7 Dec 2010 20:35
[pcp] discuss: open ICMP as side-effect
Dan Wing <dwing <at> cisco.com>
2010-12-07 19:35:52 GMT
2010-12-07 19:35:52 GMT
(Sorry, resending this one because I neglected to CC the BEHAVE working
group. Please direct replies to pcp <at> ietf.org)
This is one of the PCP discussion points.
This question is CC'd to BEHAVE, as it was suggested BEHAVE should
provide input on this question.
The question is simple: when PCP is used to open a UDP/TCP port,
should the NAT, as a side effect:
(a) also allow ICMP messages associated with that UDP/TCP
flow. For example, allow ICMP packet-too-big messages
associated with that flow.
or
(b) not allow ICMP messages associated with that UDP/TCP
flow. This means PCP (the protocol) and the PCP
client would need to explicitly permit ICMP messages
associated with the UDP/TCP flow, if the PCP client
wants those associated ICMP messages.
I read over BEHAVE's " NAT Behavioral Requirements for ICMP", RFC5508,
and it does not say that ICMP messages should be allowed as a
side effect of a UDP or TCP flow.
It is my *personal* understanding that
(a) BEHAVE expects that a TCP/UDP flow would allow
the associated ICMP messages to be NATed.
and
(b) Based on (a), I feel PCP should mimic that behavior,
and should allow the associated ICMP messages as
a side-effect of opening a TCP/UDP flow.
-d
_______________________________________________
pcp mailing list
pcp <at> ietf.org
https://www.ietf.org/mailman/listinfo/pcp
RSS Feed