Re: NAT behavior for IP ID field
Iljitsch van Beijnum <iljitsch@muada.com> Wed, 01 September 2010 09:52 UTC
Return-Path: <iljitsch@muada.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6EF6E3A67FA for <ietf@core3.amsl.com>; Wed, 1 Sep 2010 02:52:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.315
X-Spam-Level:
X-Spam-Status: No, score=-102.315 tagged_above=-999 required=5 tests=[AWL=0.285, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cWKKXDdnZuuV for <ietf@core3.amsl.com>; Wed, 1 Sep 2010 02:52:57 -0700 (PDT)
Received: from sequoia.muada.com (unknown [IPv6:2001:1af8:2:5::2]) by core3.amsl.com (Postfix) with ESMTP id 8366F3A67C2 for <ietf@ietf.org>; Wed, 1 Sep 2010 02:52:54 -0700 (PDT)
Received: from [192.168.2.11] (static-167-138-7-89.ipcom.comunitel.net [89.7.138.167] (may be forged)) (authenticated bits=0) by sequoia.muada.com (8.13.3/8.13.3) with ESMTP id o819qHxl065566 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 1 Sep 2010 11:52:18 +0200 (CEST) (envelope-from iljitsch@muada.com)
Subject: Re: NAT behavior for IP ID field
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset="us-ascii"
From: Iljitsch van Beijnum <iljitsch@muada.com>
In-Reply-To: <20100831150444.22bd579e@t61p>
Date: Wed, 01 Sep 2010 11:53:15 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <D0D68D38-84CD-4773-BB7E-328E1A31898A@muada.com>
References: <20100831150444.22bd579e@t61p>
To: John Kristoff <jtk@cymru.com>
X-Mailer: Apple Mail (2.1081)
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2010 09:52:58 -0000
On 31 aug 2010, at 22:04, John Kristoff wrote: > I'm trying to locate an RFC that spells out the behavioral > requirements, expectations or guidelines for NAT handling of the IP ID > field, particularly for UDP messages. > If this is not written down anywhere, do NATs generally rewrite the ID > field with or without the MF bit set? I don't know. We had a discussion about this in the BEHAVE working group while working on stateful IPv6-to-IPv4 translation. Unless I missed something, the ID field needs uniqueness for any combination of source, destination IP addresses and protocol. Assuming the source address doesn't change, this means an ID counter should be maintained per destination address + protocol pair, so the maximum number of packets can be transmitted for each such pair before an ID value is reused. This would be the optimal host behavior, and NATs should act like hosts in this regard. Reusing the ID field from the original packet has a much higher chance of seeing the same ID field for outstanding fragments of a different flow, which can cause undetected data corruption in 1 in 65535 cases when the TCP/UDP checksum doesn't catch this. Note that DF=1 doesn't save you from all of this, as RFC 2402 says: Mutable (zeroed prior to ICV calculation) Type of Service (TOS) Flags So it is legal to rewrite the DF bit from 1 to 0. I also know that this happens in the wild because I used to do this at one time.
- NAT behavior for IP ID field John Kristoff
- Re: NAT behavior for IP ID field Iljitsch van Beijnum
- Re: NAT behavior for IP ID field t.petch
- Re: NAT behavior for IP ID field Iljitsch van Beijnum
- Re: NAT behavior for IP ID field Fernando Gont
- Re: NAT behavior for IP ID field Stephen Kent
- Re: NAT behavior for IP ID field Joe Touch