A bare PC NAT box

Bare PC systems are of interest to builders of minimalist platforms in the next-generation Internet. The bare platform enables software to run directly on ordinary PC hardware without using any operating system or kernel. Bare PC systems perform better than conventional systems and are immune to attacks that target the underlying operating system. We have designed and implemented a bare PC system to perform the essential function of NAT (Network Address Translation) that occurs at the boundary of all private and public networks including ISP boundaries in homes and businesses. We compared the performance of the bare PC NAT and that of a Linux-based NAT running on the same hardware in a test LAN environment. The results show that the bare PC NAT has significantly better performance than the Linux NAT with respect to inbound and outbound packet processing time, and throughput, regardless of packet size and payload application type. Moreover, there is a 34% improvement in the maximum number of packets per second (pps) over Linux under heavy traffic. Internal timings on the bare PC NAT box indicate that there is plenty of capacity left for implementing supplementary functions such as packet filtering, deep packet inspection, and routing if needed.