Re: [BEHAVE] [v6ops] Home NAPT44 - How many ports?

Branimir Rajtar <Branimir.Rajtar@t.ht.hr> Fri, 07 June 2013 07:31 UTC

Return-Path: <Branimir.Rajtar@t.ht.hr>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E35E921F9619; Fri, 7 Jun 2013 00:31:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.602
X-Spam-Level:
X-Spam-Status: No, score=0.602 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FJ-9C7XsGGY0; Fri, 7 Jun 2013 00:31:36 -0700 (PDT)
Received: from mx01.t.ht.hr (mx01.t.ht.hr [195.29.161.88]) by ietfa.amsl.com (Postfix) with SMTP id EBB9A21F944C; Fri, 7 Jun 2013 00:31:34 -0700 (PDT)
Received: from no.name.available by mx01.t.ht.hr via smtpd (for mail.ietf.org [12.22.58.30]) with ESMTP; Fri, 7 Jun 2013 08:59:25 +0200
Received: from (unknown [172.17.66.76]) by scmg1.t.ht.hr with smtp id 5a79_411d_46d8ffac_cf44_11e2_850b_00221951415f; Fri, 07 Jun 2013 09:31:32 +0200
Received: (private information removed) Fri, 7 Jun 2013 09:31:32 +0200
Received: (private information removed) S2010EXCHCA1.ad.local ([::1]) with mapi id 14.03.0123.003; Fri, 7 Jun 2013 09:31:32 +0200
From: Branimir Rajtar <Branimir.Rajtar@t.ht.hr>
To: Dan Wing <dwing@cisco.com>, John Mann <john.mann@monash.edu>
Thread-Topic: [BEHAVE] [v6ops] Home NAPT44 - How many ports?
Thread-Index: AQHOYxSmFlmur/cKQ0iajTdwC2BYP5kp2xNQ
Date: Fri, 7 Jun 2013 07:31:32 +0000
Message-ID: <786F13AA11E69F4DB2CCA23F7400C2FB01464D5F@S2010EXCH1.ad.local>
References: <B14A62A57AB87D45BB6DD7D9D2B78F0B116D2400@xmb-rcd-x06.cisco.com> <FC155739-3CB3-48FD-B77A-8526BEE9648B@cisco.com> <B14A62A57AB87D45BB6DD7D9D2B78F0B116D8383@xmb-rcd-x06.cisco.com> <CA+OBy1MD-kqj4kSjau9LreSZhFdGzrOqCAGNi9DuMaqJVvM-SQ@mail.gmail.com> <D9CE2A0E-ED97-4650-A798-671136AC9179@cisco.com>
In-Reply-To: <D9CE2A0E-ED97-4650-A798-671136AC9179@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.17.5.14]
Content-Type: multipart/alternative; boundary="_000_786F13AA11E69F4DB2CCA23F7400C2FB01464D5FS2010EXCH1adloc_"
MIME-Version: 1.0
X-OriginalArrivalTime: 07 Jun 2013 07:31:32.0737 (UTC) FILETIME=[088E5710:01CE6351]
Cc: "Softwires-wg list \(softwires@ietf.org\)" <softwires@ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>, "behave@ietf.org" <behave@ietf.org>, "Rajiv Asati \(rajiva\)" <rajiva@cisco.com>
Subject: Re: [BEHAVE] [v6ops] Home NAPT44 - How many ports?
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2013 07:31:42 -0000

Hi all,

I've been working quite some time with Home Gateways and in my experience the older models (3+ years) typically support 1000-2000 simultaneous sessions, while the newer ones go up to 4000, some even up to 9000.

Branimir

From: behave-bounces@ietf.org [mailto:behave-bounces@ietf.org] On Behalf Of Dan Wing
Sent: Friday, June 07, 2013 2:19 AM
To: John Mann
Cc: Softwires-wg list (softwires@ietf.org); v6ops@ietf.org; behave@ietf.org; Rajiv Asati (rajiva)
Subject: Re: [BEHAVE] [v6ops] Home NAPT44 - How many ports?


On Jun 6, 2013, at 5:02 PM, John Mann <john.mann@monash.edu<mailto:john.mann@monash.edu>> wrote:


Hi,

On 7 June 2013 08:41, Rajiv Asati (rajiva) <rajiva@cisco.com<mailto:rajiva@cisco.com>> wrote:
Hi Dan,

> and so on.  I am surprised you conclude that "500 seems ok" when such a
> limit would interfere with your network use on those days.
I based that statement ("...seems ok,") on the very fact that the number of times the NAT utilization exceeded 500 mappings (equating to 500 ports, in my setup) in the sample period (~2 months) was relatively quite low. So, if the NAT device was limited to only 500 mappings, then the experience would have been ok for 99% of the time and degraded 1% of the time. This is an important consideration, IMO.

For ex, in the last 2 weeks, the number of times NAT mappings exceeded 500 were:

June 3 - 1 time
May 29 - 1 time
May 28 - 3 times
May 26 - 1 time
May 23 - 1 time
May 22 - 2 times
May 21 - 3 times

I think a more-interesting statistic would be "how many connection setups would have failed".
But I don't think you can measure that just by polling concurrent connections at specific times.
It might take e.g. netflow exporting and analysis ...

However "number of concurrent connections that couldn't have been setup" would be useful in gauging the impact
e.g. on May 29 there was one spike of 734 concurrent connections, then report that as 234 potential failures.

Of course, 1000 ports (resulting in 1000+ mappings) would have been more than enough to accommodate the times when the mappings exceeded 500, but stayed within 1000 (except once).


> What is the maximum number of mappings supported by your NAPT device?
> Some residential-class NATs have a limit of 1024 mappings.

Is that a combined limit of TCP and UDP and ICMP, or independent?

The study at http://eggert.org/papers/2010-imc-hgw-study.pdf only analyzed TCP bindings.

-d




My NAPT device seemingly can use upto 64K ports. :)

Cheers,
Rajiv


> -----Original Message-----
> From: Dan Wing (dwing)
> Sent: Thursday, June 06, 2013 11:43 AM
> To: Rajiv Asati (rajiva)
> Cc: v6ops@ietf.org<mailto:v6ops@ietf.org>; Softwires-wg list (softwires@ietf.org<mailto:softwires@ietf.org>);
> behave@ietf.org<mailto:behave@ietf.org>; Erik Kline (ek@google.com<mailto:ek@google.com>)
> Subject: Re: [BEHAVE] Home NAPT44 - How many ports?
>
>
> On Jun 5, 2013, at 6:14 AM, Rajiv Asati (rajiva) <rajiva@cisco.com<mailto:rajiva@cisco.com>> wrote:
>
> > Some of you may recall our discussion (during the last IETF) around "how
> many TCP/UDP ports are enough with NAPT44" per home, as ISPs move into
> A+P paradigm. ~500, ~1000, ~3000???
> >
> > Well, I started monitoring my home router and plotting the NAPT44 port
> utilization on a minute-by-minute basis. You may find it here -
> http://www.employees.org/~rajiva
> >
> > In short, port range of 500 seems ok, though 1000 would be more than
> enough for my home.
>
> I see several spikes in your data over 500 ports.  During those times,
> applications would be unable to function (unable to get a port).  April 29/30
> is a long time where that occurs very visibly, but there are shorter spikes
> elsewhere such as on April 17 and April 18.  If you had only 500 ports on
> those days, creating a new TCP mapping would have been impossible,
> impacting ability to send or receive email, order books from Amazon.com<http://Amazon.com>,
> and so on.  I am surprised you conclude that "500 seems ok" when such a
> limit would interfere with your network use on those days.
>
> What is the maximum number of mappings supported by your NAPT device?
> Some residential-class NATs have a limit of 1024 mappings.
>
> -d
>
> > Suffice to say, this is just a sample representation, since the port
> utilization would vary home to home, based on number of active devices,
> type of applications, the degree of simultaneous device or application
> usage etc.
> >
> > If any of you are doing similar monitoring, then please share.
> >
> > Cheers,
> > Rajiv
> >
> > PS: Thanks to Erik Kline, who explained (with sufficient details) how to use
> google charting for my data. And thanks to Xun Wang & Shaoshuai Dai for
> helping me out significantly.
> >
> > PS: My home has 3-4 active devices.
> > _______________________________________________
> > Behave mailing list
> > Behave@ietf.org<mailto:Behave@ietf.org>
> > https://www.ietf.org/mailman/listinfo/behave

_______________________________________________
v6ops mailing list
v6ops@ietf.org<mailto:v6ops@ietf.org>
https://www.ietf.org/mailman/listinfo/v6ops




<HTML><P><FONT face=Arial color=#999999 size=1>

IZJAVA O ODRICANJU ODGOVORNOSTI: Sadržaj ove poruke i eventualno priloženih datoteka je povjerljiv i namijenjen je samo osobama ili subjektima koji su navedeni u adresi. Ukoliko ste primili ovu poruku greškom, molimo Vas, obavijestite pošiljatelja, a poruku i sve njene privitke odmah, bez čitanja, trajno uklonite s računala. Bilo kakvo prenošenje, kopiranje ili distribucija informacija sadržanih u poruci trećim osobama je zabranjeno i može biti zakonski kažnjivo. Sadržaj, stavovi i mišljenja izneseni u poruci su autorovi i ne predstavljaju nužno stavove HT - Hrvatskih telekomunikacija d.d. HT ne prihvaća nikakvu odgovornost za eventualnu štetu nastalu primitkom ove poruke i priloga sadržanih u poruci.

</FONT></P><P><FONT face=Arial color=#999999 size=1>

 DISCLAIMER:The contents of this email as well as any files attached to it are confidential and intended solely for individuals or entities which they are addressed to. If you have received this email message in error, please notify the sender and permanently remove the message and all attached files from the computer. Any disclosure, copying or distribution of all or a part of information contained herein to or by third parties is prohibited and may be unlawful. Please note that any views or opinions presented in this message are solely those of the author and do not necessarily represent the views and opinions of Croatian Telecom Inc. Croatian Telecom Inc. accepts no liability for any potential damage caused by this message and files attached to it.

</FONT></P></HTML>