nanog mailing list archives

Re: NAT444 or ?

From: Seth Mos <seth.mos () dds nl>
Date: Wed, 7 Sep 2011 21:24:19 +0200


Op 7 sep 2011, om 19:06 heeft Jean-Francois.TremblayING () videotron com het volgende geschreven:

On Wed, Sep 07, 2011 at 12:16:28PM +0200, Randy Bush wrote:

I'm going to have to deploy NAT444 with dual-stack real soon now.

you may want to review the presentations from last week's apnic meeting
in busan.  real mesurements.  sufficiently scary that people who were
heavily pushing nat444 for the last two years suddenly started to say
"it was not me who pushed nat444, it was him!"  as if none of us had a
memory. 

Hm, I fail to find relevant slides discussing that. Could you please
point us to those?


I had the same question. I found Miyakawa-san's presentation has some 
dramatic examples of CGN NAT444 effects using Google Maps: 
http://meetings.apnic.net/__data/assets/file/0011/38297/Miyakawa-APNIC-KEYNOTE-IPv6-2011-8.pptx.pdf 


However these are with a very high address-sharing ratio (several 
thousands users per address). Using a sparser density (<= 64 users per 
address) is likely to show much less dramatic user impacts.


I think you have the numbers off, he started with 1000 users sharing the same IP, since you can only do 62k sessions or 
so and with a "normal" timeout on those sessions you ran into issues quickly.

The summary is that with anything less then 20 tcp sessions per user simultaneous google maps or earth was problematic. 
From 15 and downwards almost unsable.

He deducted from testing that about 10 users per IP was a more realistic limit without taking out the entire CGN 
"experience".

On a personal note, this isn't even taking into question things like broken virus scanners or other software updates 
that will happily try to do 5 sessions per second, or a msn client lost trying to do 10 per second. The most the 
windows IP stack will allow on client versions.

The real big issue that will be the downfall of NAT444 is the issue with ACLS and automatic blocklists and the loss of 
granular access control on that which the ISP has no control of. Which roughly estimates to the internet.
 
Regards,

Seth

Current thread:

Re: NAT444 or ?, (continued)
- - - Re: NAT444 or ? Dobbins, Roland (Sep 09)
    - Re: NAT444 or ? Mark Tinka (Sep 09)
    - Re: NAT444 or ? Dobbins, Roland (Sep 09)
    - Re: NAT444 or ? Cameron Byrne (Sep 10)
    - RE: NAT444 or ? Leigh Porter (Sep 11)
    - Re: NAT444 or ? Dobbins, Roland (Sep 11)
    - Re: NAT444 or ? Cameron Byrne (Sep 11)
    - RE: NAT444 or ? Dan Wing (Sep 08)
    - Re: NAT444 or ? Jean-Francois . TremblayING (Sep 07)
    - Re: NAT444 or ? Daniel Roesen (Sep 07)
    - Re: NAT444 or ? Seth Mos (Sep 07)
    - RE: NAT444 or ? Leigh Porter (Sep 07)
    - Re: NAT444 or ? Dorn Hetzel (Sep 07)
    - Re: NAT444 or ? Valdis . Kletnieks (Sep 07)
    - RE: NAT444 or ? Leigh Porter (Sep 07)
    - Re: NAT444 or ? Owen DeLong (Sep 07)
    - RE: NAT444 or ? Leigh Porter (Sep 08)
    - RE: NAT444 or ? Cameron Byrne (Sep 08)
    - what about the users re: NAT444 or ? Christian de Larrinaga (Sep 08)
    - Re: what about the users re: NAT444 or ? Lyle Giese (Sep 08)
    - Re: what about the users re: NAT444 or ? Randy Bush (Sep 08)

(Thread continues...)