Re: [BEHAVE] [v6ops] Home NAPT44 - How many ports?

John Mann <john.mann@monash.edu> Fri, 07 June 2013 00:03 UTC

Return-Path: <john.mann@monash.edu>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BC4E21F8F69 for <behave@ietfa.amsl.com>; Thu, 6 Jun 2013 17:03:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.376
X-Spam-Level:
X-Spam-Status: No, score=-5.376 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pXxQJ2AVet9E for <behave@ietfa.amsl.com>; Thu, 6 Jun 2013 17:03:02 -0700 (PDT)
Received: from na3sys009aog128.obsmtp.com (na3sys009aog128.obsmtp.com [74.125.149.141]) by ietfa.amsl.com (Postfix) with ESMTP id E56F921F8E89 for <behave@ietf.org>; Thu, 6 Jun 2013 17:02:50 -0700 (PDT)
Received: from mail-we0-f176.google.com ([74.125.82.176]) (using TLSv1) by na3sys009aob128.postini.com ([74.125.148.12]) with SMTP ID DSNKUbEjJfrtp0Oh38iVwUdksgI1WdcuTmoT@postini.com; Thu, 06 Jun 2013 17:02:54 PDT
Received: by mail-we0-f176.google.com with SMTP id t56so2531445wes.7 for <behave@ietf.org>; Thu, 06 Jun 2013 17:02:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=3kc58T8ylttI1qpEPU5Y+ebdfdTQ/WZquFtnPlGJLrU=; b=V87G+s4EvBwttPLmbUul2dbBNdisqro3AI0G/pWOvpqCN4nKaIWHf7/AYl8NAHDD/A F77xg3d92qkrwTt7hECgIsWxImLdO7TSUjkJqJZ7JNRXMCohnWr1ar5L0rc9xPi4Xu/3 85Wl5QqiWlxdg4KZsyKcOO3B5kgTjxA8ff6ENmyiP+NsCEHvqrhORgRJGr9aIvK/gAwR At/rA2XyQSEl+ysd1zQEOcFjgtxup5BCodUQsuzD194n+Yr756hhdBl0AHYfJy3BGLCR 7nuqADjV9xjJXZNHNtHM7qAh1OASN24Q6ZgsyhYGXK9GiATqXyZuUiROaZiikPojNQ5B UtTA==
X-Received: by 10.180.206.176 with SMTP id lp16mr232132wic.43.1370563364469; Thu, 06 Jun 2013 17:02:44 -0700 (PDT)
X-Received: by 10.180.206.176 with SMTP id lp16mr232123wic.43.1370563364344; Thu, 06 Jun 2013 17:02:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.227.112.201 with HTTP; Thu, 6 Jun 2013 17:02:24 -0700 (PDT)
In-Reply-To: <B14A62A57AB87D45BB6DD7D9D2B78F0B116D8383@xmb-rcd-x06.cisco.com>
References: <B14A62A57AB87D45BB6DD7D9D2B78F0B116D2400@xmb-rcd-x06.cisco.com> <FC155739-3CB3-48FD-B77A-8526BEE9648B@cisco.com> <B14A62A57AB87D45BB6DD7D9D2B78F0B116D8383@xmb-rcd-x06.cisco.com>
From: John Mann <john.mann@monash.edu>
Date: Fri, 7 Jun 2013 10:02:24 +1000
Message-ID: <CA+OBy1MD-kqj4kSjau9LreSZhFdGzrOqCAGNi9DuMaqJVvM-SQ@mail.gmail.com>
To: "Rajiv Asati (rajiva)" <rajiva@cisco.com>
Content-Type: multipart/alternative; boundary=001a11c37be079626904de8526d7
X-Gm-Message-State: ALoCoQnenmXLjr7ZKE4kvgbLy6TUvbwcqIMz84xhE75f9+iQ3hoNhdAp5qd/RC9nKusq3wVAsD9oBSztjL2ghr0PEsC5Sbghb97KnEqsujwtRaAoZhKcrFeefq5YVS+VHCujatecZKayBqfs8RvOeibzLYtASX8hSQ==
X-Mailman-Approved-At: Fri, 07 Jun 2013 08:57:20 -0700
Cc: "Softwires-wg list \(softwires@ietf.org\)" <softwires@ietf.org>, "v6ops@ietf.org" <v6ops@ietf.org>, "behave@ietf.org" <behave@ietf.org>, "Dan Wing \(dwing\)" <dwing@cisco.com>
Subject: Re: [BEHAVE] [v6ops] Home NAPT44 - How many ports?
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jun 2013 00:03:08 -0000

Hi,

On 7 June 2013 08:41, Rajiv Asati (rajiva) <rajiva@cisco.com> wrote:

> Hi Dan,
>
> > and so on.  I am surprised you conclude that "500 seems ok" when such a
> > limit would interfere with your network use on those days.
>
> I based that statement ("...seems ok,") on the very fact that the number
> of times the NAT utilization exceeded 500 mappings (equating to 500 ports,
> in my setup) in the sample period (~2 months) was relatively quite low. So,
> if the NAT device was limited to only 500 mappings, then the experience
> would have been ok for 99% of the time and degraded 1% of the time. This is
> an important consideration, IMO.
>
> For ex, in the last 2 weeks, the number of times NAT mappings exceeded 500
> were:
>
> June 3 - 1 time
> May 29 - 1 time
> May 28 - 3 times
> May 26 - 1 time
> May 23 - 1 time
> May 22 - 2 times
> May 21 - 3 times
>

I think a more-interesting statistic would be "how many connection setups
would have failed".
But I don't think you can measure that just by polling concurrent
connections at specific times.
It might take e.g. netflow exporting and analysis ...

However "number of concurrent connections that couldn't have been setup"
would be useful in gauging the impact
e.g. on May 29 there was one spike of 734 concurrent connections, then
report that as 234 potential failures.

Of course, 1000 ports (resulting in 1000+ mappings) would have been more
> than enough to accommodate the times when the mappings exceeded 500, but
> stayed within 1000 (except once).
>
>
> > What is the maximum number of mappings supported by your NAPT device?
> > Some residential-class NATs have a limit of 1024 mappings.
>

Is that a combined limit of TCP and UDP and ICMP, or independent?

My NAPT device seemingly can use upto 64K ports. :)
>
> Cheers,
> Rajiv
>
>
> > -----Original Message-----
> > From: Dan Wing (dwing)
> > Sent: Thursday, June 06, 2013 11:43 AM
> > To: Rajiv Asati (rajiva)
> > Cc: v6ops@ietf.org; Softwires-wg list (softwires@ietf.org);
> > behave@ietf.org; Erik Kline (ek@google.com)
> > Subject: Re: [BEHAVE] Home NAPT44 - How many ports?
> >
> >
> > On Jun 5, 2013, at 6:14 AM, Rajiv Asati (rajiva) <rajiva@cisco.com>
> wrote:
> >
> > > Some of you may recall our discussion (during the last IETF) around
> "how
> > many TCP/UDP ports are enough with NAPT44" per home, as ISPs move into
> > A+P paradigm. ~500, ~1000, ~3000???
> > >
> > > Well, I started monitoring my home router and plotting the NAPT44 port
> > utilization on a minute-by-minute basis. You may find it here -
> > http://www.employees.org/~rajiva
> > >
> > > In short, port range of 500 seems ok, though 1000 would be more than
> > enough for my home.
> >
> > I see several spikes in your data over 500 ports.  During those times,
> > applications would be unable to function (unable to get a port).  April
> 29/30
> > is a long time where that occurs very visibly, but there are shorter
> spikes
> > elsewhere such as on April 17 and April 18.  If you had only 500 ports on
> > those days, creating a new TCP mapping would have been impossible,
> > impacting ability to send or receive email, order books from Amazon.com,
> > and so on.  I am surprised you conclude that "500 seems ok" when such a
> > limit would interfere with your network use on those days.
> >
> > What is the maximum number of mappings supported by your NAPT device?
> > Some residential-class NATs have a limit of 1024 mappings.
> >
> > -d
> >
> > > Suffice to say, this is just a sample representation, since the port
> > utilization would vary home to home, based on number of active devices,
> > type of applications, the degree of simultaneous device or application
> > usage etc.
> > >
> > > If any of you are doing similar monitoring, then please share.
> > >
> > > Cheers,
> > > Rajiv
> > >
> > > PS: Thanks to Erik Kline, who explained (with sufficient details) how
> to use
> > google charting for my data. And thanks to Xun Wang & Shaoshuai Dai for
> > helping me out significantly.
> > >
> > > PS: My home has 3-4 active devices.
> > > _______________________________________________
> > > Behave mailing list
> > > Behave@ietf.org
> > > https://www.ietf.org/mailman/listinfo/behave
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>