The benchmarking of Network Address and Protocol Translation from IPv6 clients to IPv4 servers (stateful NAT64) gateways is challenging from a methodological point of view because the state of the art benchmarking standards have some requirements that are conflicting when applied to stateful NAT64 gateways. In this paper, several methodological gaps are pointed out and a benchmarking methodology is proposed, which is applicable for any stateful NATxy gateways, where x and y are in {4, 6}. It bridges all the gaps by reconciling the conflicting requirements and facilitating the execution of the industry standard benchmarking measurement procedures (throughput, latency, frame loss rate, packet delay variation) with stateful NATxy gateways. New performance metrics specific to stateful testing are also defined: maximum connection establishment rate, connection tear down rate, and connection tracking table capacity. The proposed methodology is suitable for examining the scalability of the stateful NATxy gateways, too. The methodology is validated by applying it to the benchmarking of three radically different stateful NAT64 implementations: Jool, tayga plus iptables, and OpenBSD Packet Filter (PF). The details of the measurements and their results are fully disclosed.

—The stateful NAT44 performance of iptables is an important issue when it is used as a stateful NAT44 gateway of a CGN (Carrier-Grade NAT) system. The performance measurements of iptables published in research papers do not comply with the requirements of RFC 2544 and RFC 4814 and the usability of their results has serious limitations. Our Internet Draft has proposed a benchmarking methodology for stateful NATxy (x, y are in {4, 6}) gateways and made it possible to perform the classic RFC 2544 measurement procedures like throughput, latency, frame loss rate, etc. with stateful NATxy gateways using RFC 4814 pseudorandom port numbers. It has also defined new performance metrics specific to stateful testing to quantify the connection setup and connection tear down performance of stateful NATxy gateways. In our current paper, we examine how the performance of iptables depends on various settings, and also if certain tradeoffs exist. We measure the maximum connection establishment rate, throughput and tear down rate of iptables as well as its memory consumption as a function of hash table size always using 40 million connections. We disclose all measurement details and results. We recommend new settings that enable network operators to achieve significantly higher performance than using the traditional ones.

DNS64 is an important IPv6 transition technology that facilitates the communication of an IPv6 only client with an IPv4 only server, which becomes a more and more common scenario. Several different DNS64 implementations exist, and their performance is a relevant decision factor for network operators. RFC 8219 has defined a benchmarking methodology for DNS64 servers, which requires the operation of an authoritative DNS server at 220% of the query rate used for DNS64 benchmarking. In this paper, we aim to build an authoritative DNS server that operates at 2.2 million qps (queries per second) rate, thus it facilitates DNS64 benchmarking up to 1,000,000 qps rate. To that end, we compare the performance of BIND, YADIFA, NSD, Knot DNS and FakeDNS (a special purpose software) to find the best suiting one of them. We fully disclose the details of our measurements including the configuration of the DNS implementations, the usage of our improved software tester called dns64perf ++, and the details of the hardware and software measurement environment in the NICT StarBED, Japan. We perform a series of measurements to examine, how the performance of the tested solutions scale up with the number of the active CPU cores from 1 to 32. Besides their performance, we also measure their memory consumption and zone load time. We present and discuss all the results. In addition to successfully building an authoritative DNS server with the required performance, we also make recommendations, which solutions suit to different special needs.