Wireless Access

So, I got a question from a customer whether or not we can do NAT.

"Sure" I said.

Then he mentioned it was for 5000 to 10000 concurrent users.

"Euhm, not sure, let me check"

So, here we are.

Are there any numbers out there somewhere that confirm this is a bad idea? Or will I be suprised and be able to confirm it is not a problem?

hi Koen

From a reference perspective, Aruba ran the keynote auditorium of Airheads APAC this year through a dedicated 7240 as the "nat box" and it works fine. You need to use a "source nat pool" of IPs of course as one IP will be saturated quite fast by 1000's of users, Aruba used a pool of 6 IPs if memory serves.

How many IPs you will need depends on what your users are doing and whethere there is a risk/need for them to be port scanning/bittorrenting (or anything else that might be consuming large numbers of ephemeral ports).

We can consider that ports 10,000 to 65,536 are generally available for NAT, and let's ballpark 100 avg in use sessions per end user (which is on the high side but not rediculous) then one IP can roughly sustain  55,536/100 = ~ 555 users.

The other limit is the number of sessions that the controller itself can sustain. With the exception of the 7205, the 7200 series all support 2,015,291 sessions. A NATted session will consume 2 sessions, the incoming one and the src-natted outgoing one. So, we can say 2,015,291/2 = 1,007,645 and then using the same 100 sessions/user, we get a number around 10,000 users.

hth.