Hi Matus, That's unfortunate. That would work as an immediate solution. I've considered a solution like that, but I'm worried it might be wasteful. I considered that very setup when I was contemplating a sort of hybrid NAT between dynamic NAT and CGN. In CGN, just as we allocate a number of ports per IP by dividing all external IPs and ports with the number of internal IPs, we'd allocate a block of ports for each new user created, just as you say. In reality, you have some users who only occupy a handful of ports, and others who occupy hundreds. I'd imagine a potential sane compromise might be to have both a limit for the max number of local users per global IP, and max translations per user. That way we can avoid having, say, ten thousand local clients on a global IP with just a few ports each, and at the same time we can ensure that no single client takes up too many ports. It would be a compromise that can scale, and won't necessarily punish the system if most users only use a few ports, rather than allocating the ports in advance. The downside is that if we have, say, a limit of 120 clients, and each client only uses a handful of ports, we'll have thousands of unused ports on that global IP. For the sake of such an implementation, it might be good if the limit can be changed during runtime instead of only at startup.
As I mentioned, PAP seems less efficient than AAP, but it might be a necessary loss of efficiency in order to maintain functionality with all the services that break without it, as per the RFC4787 requirements and recommendations. Thanks, John
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#12192): https://lists.fd.io/g/vpp-dev/message/12192 Mute This Topic: https://lists.fd.io/mt/29639823/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
