ietf
[Top] [All Lists]

Re: NAT behavior for IP ID field

2010-09-01 04:53:50
On 31 aug 2010, at 22:04, John Kristoff wrote:

I'm trying to locate an RFC that spells out the behavioral
requirements, expectations or guidelines for NAT handling of the IP ID
field, particularly for UDP messages.

If this is not written down anywhere, do NATs generally rewrite the ID
field with or without the MF bit set?

I don't know.

We had a discussion about this in the BEHAVE working group while working on 
stateful IPv6-to-IPv4 translation. Unless I missed something, the ID field 
needs uniqueness for any combination of source, destination IP addresses and 
protocol. Assuming the source address doesn't change, this means an ID counter 
should be maintained per destination address + protocol pair, so the maximum 
number of packets can be transmitted for each such pair before an ID value is 
reused. This would be the optimal host behavior, and NATs should act like hosts 
in this regard. Reusing the ID field from the original packet has a much higher 
chance of seeing the same ID field for outstanding fragments of a different 
flow, which can cause undetected data corruption in 1 in 65535 cases when the 
TCP/UDP checksum doesn't catch this.

Note that DF=1 doesn't save you from all of this, as RFC 2402 says:

   Mutable (zeroed prior to ICV calculation)
             Type of Service (TOS)
             Flags

So it is legal to rewrite the DF bit from 1 to 0. I also know that this happens 
in the wild because I used to do this at one time.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>