Re: NAT444 or ?

[David Israel <davei () otd com>]

On 9/7/2011 3:24 PM, Seth Mos wrote:
> I think you have the numbers off, he started with 1000 users sharing the same IP, since you can only do 62k sessions or so and 
> with a "normal" timeout on those sessions you ran into issues quickly.

Remember that a TCP session is defined not just by the port, but by the 
combination of source address:source port:destination 
address:destination port.  So that's 62k sessions *per destination* per 
ip address.   In theory, this particular performance problem should only 
arise when the NAT gear insists on a unique port per session (which is 
common, but unnecessary) or when a particular destination is 
inordinately popular; the latter problem could be addressed by 
increasing the number of addresses that facebook.com and google.com 
resolve to.

I'm not advocating CGN; my point is not that this problem *should* be 
solved, merely that it *can* be.

-Dave