Re: [BEHAVE] (no subject)

ivan c <> Tue, 25 June 2013 16:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3D98E21F92D3 for <>; Tue, 25 Jun 2013 09:45:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3cIyXtGItF15 for <>; Tue, 25 Jun 2013 09:45:41 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 1529121F9A1A for <>; Tue, 25 Jun 2013 09:45:41 -0700 (PDT)
Received: from www-data by with local (Exim 4.72) (envelope-from <>) id 1UrWO2-0002yn-5e; Tue, 25 Jun 2013 18:46:34 +0200
To: Simon Perreault <>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Date: Tue, 25 Jun 2013 18:46:34 +0200
From: ivan c <>
Organization: cacaoweb
In-Reply-To: <>
References: <> <> <> <> <>
Message-ID: <>
User-Agent: RoundCube Webmail/0.3.1
Subject: Re: [BEHAVE] (no subject)
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 25 Jun 2013 16:45:46 -0000

On Fri, 21 Jun 2013 09:40:36 +0200, Simon Perreault
<> wrote:
>> (1) one UDP socket (local endpoint) can have multiple communication
>> sessions. (with multiple remote endpoints)
>> (2) one TCP socket can have only one session.
>> (...)
>> Consequence:
>> Applications don't need to use more than one UDP local endpoint, but
>> to use many TCP local endpoints.
>> (...)
>> Consequence (1):
>> The use case for port overloading should be TCP, not UDP.
> I don't understand how you jump from sockets on the host to external 
> ports on the NAT. I don't see how you reach this conclusion.

We have, for all UDP communications and all outbound TCP sessions: 
- one socket is bound to one local endpoint on the host. Additionally, two
sockets have to bind to two different local endpoints.
- one internal endpoint (=local endpoint) is mapped to one external
endpoint on the NAT

As a result, if no overloading, the NAT has to allocate a new external
endpoint for every outbound TCP session.
This doesn't apply to UDP.

>> Back to NAT port overloading. A collision occurs when 2 sessions share
>> the
>> same 5-tuple.
> Stop right here. Some NATs don't track sessions. Those NATs don't care 
> about 5-tuples. All they do is map internal 3-tuple to external 3-tuple.

> So for those NATs there is no conflict. They will just translate the 
> packets according to the existing mapping.
> All the following doesn't make sense to me given this.

Sure, *stateless* NATs also can't do much endpoint dependent filtering and
lots of other
things. They certainly can't do port overloading and are out of scope of
this discussion.
Nevertheless, NATs that do look at the full 5-tuple are free to implement
port overloading if they wish. The purpose of my text was to explain how
p2p applications interact with this, and in particular the relationship
with TCP Hole Punching.

Hope this helps.

_Ivan Chollet_