[Jool-list] BIB-less NAT64
Tore Anderson
tore at fud.no
Wed Sep 6 02:20:33 CDT 2017
* Alberto Leiva <ydahhrk at gmail.com>
> > The reason I'm asking is a «problem» I've seen with Jool's NAT64:
> > it can only handle 2^16 * $number_of_addresses_in_pool4 concurrent
> > connections (per protocol).
>
> Are you sure?
For all practical purposes, yes.
> You're making it sound like you can only have as many connections as
> the maximum number of BIB entries given your pool4. If this is truly
> the case, this is a bug. Each BIB entry should be able to have
> multiple sessions, and each session should represent a connection.
>
> Of course, every one of a BIB's sessions must share client v6
> transport address ("IPv6 Remote" in Jool's -sd output) and pool4
> transport address ("IPv4 Local"). But AFAIK this is a limitation of
> NAT64 itself, not just Jool's.
An IPv6 client source address:port tuple will in normal circumstances
only be used for a single connection. If the client creates a new
connection through the NAT64, it will use a new random source port, and
thus be allocated a new BIB entry. For this reason, the BIB and session
tables end up having almost exactly the same amount of entries:
root at nat64gw1-osl2:~# jool --session --count
16916
27
55
root at nat64gw1-osl2:~# jool --bib --count
TCP: 16832
UDP: 27
ICMP: 55
> Okay, guys. Prototype ready.
Alberto, are sure you are human?
> Experimental branch in fake-nat64, in case anyone wants to try it out:
> https://github.com/NICMx/Jool/tree/fake-nat64
I would like to. My schedule the coming few weeks are totally swamped
though, so it will probably not be until October until I have time...
> This thing makes mask-choosing trivial. It's way faster than a stock
> NAT64.
...but I suppose this might make Sander want to give it a go
instead. :-)
Tore
More information about the Jool-list
mailing list