Say I'm behind a Restricted Cone NAT and I want to be able to receive a UDP message from some endpoint EP-A (of some PC on the internet not behind a NAT). I first send a UDP packet to that EP-A to punch a hole in the NAT.
This means that the NAT needs to remember the mapping:
(My local endpoint, EP-A)
But what happens when I send another UDP packet to another remote endpoint EP-B? Will the new mapping (My local endpoint, EP-B) overwrite the old one? Or will the NAT remember both?
If the NAT is capable of remembering more than one such mapping, then what is the maximum?
I understand that this may differ from one NAT to another, thus if there isn't an RFC for it I'd be also very interested in any statistics, "recommendations for NAT manufacturers",...
Will the new mapping (My local endpoint, EP-B) overwrite the old one?
No.
Or will the NAT remember both?
Generally yes. Upon saturation is will usually keep the old ones and drop new mappings, possibly with an ICMP error.
If the NAT is capable of remembering more than one such mapping, then what is the maximum?
Implementation-dependent and often configurable if you have access to the system.
thus if there isn't an RFC for it I'd be also very interested in any statistics
There actually are several RFCs for NAT, 4787 specifically refers to NAT in the case of UDP. But they do not specify concrete numbers, as it depends a lot on the equipment and network sizes.
In my personal experience running a UDP-based DHT node or a DNS resolver can be sufficient overwhelm the default configuration of a home router (custom firmware can alleviate this problem) or CGNATs that do not implement EIMs.
I remember reading some research paper that investigate the mapping retention time, port numbering behavior and mapping type of NATs across various ISPs, but I don't recall whether they also tested saturation.