[Dnsmasq-discuss] NAT Congestion Enhancement for DNS Client Port Selection
ericluehrsen at hotmail.com
Sun Jul 12 06:40:50 BST 2015
Its been awhile since I could try to simulate a good use case.
In short its peeling an onion and just exposed a whole bunch of
bad factors. There are other issues in these gateways. They do a
"lot of stuff" that has no customer tuning or even visibility.
This confounds any honest testing. If port-mapping-connections,
entanglement, and business-guest isolation double NAT ...
... and added fun carrier NAT, ugh ...
were the only problems, then maybe this idea had a place.
Considering all, its ready for the recycle bin.
> If you want to experiment with strategies, and your C is OK, it should
> be quite easy to do. Look at allocate_rfd() in src/forward.c. That has
> two bits of code, the first makes a new random socket, and if that
> fails (kernel resource issues, or maximum number (RANDOM_SOCKS) in
> use) it falls through to the second bit, which uses an existing
> socket/port instead. All the reference-counting stuff to share random
> ports is already there, you just need to add some code to decide when
> to use an existing port instead of making a new one.
> It would be interesting to hear if this actually improves things.
>> I would like to propose that DNSMASQ move [random per port#
>> over short time] and also DNSMASQ move client ports
>> when so many requests have processed (max-concurrent reused or
>> %10 of cache or random again?). This will keep its profile on
>> the NAT down and it will maintain the moving target against
>> The use case is in some new products for home and small business
>> with cable ISP. These are a super-media-gateway-box with media
>> server, cable interface, two independent VOIP lines, cable modem,
>> and wireless gateway. MOCA serves TV through client media boxes.
>> One public IPV4 to do all of this. These are a great concept, but
>> the modem, firewall, and wireless are poorly implemented. However,
>> this combo may be the most economic offering for monthy cost.
>> Super-gateways often don't provide even Primary and Guest networks
>> (ie isolate Coffee Shop POS and Guest Free WiFi). There's nothing
>> if you want to prevent neighbor business from free-loading into
>> your Guest Wifi, and so use beverage receipt passwords.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dnsmasq-discuss