IETF Logo Mail Archive

Re: [BEHAVE] NAPGT request for comments, THANKS!

"Reinaldo Penno (repenno)" <repenno@cisco.com> Wed, 17 July 2013 01:52 UTC

Return-Path: <repenno@cisco.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D4E821F868C for <behave@ietfa.amsl.com>; Tue, 16 Jul 2013 18:52:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vLYXoGSRHm6f for <behave@ietfa.amsl.com>; Tue, 16 Jul 2013 18:52:39 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id D11EB21F8A53 for <behave@ietf.org>; Tue, 16 Jul 2013 18:52:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4923; q=dns/txt; s=iport; t=1374025959; x=1375235559; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=L9Kt3F+Z2q/p/jSqxgiouExx+ApedJJfvLrArbX+cvo=; b=ins3PvlI2ssNUyF5KXRRwvmQu7muPoolNq5bHtGxixAKKYsCR2Do/21n chjBh9PzkKXyf28I8C8gc6JS9MRYH46bXxNw393B+GlgN3PVFbaKv4IpB +14LR7f3XpFdpPbGw9//s3TUxE42ZT0a/E8qTlEQEg17pGdfhLQUtb57j w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqkFAH325VGtJXG//2dsb2JhbABagkJENE+5YIg9gRAWdIIjAQEBBHkQAgEIBA0EAQELHQcyFAkIAgQBDQUIiAgMtU2OIoEbLQQGAYMMbgOIb5AWkCSDEoFxNw
X-IronPort-AV: E=Sophos; i="4.89,681,1367971200"; d="scan'208,217"; a="235695574"
Received: from rcdn-core2-4.cisco.com ([173.37.113.191]) by rcdn-iport-2.cisco.com with ESMTP; 17 Jul 2013 01:52:35 +0000
Received: from xhc-aln-x12.cisco.com (xhc-aln-x12.cisco.com [173.36.12.86]) by rcdn-core2-4.cisco.com (8.14.5/8.14.5) with ESMTP id r6H1qZ4f005196 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 17 Jul 2013 01:52:35 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.56]) by xhc-aln-x12.cisco.com ([173.36.12.86]) with mapi id 14.02.0318.004; Tue, 16 Jul 2013 20:52:35 -0500
From: "Reinaldo Penno (repenno)" <repenno@cisco.com>
To: "Dan Wing (dwing)" <dwing@cisco.com>, "meng.wei2@zte.com.cn" <meng.wei2@zte.com.cn>
Thread-Topic: [BEHAVE] NAPGT request for comments, THANKS!
Thread-Index: AQHOgnQzZ6Pf4Kbi5E6IWVEkv2NcnZloG0QV
Date: Wed, 17 Jul 2013 01:52:34 +0000
Message-ID: <45A697A8FFD7CF48BCF2BE7E106F0604090C7C43@xmb-rcd-x04.cisco.com>
References: <OF36CCC8D7.D36790EB-ON48257BA9.0034A5D5-48257BA9.00357F94@zte.com.cn>, <DD1BBBAF-661B-47CF-A329-032A7E04FA84@cisco.com>
In-Reply-To: <DD1BBBAF-661B-47CF-A329-032A7E04FA84@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.86.242.15]
Content-Type: multipart/alternative; boundary="_000_45A697A8FFD7CF48BCF2BE7E106F0604090C7C43xmbrcdx04ciscoc_"
MIME-Version: 1.0
Cc: "behave@ietf.org" <behave@ietf.org>
Subject: Re: [BEHAVE] NAPGT request for comments, THANKS!
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jul 2013 01:52:44 -0000

I'm not sure this is a good idea. There are still some protocols around that use ports < 1024 and maintaining the source port after translation in this range is important.

________________________________
From: behave-bounces@ietf.org [behave-bounces@ietf.org] on behalf of Dan Wing (dwing)
Sent: Tuesday, July 16, 2013 3:30 PM
To: meng.wei2@zte.com.cn
Cc: behave@ietf.org
Subject: Re: [BEHAVE] NAPGT request for comments, THANKS!


On Jul 15, 2013, at 2:43 AM, meng.wei2@zte.com.cn<mailto:meng.wei2@zte.com.cn> wrote:

    I have submitted a new draft. The objective is to solve a problem that
    prevents an external client from accessing an internal server.

    https://datatracker.ietf.org/doc/draft-meng-behave-napgt/

    I expect your comments. Thanks a lot!

Draft-meng-behave-napgt appears to describe something that is very similar to the long-standing "DMZ host" configuration available on almost all residential-class NAT devices.  I don't think we could standardize that behavior, but perhaps that is possible.

Draft-meng-behave-napgt also describes an update to the port assignment behavior described in http://tools.ietf.org/html/rfc5382#section-7.1 (TCP) and http://tools.ietf.org/html/rfc4787#section-4.2.1 (UDP).  If I understand Section 4 of draft-meng-behave-napgt properly, it is saying that NATs should not assign ports below 1024 to dynamic connections.  This might be something worth considering for draft-ietf-behave-requirements-update?

-d

v2.23.0 | Report a Bug | By Email