Thu Sep 8 13:10:55 2011