There are certain port allocation methods where extending the port block is tricky, such as (Stateless) Deterministic NAT.
From: "Poscic, Kristian (Kristian)" <[email protected]<mailto:[email protected]>> Date: Fri, 7 Jun 2013 16:06:13 +0000 To: John Mann <[email protected]<mailto:[email protected]>>, "Rajiv Asati (rajiva)" <[email protected]<mailto:[email protected]>> Cc: "Softwires-wg list ([email protected]<mailto:[email protected]>)" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>, "Dan Wing (dwing)" <[email protected]<mailto:[email protected]>> Subject: Re: [BEHAVE] [v6ops] Home NAPT44 - How many ports? But why is this a problem in CGN? You initially allocate a port block of 500ports to the subscriber and then they can dynamically extend this on as needed basis (allocate a new port block). To me the value of this exercise is to determine what will this initial port block size be, not at which point the service will be denied since this can be easily extended. For RGs, it is what it is, if they have the limit of 500mapping, then yes, this is the problem. But for CGN it shouldn’t be. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of John Mann Sent: Thursday, June 06, 2013 5:02 PM To: Rajiv Asati (rajiva) Cc: Softwires-wg list ([email protected]<mailto:[email protected]>); [email protected]<mailto:[email protected]>; [email protected]<mailto:[email protected]>; Dan Wing (dwing) Subject: Re: [BEHAVE] [v6ops] Home NAPT44 - How many ports? Hi, On 7 June 2013 08:41, Rajiv Asati (rajiva) <[email protected]<mailto:[email protected]>> wrote: Hi Dan, > and so on. I am surprised you conclude that "500 seems ok" when such a > limit would interfere with your network use on those days. I based that statement ("...seems ok,") on the very fact that the number of times the NAT utilization exceeded 500 mappings (equating to 500 ports, in my setup) in the sample period (~2 months) was relatively quite low. So, if the NAT device was limited to only 500 mappings, then the experience would have been ok for 99% of the time and degraded 1% of the time. This is an important consideration, IMO. For ex, in the last 2 weeks, the number of times NAT mappings exceeded 500 were: June 3 - 1 time May 29 - 1 time May 28 - 3 times May 26 - 1 time May 23 - 1 time May 22 - 2 times May 21 - 3 times I think a more-interesting statistic would be "how many connection setups would have failed". But I don't think you can measure that just by polling concurrent connections at specific times. It might take e.g. netflow exporting and analysis ... However "number of concurrent connections that couldn't have been setup" would be useful in gauging the impact e.g. on May 29 there was one spike of 734 concurrent connections, then report that as 234 potential failures. Of course, 1000 ports (resulting in 1000+ mappings) would have been more than enough to accommodate the times when the mappings exceeded 500, but stayed within 1000 (except once). > What is the maximum number of mappings supported by your NAPT device? > Some residential-class NATs have a limit of 1024 mappings. Is that a combined limit of TCP and UDP and ICMP, or independent? My NAPT device seemingly can use upto 64K ports. :) Cheers, Rajiv > -----Original Message----- > From: Dan Wing (dwing) > Sent: Thursday, June 06, 2013 11:43 AM > To: Rajiv Asati (rajiva) > Cc: [email protected]<mailto:[email protected]>; Softwires-wg list > ([email protected]<mailto:[email protected]>); > [email protected]<mailto:[email protected]>; Erik Kline > ([email protected]<mailto:[email protected]>) > Subject: Re: [BEHAVE] Home NAPT44 - How many ports? > > > On Jun 5, 2013, at 6:14 AM, Rajiv Asati (rajiva) > <[email protected]<mailto:[email protected]>> wrote: > > > Some of you may recall our discussion (during the last IETF) around "how > many TCP/UDP ports are enough with NAPT44" per home, as ISPs move into > A+P paradigm. ~500, ~1000, ~3000??? > > > > Well, I started monitoring my home router and plotting the NAPT44 port > utilization on a minute-by-minute basis. You may find it here - > http://www.employees.org/~rajiva > > > > In short, port range of 500 seems ok, though 1000 would be more than > enough for my home. > > I see several spikes in your data over 500 ports. During those times, > applications would be unable to function (unable to get a port). April 29/30 > is a long time where that occurs very visibly, but there are shorter spikes > elsewhere such as on April 17 and April 18. If you had only 500 ports on > those days, creating a new TCP mapping would have been impossible, > impacting ability to send or receive email, order books from Amazon.com, > and so on. I am surprised you conclude that "500 seems ok" when such a > limit would interfere with your network use on those days. > > What is the maximum number of mappings supported by your NAPT device? > Some residential-class NATs have a limit of 1024 mappings. > > -d > > > Suffice to say, this is just a sample representation, since the port > utilization would vary home to home, based on number of active devices, > type of applications, the degree of simultaneous device or application > usage etc. > > > > If any of you are doing similar monitoring, then please share. > > > > Cheers, > > Rajiv > > > > PS: Thanks to Erik Kline, who explained (with sufficient details) how to use > google charting for my data. And thanks to Xun Wang & Shaoshuai Dai for > helping me out significantly. > > > > PS: My home has 3-4 active devices. > > _______________________________________________ > > Behave mailing list > > [email protected]<mailto:[email protected]> > > https://www.ietf.org/mailman/listinfo/behave _______________________________________________ v6ops mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/v6ops _______________________________________________ Behave mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/behave
_______________________________________________ Softwires mailing list [email protected] https://www.ietf.org/mailman/listinfo/softwires
