[mehrdadn]

You're talking about the state-mismatch rate being nonzero, right? I take it as a given that that represents the router dropping states? And you're assuming that must be due to NAT slot exhaustion? If that's what you're saying, it clearly doesn't square with the 152 slots being in use currently (nor does it make sense to me otherwise, given everything I explained above). So either the states are being dropped due to a different reason than you're claiming (I see no link to table exhaustion? it seems like a conjecture), or I'm completely missing a giant piece of the puzzle. Heck, if I take the name at face value, "state mismatch" just sounds like it could be due to a bug in the connection endpoints (or random package spamming from the internet...), rather than anything related to the router at all.

[dijit]

Routers, especially cheap ones, are often equipped with weak CPUs because they aren’t designed to handle heavy processing loads. It’s not like you’re calculating physics or processing 3D animation directly on your router, right?

But network address translation _can_ be a processing-heavy task.

Every single packet that leaves the private network needs to be translated, and every single packet that comes in from the public network needs to be translated. Each individual translation may be simple enough, but with heavy internet use, it all adds up.

Here’s my network activity while browsing the web: https://i.imgur.com/oP8PrX4.png, with one 720p YouTube video open in a tab and a dozen other tabs for various websites, all in the Edge browser.

The top nine processes are using an average of 1,182,149 bytes per second. Every network interface has a maximum transmission unit (MTU), which is the largest size that a data packet can be. Ethernet and Wi-Fi have an MTU of 1,500 bytes.

My computer, doing nothing more than watching a YouTube video, is putting a minimum load on my router of 788 packets per second. That’s assuming the bytes are all divided into 1,500-byte packets, which isn’t the case in real world usage. Somewhere between 1,000 to 3,000 packets per second is more realistic.

The load is worse during bandwidth-intensive activities, such as multiplayer gaming and torrenting. In fact, torrenting is so intensive that it’s the primary cause of NAT issues for home users today. (Open connections to dozens/hundreds of peers, with each connection involving high-speed downloads and uploads.)

And it’s not just one computer on a private network. It is commont to have a smartphone or two, maybe a tablet, smart TV, plus a handful of other devices for the rest of the people sharing the living space. They all need network address translations too!

At the end of the day, we’re talking thousands and thousands of data packets per second, all translated by a weak CPU that can’t keep up. It’s one reason why cheap routers are prone to slowing down.

Notably: while doing that (and opening youtube) my state table grew to just under 400 states. So, youtube needs a lot of connections it seems.

[mehrdadn]

I'm sorry but I still don't get how any of this implies NAT table exhaustion. A few hundred entries is literally 3 orders of magnitude away from a few hundred thousand entries. I don't see the problem.