Dan Wing | 7 Dec 20:35 2010

[pcp] discuss: open ICMP as side-effect

(Sorry, resending this one because I neglected to CC the BEHAVE working
group.  Please direct replies to pcp <at> ietf.org)

This is one of the PCP discussion points.

This question is CC'd to BEHAVE, as it was suggested BEHAVE should
provide input on this question.

The question is simple:  when PCP is used to open a UDP/TCP port,
should the NAT, as a side effect:

  (a) also allow ICMP messages associated with that UDP/TCP
      flow.  For example, allow ICMP packet-too-big messages
      associated with that flow.
  (b) not allow ICMP messages associated with that UDP/TCP
      flow.  This means PCP (the protocol) and the PCP
      client would need to explicitly permit ICMP messages
      associated with the UDP/TCP flow, if the PCP client
      wants those associated ICMP messages.

I read over BEHAVE's " NAT Behavioral Requirements for ICMP", RFC5508,
and it does not say that ICMP messages should be allowed as a 
side effect of a UDP or TCP flow.

It is my *personal* understanding that 
  (a) BEHAVE expects that a TCP/UDP flow would allow 
      the associated ICMP messages to be NATed.
  (b) Based on (a), I feel PCP should mimic that behavior,
      and should allow the associated ICMP messages as
      a side-effect of opening a TCP/UDP flow.


pcp mailing list
pcp <at> ietf.org