On 4/19/2010 10:40 AM, David Conrad wrote:
Bryan,
On Apr 19, 2010, at 10:22 AM, Bryan Fields wrote:
Here is some unverified calculations I did on the problem of scaling nat.
Right now I'm using 42 translation entries in my nat table. Each entry takes up 312 bytes of FIB memory, which is ~12.7 Kib of data in the FIB. Mutiply this by 250k users and we have 3,124,237 KiB of FIB entries, or 3.1 GiB. This is not running any PtP programs or really hitting the network, I'm just browsing the web and typing this email to you.
This is really interesting data. What hardware is this on?
most firewall vendors can give you this information for their products. it tends to manifest itself in documented connection table size limits. For devices using A PF derivative for example it's right around a kilobyte per entry.... platforms based on 32 bit memory architecture have a hard 4GB limit for that size of those datastructures.
Thanks, -drc