NAT behavior for IP ID field

John Kristoff <jtk@cymru.com> Tue, 31 August 2010 20:04 UTC

Return-Path: <jtk@cymru.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 10AE43A6AC0 for <ietf@core3.amsl.com>; Tue, 31 Aug 2010 13:04:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.827
X-Spam-Level:
X-Spam-Status: No, score=-1.827 tagged_above=-999 required=5 tests=[AWL=0.772, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s9LRG5aE7hCL for <ietf@core3.amsl.com>; Tue, 31 Aug 2010 13:04:15 -0700 (PDT)
Received: from obelisk11.ord01.cymru.com (obelisk11.ord01.cymru.com [38.229.66.8]) by core3.amsl.com (Postfix) with ESMTP id 319523A6ABE for <ietf@ietf.org>; Tue, 31 Aug 2010 13:04:15 -0700 (PDT)
Received: from t61p (vpn-21-35.svcs.iad01.cymru.com [192.168.21.35]) by obelisk11.ord01.cymru.com (Postfix) with ESMTP id D2027B00B6 for <ietf@ietf.org>; Tue, 31 Aug 2010 20:04:45 +0000 (GMT)
Date: Tue, 31 Aug 2010 15:04:44 -0500
From: John Kristoff <jtk@cymru.com>
To: ietf@ietf.org
Subject: NAT behavior for IP ID field
Message-ID: <20100831150444.22bd579e@t61p>
X-Mailer: Claws Mail
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Aug 2010 20:04:16 -0000

I'm trying to locate an RFC that spells out the behavioral
requirements, expectations or guidelines for NAT handling of the IP ID
field, particularly for UDP messages.  Section 3.2.5 in RFC 3235
briefly mentions issues surrounding IP fragmentation and reassembly,
but  it doesn't specifically say if NATs should re-write IDs as a
general rule.

RFC 4787 doesn't seem to address this either.

If this is not written down anywhere, do NATs generally rewrite the ID
field with or without the MF bit set?

For background and reference, I refer you to Steve Bellovin's 'A
Technique for Counting NATted Hosts', particularly section IV.

Thanks for any pointers,

John