NAT Behavioral Requirements for TCP

draft-ietf-behave-tcp-02

Presenter: Philip Matthews

Authors:

Saikat Guha (editor)

Kaushik Biswas, Bryan Ford,

Senthil Sivakumar, Pyda Srisuresh

Three main changes since -01All three changes as per consensus at Montreal meeting.

1. Handling of unexpected inbound SYN packets• Drop SYN packet, wait 6 seconds, then send ICMP

Port Unreachable message in reply. However, don’t send ICMP reply if outbound SYN for connection received within 6 seconds.

• Proposal was also reviewed in TCPM WG session.

2. Removed mention of Port Preservation• Used to say ““if host’s source port in range 1-1023,

then it is RECOMMENDED that the NAT’s source port be in the same range”

• Only known beneficiaries of this were the R-services (rsh, rcp, rlogin, …)

• Now, no mention of this at all.

Three Changes (cont.)3. Normatively cite BEHAVE-UDP doc

• Previous version was independent of UDP doc.• Current version cites UDP doc, but summarizes key

definitions for reader convenience.

Remaining Open Issue• In which document should the following go?

– REQ-9: Receipt of any sort of ICMP message MUST NOT terminate the NAT mapping or TCP connection for which the ICMP was generated.

Two views expressed on the mailing list:1. Anything that says ICMP should go into

BEHAVE-ICMP, OR2. ICMP Request/Response and how to translate

ICMP messages should go into BEHAVE-ICMP. Anything transport protocol related should go into the transport document.

draft-ietf-behave-nat-udp-08 and draft-ietf-behave-tcp-02 conform to #2 at the moment.