MUST cancel this delayed ICMP if in that time it receives and translates an outbound SYN for the connection. If a NAT does not have resources to delay the ...
NAT Behavioral Requirements for TCP Saikat Guha, Kaushik Biswas, Bryan Ford, Paul Francis, Senthil Sivakumar, Pyda Srisuresh draft-ietf-behave-tcp-01
IETF 66
Guha et al.
draft-ietf-behave-tcp-01
Changes Since -00
Now a standalone document ◮ Much easier to read ◮ (Re)defines terminology shared with UDP ◮ References UDP only for IP requirements
Guha et al.
draft-ietf-behave-tcp-01
Handling Unsolicited SYN?
SYNs that . . . ◮ are inbound ◮ are NOT part of an in-progress TCP (S-O) ◮ are NOT allowed by filtering behavior ... basically the NAT cannot route
Guha et al.
draft-ietf-behave-tcp-01
Unsolicited SYN: Option 1
A
Silent Drop
N
M SYN
◮ ◮
Good for P2P Bad for erroneous SYNs ◮
◮ ◮ ◮
NATs do this today (92%) Current WG consensus Too rare a case? Is it a problem today?
Guha et al.
draft-ietf-behave-tcp-01
B
Unsolicited SYN: Option 1
A
Silent Drop
N
M SYN
◮ ◮
Good for P2P Bad for erroneous SYNs ◮
◮ ◮ ◮
SYN
NATs do this today (92%) Current WG consensus Too rare a case? Is it a problem today?
Guha et al.
Drop good for P2P
draft-ietf-behave-tcp-01
B
Unsolicited SYN: Option 1
A
Silent Drop
N
M SYN
◮ ◮
Good for P2P Bad for erroneous SYNs ◮
◮ ◮ ◮
SYN
SYN
NATs do this today (92%) Current WG consensus Too rare a case? Is it a problem today?
Guha et al.
SYN
Drop bad for err-SYN draft-ietf-behave-tcp-01
B
Unsolicited SYN: Option 2 ICMP Error ◮ ◮
Good for erroneous SYNs Good for P2P if . . . ◮
◮
A
N
error doesn’t cause stack to aborta
Otherwise, bad for P2P
M SYN RST/ICMP SYN RST/ICMP SYN
May need a new ICMP soft-error code proviso old stacks ignore undefined ICMPs, make sure Gont’s TCPM draft (if it becomes a WG doc) retains this error as soft. a
Guha et al.
draft-ietf-behave-tcp-01
RST/ICMP
Error bad for P2P
B
Unsolicited SYN: Option 2 ICMP Error ◮ ◮
Good for erroneous SYNs Good for P2P if . . . ◮
◮
A
N
error doesn’t cause stack to aborta
M SYN RST/ICMP
Otherwise, bad for P2P
May need a new ICMP soft-error code proviso old stacks ignore undefined ICMPs, make sure Gont’s TCPM draft (if it becomes a WG doc) retains this error as soft. a
Guha et al.
draft-ietf-behave-tcp-01
Error good for err-SYN
B
Unsolicited SYN: Option 3
A
Delayed Error
N
M SYN
◮ ◮
◮
Not bad for P2P Not bad for erroneous SYN Decide delay timeout ◮ ◮
SYN
6s too low for P2P? 6s too high for err-SYN?
RST/ICMP
Delay not bad for P2P Guha et al.
draft-ietf-behave-tcp-01
B
Unsolicited SYN: Option 3
A
Delayed Error
N
M SYN
◮ ◮
◮
Not bad for P2P Not bad for erroneous SYN Decide delay timeout ◮ ◮
6s too low for P2P? 6s too high for err-SYN?
RST/ICMP
Delay not bad for err-SYN Guha et al.
draft-ietf-behave-tcp-01
B
Unsolicited SYN
Opt. 1: Silently drop SYN (old WG consensus) ◮
What does TCPM think?
Opt. 2: Send ICMP, standardize new ICMP code ◮
Is this an option?
Opt. 3: Delay sending ICMP error ◮
1
Is 6s acceptable?1
Variant allows for flexible timeouts if we can’t decide on one Guha et al.
draft-ietf-behave-tcp-01
Unsolicited SYN: Option 4 Delayed Error 2 ◮ ◮
◮ ◮
A
SYN
Not bad for P2P Not bad for erroneous SYN Flexible timeouts Assumptions: ◮
SYN
for P2P MUST do STUNT lookup first
Guha et al.
S
N
Delay2 RST/ICMP not bad for P2P draft-ietf-behave-tcp-01
M
B
Unsolicited SYN: Option 4 Delayed Error 2 ◮ ◮
◮ ◮
A
N SYN
Not bad for P2P Not bad for erroneous SYN Flexible timeouts Assumptions: ◮
RST/ICMP
for P2P MUST do STUNT lookup first
Guha et al.
M
Delay2 not bad for err-SYN draft-ietf-behave-tcp-01
B
Open Issue: Port-range and ICMP Port-Range Preservation Does TCP need source port-range to be preserved (