On Sat, 11 Jun 2016 00:21:52 +0900, Masataka Ohta said: > As such, the fish passages can be constructed, if translation > behavior of the NAT boxes are known to end systems so that > the end systems have sufficient knowledge to reverse the > translation.
This requires each end system to restrict its use of ephemeral ports to a specified *different* subrange per system, because the number of end systems times their ephemeral port range can't exceed the number of front-end systems times their ephemeral port range. You just lost the only thing that makes CGNAT work - time multiplexing a given external IP/port pair across several sequential users. Also, there's no existing mechanism for "if translation behavior of the NAT boxes are known to end systems". So you're looking at end systems having to change software *anyhow*.
pgpA9J94Lppqn.pgp
Description: PGP signature
