Hi Simon, On 2011/08/03, at 6:05, Simon Perreault wrote:
> On 2011-08-03 04:01, Rémi Després wrote: >> >> Le 3 août 2011 à 00:39, Rajiv Asati (rajiva) a écrit : >> >>> Satoru-san, >>> >>> This is an important point that most of us forget that restricting to >>> "n" ports doesn't equate to just "n" NAT sessions rather many more than >>> n sessions. We must add that to the 4v6 motivation draft as well as to >>> the 4v6 comparison draft. >> >> +1 > > I think there is an important point missing from this discussion. It is > tricky but it has important practical consequences. > > As I said, "The 900G figure is valid, *as long as internal hosts reuse > the same source address+port for different destinations*." > > The "as long as ..." part is important. I don't know of any operating > system that behaves like that. That is, a different source port will be > used for each new outbound session, regardless of the destination. > Therefore, in practice, each session will require one NAT binding, which > will in turn consume one external port. From the developer point of view, almost operating systems such as netbsd, Linux can support the above function. At first, the NAT function in these operating systems has already supported to specify the port-range. In terms of the port number allocation in the NAT, if there are unused port number in a given port-range, then the NAT function allocates a new port number from the unused port numbers. But if there is no unused port number in a given port-range, then the NAT function tries to reuse a port number which is used for another NAT session with the different destination address. Hence, as Satoru-san mentioned, the existed operating system such as netbsd, linux, has already reuse the same port number on multiple NAT session with the different destination. > So the 900G figure is valid *in theory*, but *in practice* we're stuck > with a number of sessions roughly equal to the number of external ports > available on the NAT. As I mentioned above, the number of NAT session can be greater than the available port number in practice because the NAT function in these operating systems has already supported to reuse a port number which is used for another NAT session with the different destination. So, the 900G figure is valid today. In practice, there are another limitation from the memory size for keeping all NAT session and so the NAT function has a limitation of maximum number of NAT session. But this is totally regardless of the port-range functionality. Thanks, Tetsuya Murakami > Now, if there is no NAT and the host itself is constrained to a given > port range, the OS will usually start reusing source ports for different > destinations when there is pressure to do so (i.e. when all source ports > are in use). Where a NAT would simply drop the session-creating packet, > in this case the OS is able to reuse a source port. So if there is no > NAT, the 900G figure is also valid in practice. _______________________________________________ Softwires mailing list [email protected] https://www.ietf.org/mailman/listinfo/softwires
