Implementation and Performance Study of a New NAT/Firewall Signaling Protocol

The NAT/Firewall NSIS Signaling Layer Protocol (NAT/Firewall NSLP) is a path-coupled signaling protocol for explicit Network Address Translator and firewall configuration within an extensible IP signaling framework currently being developed by the IETF Next Steps In Signaling (NSIS) working group. This new protocol allows end hosts to signal along a path to configure NATs and firewalls according to the data flow needs. This paper presents a first open source implementation and performance evaluation of NAT/Firewall NSLP. It shows that the implementation scales well and is able to support firewall signaling for up to tens of thousands of flows in parallel even in a low-end PC testbed environment.