NAT444 or ?

Seth Mos seth.mos at dds.nl
Wed Sep 7 14:24:19 CDT 2011


Op 7 sep 2011, om 19:06 heeft Jean-Francois.TremblayING at videotron.com het volgende geschreven:

> On Wed, Sep 07, 2011 at 12:16:28PM +0200, Randy Bush wrote:
>>> I'm going to have to deploy NAT444 with dual-stack real soon now.
>> you may want to review the presentations from last week's apnic meeting
>> in busan.  real mesurements.  sufficiently scary that people who were
>> heavily pushing nat444 for the last two years suddenly started to say
>> "it was not me who pushed nat444, it was him!"  as if none of us had a
>> memory. 
>> 
>> Hm, I fail to find relevant slides discussing that. Could you please
>> point us to those?
> 
> I had the same question. I found Miyakawa-san's presentation has some 
> dramatic examples of CGN NAT444 effects using Google Maps: 
> http://meetings.apnic.net/__data/assets/file/0011/38297/Miyakawa-APNIC-KEYNOTE-IPv6-2011-8.pptx.pdf 
> 
> 
> However these are with a very high address-sharing ratio (several 
> thousands users per address). Using a sparser density (<= 64 users per 
> address) is likely to show much less dramatic user impacts. 

I think you have the numbers off, he started with 1000 users sharing the same IP, since you can only do 62k sessions or so and with a "normal" timeout on those sessions you ran into issues quickly.

The summary is that with anything less then 20 tcp sessions per user simultaneous google maps or earth was problematic. From 15 and downwards almost unsable.

He deducted from testing that about 10 users per IP was a more realistic limit without taking out the entire CGN "experience".

On a personal note, this isn't even taking into question things like broken virus scanners or other software updates that will happily try to do 5 sessions per second, or a msn client lost trying to do 10 per second. The most the windows IP stack will allow on client versions.

The real big issue that will be the downfall of NAT444 is the issue with ACLS and automatic blocklists and the loss of granular access control on that which the ISP has no control of. Which roughly estimates to the internet.
 
Regards,

Seth



More information about the NANOG mailing list