nanog mailing list archives
Re: Rate of growth on IPv6 not fast enough?
From: Bryan Fields <Bryan () bryanfields net>
Date: Mon, 19 Apr 2010 13:22:31 -0400
On 4/19/2010 10:14, Patrick Giagnocavo wrote:
The eyeball ISPs will find it trivial to NAT should they ever need to do so however, something servers cannot do - you are looking at numbers, not operational considerations.
LSN is not trivial. Here is some unverified calculations I did on the problem of scaling nat. Right now I'm using 42 translation entries in my nat table. Each entry takes up 312 bytes of FIB memory, which is ~12.7 Kib of data in the FIB. Mutiply this by 250k users and we have 3,124,237 KiB of FIB entries, or 3.1 GiB. This is not running any PtP programs or really hitting the network, I'm just browsing the web and typing this email to you. If we look a the total number of translations for 250k users we see 10.5M entries. As TCP/UDP only has 65,536 ports and about 1025 of them are unusable, this leaves 64,511 ports to work with per IP. Divided out we need 163 public IP's min just to nat the number of users on a single PDSN pool, assuming we have a 1/2 loading thats 326 public IP's for one pool. Now things get fun when I turn on my torrent program, average number of translations is at 3500 per person (during a virus outbreak or other network event), we'll need a pool of 27k public IP's and 254 GiB of ram to store the NAT tables. This would be a /17 of IP space just to NAT 250k private users! This is why nat does not scale. NAT breaks other IP protocols which don't use TCP or UDP, and even breaks common protocols like TCP based FTP unless the NAT device has special support for FTP to do deep packet inspection and track the FTP sessions. Now suppose some one finds out that 250k people are behind a LSN box. All they have to do is write a virus that opens up tons of connections and it will DDOS the entire providers nat device. Jjust think, a single user could get the entire user base blocked from 4chan! -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net
Current thread:
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough?, (continued)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Dave Pooser (Apr 28)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? Mark Smith (Apr 29)
- Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough? David Barak (Apr 28)
- Re: Rate of growth on IPv6 not fast enough? Jens Link (Apr 21)
- Re: Rate of growth on IPv6 not fast enough? John Levine (Apr 21)
- Re: Rate of growth on IPv6 not fast enough? Nick Hilliard (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Joe Greco (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Owen DeLong (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Joe Greco (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? John Levine (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Bryan Fields (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Steven Bellovin (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? David Conrad (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Bryan Fields (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? joel jaeggli (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Simon Perreault (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Leo Bicknell (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Jack Bates (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Bryan Fields (Apr 19)
- Re: Rate of growth on IPv6 not fast enough? Florian Weimer (Apr 20)
- Re: Rate of growth on IPv6 not fast enough? Florian Weimer (Apr 19)