Hi Simon, On 2011/08/04, at 5:26, Simon Perreault wrote:
> On 2011-08-03 16:44, Tetsuya Murakami wrote: >>> So the 900G figure is valid *in theory*, but *in practice* we're >>> stuck with a number of sessions roughly equal to the number of >>> external ports available on the NAT. >> >> As I mentioned above, the number of NAT session can be greater than >> the available port number in practice because the NAT function in >> these operating systems has already supported to reuse a port number >> which is used for another NAT session with the different destination. > > Yes, because these NATs are endpoint-dependent, which is forbidden by > the BEHAVE RFCs. If using endpoint-independent mapping, one NAT session can cover multiple destinations. For instance, Internal : External : Destination X:x -> E:e -> n/a:n/a So, if a CPE has a limited set of the port number, the CPE can provide the access to many destination with one NAT session. If using endpoint-dependent mapping, the same port number can be reused if the destination address is same. For instance, Internal : External : Destination X:x -> E:e1 -> Y1:n/a X:x -> E:e2 -> Y2:n/a In this case, since the destination is different, 2 NAT sessions can be created. In terms of NAT implementation on the existed operating systems, the endpoint-independent mapping is not supported. In fact, we added the endpoint-independent mapping function in the existed operating system such as linux, netbsd, For instance, netbsd creates the following NAT sessions. Internal : External : Destination X:x -> E:e1 -> Y1:y1 X:x -> E:e2 -> Y1:y2 X:x -> E:e3 -> Y2:y3 If there are unused port number in its port-range, the NAT function allocates a new port number for each NAT session like the above. But if there is no unused port number, the NAT function tries to reuse a same port number which is used for another NAT session with the different destination address like X:x -> E:e1 -> Y4:y4. Hence, from the current implementation point of view, if a CPE has a limited set of the port number, the existed NAT function can provide the access to many destinations. Thanks, Tetsuya Murakami >> So, the 900G figure is valid today. In practice, there are another >> limitation from the memory size for keeping all NAT session and so >> the NAT function has a limitation of maximum number of NAT session. >> But this is totally regardless of the port-range functionality. > > Agreed. > > Simon > -- > DTN made easy, lean, and smart --> http://postellation.viagenie.ca > NAT64/DNS64 open-source --> http://ecdysis.viagenie.ca > STUN/TURN server --> http://numb.viagenie.ca _______________________________________________ Softwires mailing list [email protected] https://www.ietf.org/mailman/listinfo/softwires
