Re: Big Temporary Networks

[Masataka Ohta <mohta () necom830 hpcl titech ac jp>]

Mans Nilsson wrote:

> > > Do not NAT. When all those people want to do social networking to the same
> > > furry BBS while also frequenting three social app sites simultaneously
> > > you are going to get Issues if you NAT. So don't.

> I am not suggesting that. I'm just trying to point out that there
> might be a bunch of assumptions that aren't as true anymore when a
> lot of client connections share both source and destination address,
> and perhaps also destination port. If this happens simultaneously when
> a large amount of other tcp connections are NATed through the same box,
> resource starvation will occur.

Then, an advise better than yours is Chris's:

: with small budgets.

: You'll need a beefy NAT box.  Linux with Xeon CPU and 4GB RAM
: minimum.   Run your DNS resolver and DHCP here, unless you have
: hardware to spare.

: Bandwidth.  Lots of Bandwidth.

posted before yours.

> If public address space is available,
> it is better to use that.

It depends on budgets and other factors.

> Also, no NAT means there will be no session
> timers for things like long lived low bandwidth tcp sessions.

Assuming no NAT firewalls without very large connection tables,
not necessarily.

                                                Masataka Ohta