IETF Logo Mail Archive

Re: [ledbat] list of reasons for needing multiple TCP connections

"Robb Topolski" <robb@funchords.com> Mon, 01 December 2008 23:27 UTC

Return-Path: <ledbat-bounces@ietf.org>
X-Original-To: tana-archive@ietf.org
Delivered-To: ietfarch-tana-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EFF8328C127; Mon, 1 Dec 2008 15:27:40 -0800 (PST)
X-Original-To: ledbat@core3.amsl.com
Delivered-To: ledbat@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E338728C136 for <ledbat@core3.amsl.com>; Mon, 1 Dec 2008 15:27:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.728
X-Spam-Level:
X-Spam-Status: No, score=-1.728 tagged_above=-999 required=5 tests=[AWL=0.248, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ZAb8zr9759H for <ledbat@core3.amsl.com>; Mon, 1 Dec 2008 15:27:38 -0800 (PST)
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.224]) by core3.amsl.com (Postfix) with ESMTP id 7DA2328C103 for <ledbat@ietf.org>; Mon, 1 Dec 2008 15:27:38 -0800 (PST)
Received: by rv-out-0506.google.com with SMTP id b25so2610475rvf.49 for <ledbat@ietf.org>; Mon, 01 Dec 2008 15:27:34 -0800 (PST)
Received: by 10.141.197.21 with SMTP id z21mr5451359rvp.267.1228174053943; Mon, 01 Dec 2008 15:27:33 -0800 (PST)
Received: by 10.141.20.16 with HTTP; Mon, 1 Dec 2008 15:27:33 -0800 (PST)
Message-ID: <3efc39a60812011527s361af2ben9a333f5f92bfa1cc@mail.gmail.com>
Date: Mon, 01 Dec 2008 15:27:33 -0800
From: Robb Topolski <robb@funchords.com>
To: "ledbat@ietf.org" <ledbat@ietf.org>
In-Reply-To: <49346C79.8090308@bennett.com>
MIME-Version: 1.0
References: <4925BDEE.6090101@isi.edu> <8c99930d0811201206yb0ef259v28c361438cb14773@mail.gmail.com> <DC2CEB0C-4C70-42CD-8ADE-AFF4E45B1915@shlang.com> <C3E8A5B2-16BE-47FD-9DD9-5AFCBA6BEBED@nokia.com> <492F27F3.3020309@bennett.com> <3efc39a60812011438s71066079s4b467eab43d7a998@mail.gmail.com> <49346C79.8090308@bennett.com>
Subject: Re: [ledbat] list of reasons for needing multiple TCP connections
X-BeenThere: ledbat@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mailing list of the LEDBAT WG <ledbat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ledbat>, <mailto:ledbat-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/ledbat>
List-Post: <mailto:ledbat@ietf.org>
List-Help: <mailto:ledbat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ledbat>, <mailto:ledbat-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2095582173=="
Sender: ledbat-bounces@ietf.org
Errors-To: ledbat-bounces@ietf.org

>
> in the course of a 24 hour period you will typically see a total of well
> over 4000 NAT table entries for BitTorrent when it's in use.


Good grief.

"In the course of a 24-hour period" is a huge qualifier, not to mention
irrelevant.  How big is the NAT table over the course of a year?   You can
really demonize P2P with a stat like that!!

The only relevant NAT table is the one you have, now.

TCP is actually more friendly to this problem than UDP, because it give the
> NAT a clue about when it's safe to free an entry.
>

I don't know that TCP is any more or less friendly.  Sure, it gives state,
but you have to track that state and do an orphan timer.  Meanwhile, a lot
of TCP apps send keepalives anyway, rendering all that pretty much
meaningless.

Stateless  UDP is much more of a problem.
>

With UDP, it's much less of a problem.  Devices can just expire the entry
after sufficient time has passed since the last traversal -- which is what
they already do.

With TCP entries, owing to the chance that keepalives aren't used, my
favorite router sets a 2.5 hour timer.  With UDP entries, it's 5 minutes.





On Mon, Dec 1, 2008 at 3:00 PM, Richard Bennett <richard@bennett.com> wrote:

>  Au contraire, Robb, in the course of a 24 hour period you will typically
> see a total of well over 4000 NAT table entries for BitTorrent when it's in
> use. The fact that BitTorrent doesn't use all the thousands at the same time
> isn't the issue, it's the fact that a mapping entry has to be made in the
> table each time a packet is sent from an end system behind the NAT to one in
> front of the NAT. TCP is actually more friendly to this problem than UDP,
> because it give the NAT a clue about when it's safe to free an entry.
> Stateless  UDP is much more of a problem.
>
> RB
>
> Robb Topolski wrote:
>
>
>
>  Most home "routers" have all been modified by now not to crash when
>> BitTorrent has opened thousands of TCP connections. These connections
>> consume mapping table resources and were a problem until it they were
>> garbage-collected.
>>
>>
> I claim to have no handle on what "most" home routers do, but I doubt this
> assertion.
>
> NAT table size continues to be a problem with NAT limit, and not because
> BitTorrent typically opens thousands of TCP connections (it doesn't, nor do
> trackers generally provide the thousands of peer addresses necessary to go
> with those connections), but because the combination of the UDP-based DHT in
> addition to 100 TCP connections and a decent amount of WAN-LAN traffic is
> enough to overcome NAT tables in popular routers being sold today.
>
>
> http://www.smallnetbuilder.com/component/option,com_chart/Itemid,189/chart,124/
> (note 200 is the upper limit of their test method, but of use to this
> message is the number and market position of routers that support less than
> 200)
>
> Belkin's F5D8232-4 is 41st in Amazon's sales rank for "routers" and maxed
> out at 180 connections.
> Netgear FVS124G is 14th in "gigabit routers" and maxes out at 196.
> Apple's BL053LL/A is 1st in "gigabit routers" and maxes out at 128.
>
> Do they crash?  Beats me.  But NAT table size limit is definitely a
> consideration.  The behaviors when those limits are reached are varied and,
> even on some recently sold equipment, sometimes less than graceful. One of
> the most common failure modes I've run across is that DNS Relay stops
> working or the configuration pages stop responding while pre-existing
> connections continue uninterrupted!  (I'm guessing that the daemons
> supporting these functions either get killed or lack enough memory to do
> anything, they themselves are shut out of the NAT table, or maybe they won't
> launch when CPU load is greater than some amount.)
>
> I think it continues to deserve inclusion.  If someone has data to the
> contrary, please bring it.
>
>
> --
> Robb Topolski (robb@funchords.com)
> Hillsboro, Oregon USA
> http://www.funchords.com/
>
> ------------------------------
>
> _______________________________________________
> ledbat mailing listledbat@ietf.orghttps://www.ietf.org/mailman/listinfo/ledbat
>
>
> --
> Richard Bennett
>
>


-- 
Robb Topolski (robb@funchords.com)
Hillsboro, Oregon USA
http://www.funchords.com/

_______________________________________________
ledbat mailing list
ledbat@ietf.org
https://www.ietf.org/mailman/listinfo/ledbat

v2.23.0 | Report a Bug | By Email