nanog mailing list archives
Re: NAT444 or ?
From: Mike Jones <mike () mikejones in>
Date: Thu, 8 Sep 2011 12:33:40 +0100
As HTTP seems to be a major factor causing a lot of short lived connections, and several large ISPs have demonstrated that large scale transparent HTTP proxies seem to work just fine, you could also move the IPv4 port 80 traffic from the CGN to a transparent HTTP proxy. As well as any benefits from caching keeping connections local it can also combine 1000 users trying to load facebook in to a handful of persistent connections to the facebook servers. The proxy can of course also have its own global IPv4 address rather than going through the NAT, I have no experience with large scale HTTP proxy deployments but I strongly suspect a single HTTP proxy can handle traffic for a lot more users than low hundreds currently being suggested for NAT444! and can be scaled out separately if required. As an end user this is probably a little worse with HTTP coming from a different IP address to everything else, but not that much worse. As a provider it may be much easier to scale to larger numbers of customers. The proxy can also take IPv4-only users to a dual stacked site over IPv6, as I am under no illusions that even with IPv6 to every customer you will still have customers behind IPv4-only NAT routers they bought themselves for quite a while. With some DNS tricks this might be useful for those users reaching IPv6-only sites, however it would probably be better if they were unable to reach those sites at all to give them an incentive to fix their IPv6. On 7 September 2011 21:37, Leigh Porter <leigh.porter () ukbroadband com> wrote:
Other simple tricks such as ensuring that your own internal services such as DNS are available without traversing NAT also help.
As obvious as this probably is, i'm sure someone will overlook it! Also other services such as providers with CDN nodes in their network may want to talk to the CDN operator about having those connected to directly from the internal addresses to avoid traversing the NAT, and I'm sure there are other services as well. - Mike
Current thread:
- Re: CGN and CDN (was Re: what about the users re: NAT444 or ?), (continued)
- Re: CGN and CDN (was Re: what about the users re: NAT444 or ?) Dobbins, Roland (Sep 09)
- RE: what about the users re: NAT444 or ? Dan Wing (Sep 08)
- Re: what about the users re: NAT444 or ? Christian de Larrinaga (Sep 09)
- Re: what about the users re: NAT444 or ? Owen DeLong (Sep 13)
- RE: what about the users re: NAT444 or ? Dan Wing (Sep 13)
- Re: what about the users re: NAT444 or ? Owen DeLong (Sep 14)
- Re: NAT444 or ? Mark Tinka (Sep 10)
- Re: NAT444 or ? Jean-Francois . TremblayING (Sep 07)
- Re: NAT444 or ? David Israel (Sep 07)
- RE: NAT444 or ? Leigh Porter (Sep 07)
- Re: NAT444 or ? Mike Jones (Sep 08)
- Re: NAT444 or ? Carlos Martinez-Cagnazzo (Sep 08)
- RE: NAT444 or ? Leigh Porter (Sep 09)
- Re: NAT444 or ? Randy Bush (Sep 09)
- RE: NAT444 or ? Dan Wing (Sep 08)
- Re: NAT444 or ? Owen DeLong (Sep 13)
- RE: NAT444 or ? Dan Wing (Sep 13)
- Re: NAT444 or ? Simon Perreault (Sep 07)
- RE: NAT444 or ? Dan Wing (Sep 08)
- RE: NAT444 or ? Dan Wing (Sep 08)
- RE: NAT444 or ? Dan Wing (Sep 08)