Big Temporary Networks

Masataka Ohta mohta at
Sat Sep 15 10:37:51 UTC 2012

Mans Nilsson wrote:

>>> Do not NAT. When all those people want to do social networking to the same
>>> furry BBS while also frequenting three social app sites simultaneously
>>> you are going to get Issues if you NAT. So don't.

> I am not suggesting that. I'm just trying to point out that there
> might be a bunch of assumptions that aren't as true anymore when a
> lot of client connections share both source and destination address,
> and perhaps also destination port. If this happens simultaneously when
> a large amount of other tcp connections are NATed through the same box,
> resource starvation will occur.

Then, an advise better than yours is Chris's:

: with small budgets.

: You'll need a beefy NAT box.  Linux with Xeon CPU and 4GB RAM
: minimum.   Run your DNS resolver and DHCP here, unless you have
: hardware to spare.

: Bandwidth.  Lots of Bandwidth.

posted before yours.

> If public address space is available,
> it is better to use that.

It depends on budgets and other factors.

> Also, no NAT means there will be no session
> timers for things like long lived low bandwidth tcp sessions.

Assuming no NAT firewalls without very large connection tables,
not necessarily.

						Masataka Ohta

More information about the NANOG mailing list