I have approx. 250-300 Dst-Nat rules to monitor devices on my network from the outside.
This network normally support no less than 2000+ users.
I’m seeing approx. 8000 + connections on average.
How does everyone else handle Port Forwarding. There are three ranges to choose from:
Well Known : 0-1023
Registered : 1024-49151
Dynamic : 49152-65535
From past experience with a Hotspot controller before finding MikroTik I got in the habit of using port 60000-65535 because that’s how that model controller handled it.
Now I’m starting to question that this might be a bad method to implement what I want to do. Especially with greater usage.
Looking at the Connection table, most of the users are using the Dynamic Ports. My estimate is about 90% of the traffic is using Dynamic. And probably 10% the registered ports.
So my guess is that when establishing a connection the client and server negotiate a random return port for the connection back to the client device. Mainly in the Dynamic Range.
So if Dynamic is being chosen, that gives: 16383 usable dynamic ports for the clients to connect on.
I feel like by using the Dynamic Ports and being it’s mostly randomly chosen, the clients/servers are probably attempting to connection on ports I’ve used in a Dst-Nat rule.
I feel this might cause some delay in actually establishing the connections if they chosen a port being used by something else. Causing them to have to renegotiate a new port.
If what I suspect is happening is occurring, I feel it’s probably happening about 50% of the time a client tries to connect to something.
Is my theory on how port back to the client is handled correct?
So in which range would be best to utilize? I feel like Dynamic is a bad choice. Just wandering what others have found/experienced.
- Known
- Registered
- Dynamic
?