[AusNOG] SMH: "No room at the internet"
Adrian Chadd
adrian at creative.net.au
Thu May 20 13:06:09 EST 2010
On Thu, May 20, 2010, David Connors wrote:
> FWIW, I received zero worthwhile recommendations for that NAT problem I
> posed (and one worthwhile one for the shaping request). The specific port
> exhaustion issue was really an issue with how Windows manages the public
> side of the NAT but still ... Every time I ask people what to use for 3500
> people behind NAT on one network they just look at me blankly.
>
Didn't you ask for something cheap for that?
I've deployed NATs for 10k + users. It isn't hard. You just need
to be aggressive in per-IP restrictions, timing out HTTP persistent
connections and obtain a few public IPs.
I've also been peripherally involved in doing per-user
shaping for 10k+ users at a few hundred megabits. Again, it's
doable, but you end up having to hack up the kernel to
add some scalable per-IP rulesets that don't get evaluated
O(1) to find which shaping rule(s) to hit.
Adrian
More information about the AusNOG
mailing list