Joe Touch wrote:
9. ICMP
I quoted the start of the section. The first sentence, without further
qualification, is inaccurate, IMO.
Anyway, most of the discussion in the section is inapplicable to
end to end NAT where public source addresses are used even within
private networks.
ICMP messages do not themselves have port numbers, but they are intended
to *carry* port numbers of the messages that caused their generation (if
they report errors).
FYI, traceroute both with UDP or ICMP ECHO is working to/from
/between private network behind end to end gateway is working.
IMO, any device that initiates packets MUST verify that the IDs emitted
follow spec. Once a packet's address(es) are rewritten, the NAT is
responsible for ensuring that the IDs are unique across the
src/dst/proto triple.
I'm not aware of NATs that do this; they typically copy the ID field,
and this can easily cause reassembly errors later - even if the packet
is reassembled at the NAT itself.
IC. We can rely on random id and transport checksum, then.
See draft-ietf-intarea-ipv4-id-update for more a discussion of this
issue and the proposed requirements to address it.
It should be noted that packet smaller than 69B is also atomic.
The problem of the draft (and IPv6) is that it depends on PMTUD.
PMTUD just does not work. Worse, PMTUD is inefficient. That is,
that PMTUD periodically sends oversized packets means PMTUD
overloads routers, just as IPv4 fragmentation overloads routers.
If we write a draft on IPv6 issues, it should contain a lot
more and a lot more serious issues than those of shared
addressing.
Masataka Ohta
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf