Firewall Traversal Method by Pseudo-TCP Encapsulation

Taga, Keigo; Zheng, Junjun; Mouri, Koichi; Saito, Shôichi; Takimoto, Eiji

doi:10.1587/transinf.2021edp7050

Cited by 1 publication

(1 citation statement)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Taga at al. [6] used iptables for testing their firewall traversal method. As for measurement method, they downloaded HTML files with different sizes and measured the download time.…”

Section: A Peer-reviewed Papersmentioning

confidence: 99%

Optimizing the Performance of the Iptables Stateful NAT44 Solution

Lencse¹,

Shima²

2023

Infocommunications journal

View full text Add to dashboard Cite

The stateful NAT44 performance of iptables is an important issue when it is used as a stateful NAT44 gateway of a CGN (Carrier-Grade NAT) system. The performance measurements of iptables published in research papers do not comply with the requirements of RFC 2544 and RFC 4814 and the usability of their results has serious limitations. Our Internet Draft has proposed a benchmarking methodology for stateful NATxy (x, y are in {4, 6}) gateways and made it possible to perform the classic RFC 2544 measurement procedures like throughput, latency, frame loss rate, etc. with stateful NATxy gateways using RFC 4814 pseudorandom port numbers. It has also defined new performance metrics specific to stateful testing to quantify the connection setup and connection tear down performance of stateful NATxy gateways. In our current paper, we examine how the performance of iptables depends on various settings, and also if certain tradeoffs exist. We measure the maximum connection establishment rate, throughput and tear down rate of iptables as well as its memory consumption as a function of hash table size always using 40 million connections. We disclose all measurement details and results. We recommend new settings that enable network operators to achieve significantly higher performance than using the traditional ones.

show abstract

“…Taga at al. [6] used iptables for testing their firewall traversal method. As for measurement method, they downloaded HTML files with different sizes and measured the download time.…”

Section: A Peer-reviewed Papersmentioning

confidence: 99%

Optimizing the Performance of the Iptables Stateful NAT44 Solution

Lencse¹,

Shima²

2023

Infocommunications journal

View full text Add to dashboard Cite

show abstract

Firewall Traversal Method by Pseudo-TCP Encapsulation

Cited by 1 publication

References 16 publications

Optimizing the Performance of the Iptables Stateful NAT44 Solution

Optimizing the Performance of the Iptables Stateful NAT44 Solution

Contact Info

Product

Resources

About