Mans Nilsson wrote:
>>> Do not NAT. When all those people want to do social networking to the same
>>> furry BBS while also frequenting three social app sites simultaneously
>>> you are going to get Issues if you NAT. So don't.
> I am not suggesting that. I'm just trying to point out that there
> might be a bunch of assumptions that aren't as true anymore when a
> lot of client connections share both source and destination address,
> and perhaps also destination port. If this happens simultaneously when
> a large amount of other tcp connections are NATed through the same box,
> resource starvation will occur.
Then, an advise better than yours is Chris's:
: with small budgets.
: You'll need a beefy NAT box. Linux with Xeon CPU and 4GB RAM
: minimum. Run your DNS resolver and DHCP here, unless you have
: hardware to spare.
: Bandwidth. Lots of Bandwidth.
posted before yours.
> If public address space is available,
> it is better to use that.
It depends on budgets and other factors.
> Also, no NAT means there will be no session
> timers for things like long lived low bandwidth tcp sessions.
Assuming no NAT firewalls without very large connection tables,
not necessarily.
Masataka Ohta
