[p2p-hackers] Number of pinholes supported by low-end NATs?

Saikat Guha saikat at cs.cornell.edu
Thu Mar 2 23:38:00 UTC 2006

On Thu, 2006-03-02 at 16:20 -0500, Philip Matthews wrote:
> Does anyone have any idea how many pinholes a P2P application
> can have open at one time through a typical low-end NAT box?

I just posted about this and linked so some related data in the previous
thread. Most NATs you can buy off the shelf support upwards of a few
thousand; 65k in many cases.

> Do the numbers differ if the messages are carried over UDP vs TCP?

It may. There are two things to consider here (beside UDP/TCP). One is
the NAT mapping type (think "cone" or not), and the other is NAT
filtering type (think "full", "restricted" etc.) 

Intuitively, full cone NATs need only keep track of the mapping (just
the local port) -- they can potentially support infinite simultaneous
sessions from the same local port; and support ~65K such local ports.

Non-cone, or restricted cone NATs need to track each session (both local
port, and destination) -- they can support roughly ~65K simultaneous
sessions combined over all choices of local ports.

This number can differ for UDP and TCP; and in some cases, the combined
number of simultaneous TCP and UDP sessions could be subject to a sum
total of ~65K.

If you are looking for some really absolute pessimistic lower bounds,
the most conservative I'd go would be ~1K simultaneous sessions (TCP and
UDP combined) through the NAT.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://zgp.org/pipermail/p2p-hackers/attachments/20060302/e83dc097/attachment.pgp

More information about the P2p-hackers mailing list