[156338] in North American Network Operators' Group
Re: Big Temporary Networks
daemon@ATHENA.MIT.EDU (Masataka Ohta)
Sat Sep 15 06:39:40 2012
Date: Sat, 15 Sep 2012 19:37:51 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
To: nanog@nanog.org
In-Reply-To: <20120914124607.GU24232@besserwisser.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Mans Nilsson wrote:
>>> Do not NAT. When all those people want to do social networking to the same
>>> furry BBS while also frequenting three social app sites simultaneously
>>> you are going to get Issues if you NAT. So don't.
> I am not suggesting that. I'm just trying to point out that there
> might be a bunch of assumptions that aren't as true anymore when a
> lot of client connections share both source and destination address,
> and perhaps also destination port. If this happens simultaneously when
> a large amount of other tcp connections are NATed through the same box,
> resource starvation will occur.
Then, an advise better than yours is Chris's:
: with small budgets.
: You'll need a beefy NAT box. Linux with Xeon CPU and 4GB RAM
: minimum. Run your DNS resolver and DHCP here, unless you have
: hardware to spare.
: Bandwidth. Lots of Bandwidth.
posted before yours.
> If public address space is available,
> it is better to use that.
It depends on budgets and other factors.
> Also, no NAT means there will be no session
> timers for things like long lived low bandwidth tcp sessions.
Assuming no NAT firewalls without very large connection tables,
not necessarily.
Masataka Ohta
