nanog mailing list archives

RE: NAT444 or ?

From: "Dan Wing" <dwing () cisco com>
Date: Thu, 8 Sep 2011 10:10:24 -0700

-----Original Message-----
From: Simon Perreault [mailto:simon.perreault () viagenie ca]
Sent: Wednesday, September 07, 2011 2:29 PM
To: nanog () nanog org
Subject: Re: NAT444 or ?

David Israel wrote, on 09/07/2011 04:21 PM:

In theory, this
particular performance problem should only arise when the NAT gear

insists on a

unique port per session (which is common, but unnecessary)


What you're describing is known as "endpoint-independent mapping"
behaviour. It
is good for not breaking applications, not so good for scalability. RFC
4787 section 4.1 makes it a MUST.


There are two dimensions of that scalability, of course:

Endpoint-independent mapping means better scaling of the NAT itself, 
because it stores less state (slightly less memory for each active 
mapping and slightly less per-packet processing).  This savings
is exchanged for worse IPv4 utilization -- which I agree is not so
good for scalability.

-d

Current thread:

Re: NAT444 or ?, (continued)
- - - Re: NAT444 or ? David Israel (Sep 07)
    - RE: NAT444 or ? Leigh Porter (Sep 07)
    - Re: NAT444 or ? Mike Jones (Sep 08)
    - Re: NAT444 or ? Carlos Martinez-Cagnazzo (Sep 08)
    - RE: NAT444 or ? Leigh Porter (Sep 09)
    - Re: NAT444 or ? Randy Bush (Sep 09)
    - RE: NAT444 or ? Dan Wing (Sep 08)
    - Re: NAT444 or ? Owen DeLong (Sep 13)
    - RE: NAT444 or ? Dan Wing (Sep 13)
    - Re: NAT444 or ? Simon Perreault (Sep 07)
    - RE: NAT444 or ? Dan Wing (Sep 08)
    - RE: NAT444 or ? Dan Wing (Sep 08)
    - RE: NAT444 or ? Dan Wing (Sep 08)
    - Re: NAT444 or ? Mark Tinka (Sep 09)