Hi. In BEHAVE we are trying to nail down ICMP requirements for a NAT. As you can see from my email below, the document was revised and is now much more specific and indicates MUST/MAY/SHOULD NOT for various ICMP messages.
Please let us know if these recommendations seem (un)reasonable for a NAT by sending email to [EMAIL PROTECTED] Thanks, -Dan Wing, BEHAVE co-chair -----Original Message----- From: Dan Wing [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 1:29 PM To: 'Behave WG' Cc: '[EMAIL PROTECTED]' Subject: WGLC: draft-ietf-behave-nat-icmp-09 During IESG evaluation a DISCUSS was raised regarding the Section 4.3 RFC1812 conformance requirement. As a result section 7.0 of draft-ietf-behave-nat-icmp-09 was changed to specify which ICMP messages need to be supported by a NAT. The new text from -09 is below, and you can also find it at: http://tools.ietf.org/html/draft-ietf-behave-nat-icmp-09 and side-by-side diffs are available by clicking "Diff2". The DISCUSS can be found at https://datatracker.ietf.org/idtracker/draft-ietf-behave-nat-icmp/ I expect there may be some reaction to certain ICMP messages being in the MUST/MAY/SHOULD NOT category -- please look this over and comment. I will wait one week, until October 14, before progressing the document. Please send comments to [EMAIL PROTECTED] or the chairs. Thanks. -d ----- 7. Conformance to RFC 1812 NAT devices should follow the best current practices of modern routers when handling ICMP messages, as specified in Section 4.3 of [RFC1812]. However, since the publication of RFC1812 some of its requirements are no longer best current practices. Thus, the following requirements are derived from RFC1812 and apply to NATs compliant with this specification: REQ-9: A NAT device MAY implement a policy control that prevents ICMP messages being generated toward certain interface(s). Implementation of such a policy control overrides the MUSTs in REQ-10. REQ-10: Unless overridden by REQ-9's policy, a NAT device needs to support ICMP messages as below, some conforming to Section 4.3 of [RFC1812] and some superseding the requirements of Section 4.3 of [RFC1812]. a. MUST support: 1. Destination Unreachable Message, as described in Section 7.1 of this document, 2. Time Exceeded Message, as described in Section 7.2 of of this document, 3. Parameter Problem Message, as described in Section 4.3.3.5 of [RFC1812], 4. Echo Request/Reply Messages, as described in REQ-1, 5. Router Advertisement and Solicitations, as described in Section 4.3.3.10 of [RFC1812]. b. MAY support: 1. Redirect Message, as described in Section 4.3.3.2 of [RFC1812], 2. Source Route Options, as described in Section 7.3 of this document, 3. Timestamp and TimeStamp Reply Messages, as described in Section 4.3.3.8 of [RFC1812], 4. Address Mask Request/Reply Message, as described in Section 7.4 of this document. c. SHOULD NOT support: 1. Source Quench Message, as described in Section 4.3.3.3 of [RFC1812], 2. Information Request/reply, as described in Section 4.3.3.7 of [RFC1812]). In addition, a NAT device is RECOMMENDED to conform to the following implementation considerations in [RFC1812]: d. TOS and Precedence, as described in Section 4.3.2.5 of [RFC1812], e. When Not to Send ICMP Errors, as described in Section 4.3.2.7 of [RFC1812], f. Rate Limiting, as described in Section 4.3.2.8 of [RFC1812]. _______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
