[Jool-list] BIB-less NAT64 (was: NAT64 performance)

Sander Steffann sander at steffann.nl
Tue Sep 5 06:05:33 CDT 2017 

Hi,

> This reminds me of something I've been wondering about. Would it be
> possible to do NAT64 with the BIB completely disabled?
> 
> The reason I'm asking is a «problem» I've seen with Jool's NAT64: it can
> only handle 2^16 * $number_of_addresses_in_pool4 concurrent connections
> (per protocol). That means you need quite a lot of IPv4 addresses to
> service a large IPv6 user base.
> 
> I think it should be possible to re-use IPv4 transport addresses between
> IPv6 clients though. You could could end up with session table
> containing entries like this:
> 
>    IPv6 client:port         Public v4:port        Dest v4:port
> #1: [2001:db8::1]:60000  ->  192.0.2.1:54321  ->   ebay.co.uk:443
> #2: [2001:db8::a]:40000  ->  192.0.2.1:54321  ->   amazon.com:443
> #n: [.................]  ->  192.0.2.1:54321  ->   [............]

Technically possible, but in our case we want/need to log the BIB entries so that if abuse is detected we can trace it back to the originator. And we explicitly don't want to log where the user is connecting to (privacy), only which IPv6 user got which IPv4 address+port at which point in time.

> This would of course not be RFC compliant, and would break externally
> initiated sessions. But that might be an acceptable trade-off, as you
> can now support much larger IPv6 user populations behind the same amount
> of public IPv4 addresses.

That would indeed be awesome :)

> Sander: Nice work with the performance testing! I would be interested in
> seeing results for SIIT[-DC] too - what's the baseline performance with
> a small (or no) EAMT, and what impact does adding a lot of EAMs have?

I don't have time to test this myself, but if you want to play around ping me off-list and I'll give you a login on the boxes :)

Cheers,
Sander

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP
URL: <http://mail-lists.nic.mx/pipermail/jool-list/attachments/20170905/4982fd82/attachment.bin>

More information about the Jool-list mailing list