How many valid NAT mappings can a common NAT support?

nat

Two factors impact the maximum possible number of NAT mappings for a single device: the type of NAT and the amount of memory available for the NAT table:

  • As for the type of NAT, let's consider a full-cone NAT, to see how this affects the number of possible mappings: every internal ip:port pair is mapped to an external ip:port pair. Let's now assume that the NAT has only one external IP address available, the maximum number of possible mappings is limited by the possible number of external ports, which is 2^16.

  • As for the amount of memory available for the NAT table, we have to separate two distinct classes of NATs: "hardware" and "software" NATs. I consider purpose-built devices such as home routers or professional network equipment to be hardware NATs, whereas stock PCs running a general-purpose OS along with some NAT software makes a software NAT.

    Whereas software NATs are obviously limited by the amount of memory the host machine has, hardware NATs have memory for NAT mappings built-in, which is typically not expandable, unless you are dealing with carrier-grade equipment. The size of this fixed memory then forms the limit on how much NAT mappings can be held alive concurrently. For typical home-router devices, NAT table sizes are in the range of 2^10 to 2^14 entries.

I think that should give you a pretty good idea of the dimensions limiting NAT mappings in practice. Obviously there are various other factors along this dimension, like process size limits for user-space software NATs, or policies limiting the maximum number of mappings per single host, etc.


NAT is just a mechanism, it doesn't define any limitations, and any such would be entirely implementation dependent. I doubt if anyone could even give a ballpark average as there are so many NAT implementations out there. This question doesn't really make sense.


Up to now, the best answer is in this web page: http://www.informit.com/articles/article.aspx?p=25273&seqNum=5 :

Theoretically, there is no limit on the number of mappings that the NAT table can hold. Practically, memory and CPU or the boundaries of the available addresses or ports place a limit on the number of entries. Each NAT mapping uses approximately 160 bytes of memory. In the rare case where the entries must be limited either for performance or policy reasons, you can use the ip nat translation max-entries command.

Related

Hyper-V Requirements, disk partitioning
Getting full path of executables in 'ps auxwww' output
AD: Can you be member of unlimited groups?
How can I see which processes locked a file?
System to use to maintain a corporate directory
init script is not getting installed to /etc/init.d
Getting NFS clients to retry mount if NFS server down when client boots
Permission issues with Samba and OS X
Help putting together a server for Routing/Firewall/VPN purposes
phpMyAdmin showing database is MyISAM but tables are InnoDB
Where does youtube store so many videos?
Post-install steps for a new Linux instance, and how to automate them