Re: [BEHAVE] review of draft-penno-behave-rfc4787-5382-5508-bis

Kengo Naito <> Fri, 21 June 2013 06:22 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0A8F721F9F54 for <>; Thu, 20 Jun 2013 23:22:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.511
X-Spam-Status: No, score=0.511 tagged_above=-999 required=5 tests=[AWL=-0.600, BAYES_00=-2.599, HELO_EQ_JP=1.244, HOST_EQ_JP=1.265, J_CHICKENPOX_25=0.6, J_CHICKENPOX_74=0.6]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fE6M7zIguW2g for <>; Thu, 20 Jun 2013 23:22:32 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 58D5621F9F53 for <>; Thu, 20 Jun 2013 23:22:28 -0700 (PDT)
Received: from ( []) by (8.13.8/8.13.8) with ESMTP id r5L6M8w4032526; Fri, 21 Jun 2013 15:22:08 +0900
Received: from (localhost.localdomain []) by (Postfix) with ESMTP id 8D6CCE0149; Fri, 21 Jun 2013 15:22:08 +0900 (JST)
Received: from ( []) by (Postfix) with ESMTP id 81906E0146; Fri, 21 Jun 2013 15:22:08 +0900 (JST)
Received: from [] ([]) by (8.13.8/8.13.8) with ESMTP id r5L6M78j024866; Fri, 21 Jun 2013 15:22:08 +0900
Message-ID: <>
Date: Fri, 21 Jun 2013 15:22:21 +0900
From: Kengo Naito <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Behave <>
Subject: Re: [BEHAVE] review of draft-penno-behave-rfc4787-5382-5508-bis
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 21 Jun 2013 06:22:38 -0000

Hi Ivan,

Thanks for comments,

(2013/06/19 1:50), ivan c wrote:
> Hi Kengo,
> See my answers interleaved below.
> On Tue, 18 Jun 2013 13:56:54 +0900, Kengo Naito  wrote:
>>   Then, how about using ? This alternative do not rewrite
>> timestamps nor ISNs.
>>   Also, I do not intend to make "must", this is only one of
>> alternatives.
> will be most definitely frowned upon. Before suggesting such
> alternative, the benefits need to be quantified in terms of CGN resources
> usage. Is the TIME_WAIT state really that much of an issue for CGN resource
> utilization? It looks to me as a micro-optimization. Of course, this can
> still be suggested as a MAY in the document (as it's an interesting idea).
For someone who uses CGN and do not have enough ports ready can use this 
Ofcourse, there are other ways to handle port shortage problem(such as 
So, I agree with your point that this should be suggested as MAY.
Also, we should remove and only write
I'll explain below.

> I was unable to fully grasp the idea and its relationship with the
> TIME_WAIT state, it would be nice if you could elaborate on this.
In this mechanism, usable port set are splited to each client, which 
means that for each port,
arriving packets have monotonically increasing values of TCP timestamp 
or ISN.
In this case, as values are monotonically increasing, 6191 will work and 
terminate TIME_WAIT.

> you're mangling with the TCP protocol itself, which is arguably
> even more intrusive than mangling with so fields in the TCP header like in
If the last ACK getting lost is the rare case and  no bad effects 
occure,  we should remove this part.

> I don't think that RFC6191 is widely deployed, do you have any
> reference for this?
Section 1. of RFC 6191 says that RFC 1122 uses ISN to 
terminate TIME_WAIT) is included in the Linux kernel.
(RFC 1122 functuion is a part of 6191.)
Also, I checked some OSes a year ago which had RFC 1122 function.

-Linux 2.6.18(CentOS 5.6)
-FreeBSD 7.4R
-Windows 7
-MacOSX Lion

>> In
>> the draft, I meant that Port overlapping behavior can only be used when
> the
>> 5-tupple of connections are different.
>> So I think it is a bit different from overlapping behavior you wrote.
>> Does this behavior cause any bad effect?
> There are a few issues with the section 4. of the draft.
> Quoting: "This document clarifies that this port
>     overlapping behavior can be extended to connections originating from
>     different interal source IP:ports as long as their destinations are
>     different.  This known as EDM (Endpoint Dependent Mapping)."
> No, EDM, EIM, always refer to sessions originating from the *same local
> endpoint*.
> Here you are describing a "port overlapping" behavior for sessions
> originating from distinct endpoints. This is known as "port overloading".
> EDM refers to the case where we can sometimes "break" the EIM requirement,
> for example when we know it doesn't adversely affect the application (such
> as with HTTP).
> In your second paragraph, you clearly describe the "port overloading"
> behavior. Thus, I think you should drop the "port overlapping" terminology,
> replace it with "port overloading", and don't mention EDM
> (Endpoint-Dependent Mapping), which is not directly related to the topic.
  I understood that as you wrote below, 5-tuple uniqueness for port 
overloading is a MUST, and  that means I was trying to describe "port 
Excuse me for my misunderstanding.
I should write "port overloading" in next revision.

> Port overloading does not have any bad effects. Of course, as long as the
> 5-tuple uniqueness is preserved by the NAT, which is a MUST in any case.
> However, doing aggressive port overloading generates opportunities for
> collisions, which must be dealt with by dropping a session or breaking the
> EIM requirement, which is a serious problem for UDP, but not so much for
> TCP. Such collision events remain rare, and it is OK to break EIM sometimes
> for TCP, as the application can make a retry (using a new ephemeral local
> port), that will most certainly work the second time.
> I can help you develop and improve the section 4. of the draft with you if
> you'd like.
I'll be glad if you do so.

> Regards,
> Ivan
> _______________________________________________
> Behave mailing list

NTT Network Technology Laboratories
Kengo Naito
TEL: +81 422-59-4949