-----Original Message----- From: Jean-Francois.TremblayING@videotron.com [mailto:Jean- Francois.TremblayING@videotron.com] Sent: Wednesday, September 07, 2011 10:06 AM To: dr@cluenet.de Cc: nanog@nanog.org Subject: Re: NAT444 or ?
On Wed, Sep 07, 2011 at 12:16:28PM +0200, Randy Bush wrote:
I'm going to have to deploy NAT444 with dual-stack real soon now. you may want to review the presentations from last week's apnic meeting in busan. real mesurements. sufficiently scary that people who were heavily pushing nat444 for the last two years suddenly started to say "it was not me who pushed nat444, it was him!" as if none of us had a memory.
Hm, I fail to find relevant slides discussing that. Could you please point us to those?
I had the same question. I found Miyakawa-san's presentation has some dramatic examples of CGN NAT444 effects using Google Maps: http://meetings.apnic.net/__data/assets/file/0011/38297/Miyakawa-APNIC- KEYNOTE-IPv6-2011-8.pptx.pdf
However these are with a very high address-sharing ratio (several thousands users per address). Using a sparser density (<= 64 users per address) is likely to show much less dramatic user impacts.
Try it at home. With aggressive usage of Microsoft's Terraserver, mapquest, or google maps, I'm able to burn through 120 or so TCP connections. Move the map around, zoom in/out, enable/disable traffic, switch between satellite and map and overlay, repeat those steps 2-3 times. Don't be slow and don't wait for everything to paint. Or crash your browser and when it restarts watch how many connections it makes to re-open all your tabs. I understand iTunes opens lots of connections, but I haven't looked at that. To experiment with limited ports at home, load 3rd party firmware onto your NAT -- most of them allow controlling the number of mappings (and by default, have higher limits than stock firmware). Or consume a bunch of your mappings with a script (such as the brain-dead Perl script below) and then start your testing. Some NATs and some servers will kill the TCP sessions after inactivity (which is why I describe the script as brain-dead). -d ---- #!/usr/bin/perl -w use IO::Socket; $max = shift(@ARGV); my $count = 0; my $host = shift(@ARGV) || "www.example.com"; my @remote; print "connecting to $host\n"; while ($count < $max) { printf ("connecting...(%d)\n", $count+1); $remote[$count] = IO::Socket::INET->new( Proto => "tcp", PeerAddr => $host, PeerPort => "80") or warn "got an error"; $count++; } print "press Return to exit\n"; my $junk = <STDIN>; $count = 0; while ($count < $max) { close $remote[$count]; $count++; } exit;