Re: [BEHAVE] REQ 1 and REQ 7 of RFC5382 were supposed to be fixed years ago

"Senthil Sivakumar (ssenthil)" <> Tue, 18 June 2013 16:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D5F9921F9AAA for <>; Tue, 18 Jun 2013 09:17:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OoR98dnWyyLe for <>; Tue, 18 Jun 2013 09:16:57 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id D905021F9AA1 for <>; Tue, 18 Jun 2013 09:16:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=2107; q=dns/txt; s=iport; t=1371572209; x=1372781809; h=from:to:subject:date:message-id:in-reply-to:content-id: content-transfer-encoding:mime-version; bh=gUEaclw+RSlllm/mQTKjMHhiR7ZveIfBcWBWSsK7Eo4=; b=RlNNuBdnis5doF8N7pzPbZ9fiDVAir/iuWe1mQ/6w6mXhIJxT7FUygFf WEFI/2ogQAAdcN/EhXVP2WHiN3hnjhILJVseMYtWq0J46E+DoM2+Qaz+/ jgvFxN9N/KdlXIgwYovE0cMIw6I8PrhCkWftEjsGlJkZ+5LuX5wVCnIEa M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="4.87,890,1363132800"; d="scan'208";a="224130002"
Received: from ([]) by with ESMTP; 18 Jun 2013 16:16:33 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id r5IGGXIc006630 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 18 Jun 2013 16:16:33 GMT
Received: from ([]) by ([]) with mapi id 14.02.0318.004; Tue, 18 Jun 2013 11:16:33 -0500
From: "Senthil Sivakumar (ssenthil)" <>
To: Simon Perreault <>, "" <>
Thread-Topic: [BEHAVE] REQ 1 and REQ 7 of RFC5382 were supposed to be fixed years ago
Thread-Index: AQHOa/qXCubtvgYPbUeZdTOIuz/LZJk7ty+A
Date: Tue, 18 Jun 2013 16:16:33 +0000
Message-ID: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [BEHAVE] REQ 1 and REQ 7 of RFC5382 were supposed to be fixed years ago
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 18 Jun 2013 16:17:03 -0000

On 6/18/13 4:05 AM, "Simon Perreault" <> wrote:

>Thanks for the explanation. I believe I have a good understanding of
>what you are proposing now.
>There are several smaller technical issues with your reasoning which I
>won't address now because they are tangential. I want to focus on your
>suggestion that we should recommend port preservation. I see the
>following major issues:
>- Adding new constraints on NAT implementations is not going to meet
>much success. I don't believe anyone is going to change their existing
>NAT code now in such a fundamental way as to implement port preservation
>just because the IETF asks for it in a new RFC.

I just want to add that I did a port preservation implementation a while
ago, but realized that the number of times that the ports couldn¹t be
preserved were getting more and more. Even though this wasn't causing any
application behavior issues, the customers were complaining because they
construed that as NAT not working properly, (whether their assumption that
is right or wrong is a different discussion), so we ended up not using the
port preservation as a default behavior in later implementations. It also
improves the performance.

>- Port preservation is not applicable to CGN, where a subscriber often
>only has access to a limited range of external ports.

Exactly, with the allocation of port sets in CGN, it becomes very
difficult to do any kind of port preservation.

>- There are ways to improve the scalability of EIM without killing it.
>I've been advocating for some time that NATs should be allowed to use
>EDM for protocols that they know will not break, with EIM as a default.
>For example, using EDM for TCP port 80 and UDP port 53 is easy,
>harmless, and has a big impact.

For allowing EDM, one has to know their applications they are using, but
as you say port 80 can work well with EDM.

>Behave mailing list