On 4/19/2010 10:14, Patrick Giagnocavo wrote:
The eyeball ISPs will find it trivial to NAT should they ever need to do so however, something servers cannot do - you are looking at numbers, not operational considerations.
LSN is not trivial. Here is some unverified calculations I did on the problem of scaling nat. Right now I'm using 42 translation entries in my nat table. Each entry takes up 312 bytes of FIB memory, which is ~12.7 Kib of data in the FIB. Mutiply this by 250k users and we have 3,124,237 KiB of FIB entries, or 3.1 GiB. This is not running any PtP programs or really hitting the network, I'm just browsing the web and typing this email to you. If we look a the total number of translations for 250k users we see 10.5M entries. As TCP/UDP only has 65,536 ports and about 1025 of them are unusable, this leaves 64,511 ports to work with per IP. Divided out we need 163 public IP's min just to nat the number of users on a single PDSN pool, assuming we have a 1/2 loading thats 326 public IP's for one pool. Now things get fun when I turn on my torrent program, average number of translations is at 3500 per person (during a virus outbreak or other network event), we'll need a pool of 27k public IP's and 254 GiB of ram to store the NAT tables. This would be a /17 of IP space just to NAT 250k private users! This is why nat does not scale. NAT breaks other IP protocols which don't use TCP or UDP, and even breaks common protocols like TCP based FTP unless the NAT device has special support for FTP to do deep packet inspection and track the FTP sessions. Now suppose some one finds out that 250k people are behind a LSN box. All they have to do is write a virus that opens up tons of connections and it will DDOS the entire providers nat device. Jjust think, a single user could get the entire user base blocked from 4chan! -- Bryan Fields 727-409-1194 - Voice 727-214-2508 - Fax http://bryanfields.net