NAT444 or ?

Dan Wing dwing at
Thu Sep 8 17:22:00 UTC 2011

> -----Original Message-----
> From: Jean-Francois.TremblayING at [mailto:Jean-
> Francois.TremblayING at]
> Sent: Wednesday, September 07, 2011 10:06 AM
> To: dr at
> Cc: nanog at
> Subject: Re: NAT444 or ?
> On Wed, Sep 07, 2011 at 12:16:28PM +0200, Randy Bush wrote:
> > > I'm going to have to deploy NAT444 with dual-stack real soon now.
> > you may want to review the presentations from last week's apnic
> meeting
> > in busan.  real mesurements.  sufficiently scary that people who were
> > heavily pushing nat444 for the last two years suddenly started to say
> > "it was not me who pushed nat444, it was him!"  as if none of us had
> a
> > memory.
> >
> > Hm, I fail to find relevant slides discussing that. Could you please
> > point us to those?
> I had the same question. I found Miyakawa-san's presentation has some
> dramatic examples of CGN NAT444 effects using Google Maps:
> KEYNOTE-IPv6-2011-8.pptx.pdf
> However these are with a very high address-sharing ratio (several
> thousands users per address). Using a sparser density (<= 64 users per
> address) is likely to show much less dramatic user impacts.

Try it at home.  With aggressive usage of Microsoft's Terraserver,
mapquest, or google maps, I'm able to burn through 120 or so 
TCP connections.  Move the map around, zoom in/out, enable/disable 
traffic, switch between satellite and map and overlay, repeat those
steps 2-3 times.  Don't be slow and don't wait for everything 
to paint.

Or crash your browser and when it restarts watch how many connections
it makes to re-open all your tabs.

I understand iTunes opens lots of connections, but I haven't looked
at that.

To experiment with limited ports at home, load 3rd party firmware 
onto your NAT -- most of them allow controlling the number 
of mappings (and by default, have higher limits than stock
firmware).  Or consume a bunch of your mappings with a 
script (such as the brain-dead Perl script below) and then 
start your testing.  Some NATs and some servers will kill the 
TCP sessions after inactivity (which is why I describe the 
script as brain-dead).



#!/usr/bin/perl -w
use IO::Socket;

$max = shift(@ARGV);
my $count = 0;
my $host = shift(@ARGV) || "";
my @remote;

print "connecting to $host\n";

while ($count < $max) {
        printf ("connecting...(%d)\n", $count+1);
        $remote[$count] = IO::Socket::INET->new(
                Proto => "tcp",
                PeerAddr => $host,
                PeerPort => "80")
                        or warn "got an error";

print "press Return to exit\n";
my $junk = <STDIN>;

$count = 0;
while ($count < $max) {
        close $remote[$count];


More information about the NANOG mailing list