NAT usage at large companies (was: Re: [e2e] Number of persistent connections per HTTP server?)

Bengt Gördén bengan at sunet.se
Wed Oct 16 13:54:55 PDT 2002


On Wed, Oct 16, 2002 at 11:12:56AM -0700, John Heidemann wrote:
> On Mon, 14 Oct 2002 22:42:33 PDT, Vadim Antonov wrote: 
> >On Mon, 14 Oct 2002, Joe Touch wrote:
> >> Since the NAT likely shares the majority of the path that determines RTT 
> >> and bandwidth, it won't hurt sharing.
> >
> >Very often, this is not the case.  What you have in a typical organization
> >is single NAT/firewall, and a VPN behind it.  Quite often parts of that
> >VPN are on different continents :)
> 
> Can folks offer some more details about how prevalent this kind of
> NAT deployment is?

I can only speak for the network that I'm part of the NOC for, and that
is SUNET (AS1653). We have about 30 Universities connected to
SUNET. University's are connected with 2.4Gbit/s access. Of them I know
2 that actually have off-the-shelf-firewall with NAT involved. I think
actually they're 3 but I don't have that confirmed. Several of the
others put the students appartments behind NAT.

The problem we see is that we try to motivate them to apply
for IP-addresses (we do have a few ipv4 left over :-) but they still
want to NAT because of the security that it brings.


> My assumption was that NAT is primarily used by homes/small
> organizations that are geographically co-located.

In our case the University's are spread out over the country and maybe
they are small (it depends with what we compare) but they have about
5000-20000 users (students and staff) each.


> etc.  (Insert your own more inflamatory statements about NAT here.)

It breaks end-to-end. :-)



- Bengan -----------------------------------------------------------
- KTHNOC/SUNET/NORDUnet --------------------------------------------




More information about the end2end-interest mailing list