Re: [Int-area] WGLC: draft-ietf-behave-nat-icmp-09

Wed, 08 Oct 2008 12:29:13 -0700 

At 05:31 p.m. 07/10/2008, Dan Wing wrote:


   REQ-9: A NAT device MAY implement a policy control that prevents
   ICMP messages being generated toward certain interface(s).
   Implementation of such a policy control overrides the MUSTs in
   REQ-10.


Then.... shouldn't the requirements be "SHOULD"s rather than "MUST"s?




   REQ-10: Unless overridden by REQ-9's policy, a NAT device needs to
   support ICMP messages as below, some conforming to Section 4.3 of
   [RFC1812] and some superseding the requirements of Section 4.3 of
   [RFC1812].
       a. MUST support:
         1. Destination Unreachable Message, as described in
             Section 7.1 of this document,
          2. Time Exceeded Message, as described in Section 7.2 of
             of this document,
          3. Parameter Problem Message, as described in
             Section 4.3.3.5 of [RFC1812],
          4. Echo Request/Reply Messages, as described in REQ-1,
          5. Router Advertisement and Solicitations, as described in
             Section 4.3.3.10 of [RFC1812].



Does anybody actually use these ICMPv4 messages? I do recall Windows 
systems sending these messages when they are bootstrapped, but...





       b. MAY support:
          1. Redirect Message, as described in Section 4.3.3.2 of
             [RFC1812],


If anything, I'd add that support should default to "off".




          2. Source Route Options, as described in Section 7.3 of
             this document,


The draft says:
"If a NAT device does not support forwarding packets with
   the source route option, the NAT device SHOULD NOT forward
   outbound ICMP messages that contain source route option in the
   outer or inner ICMP header."

s/ICMP header/IP header/




          4. Address Mask Request/Reply Message, as described in
             Section 7.4 of this document.



AFAIK, these messages are not used in practice (even when a number of 
systems support them). Shouldn't they be deprecated as with the 
information request/response?


Last, but not least:

In Section 7.1.2, the draft says:
"   When NAT device is the recipient of "Packet Too Big" ICMP message
   from the network, the NAT device MUST forward the ICMP message back
   to the intended recipient, pursuant to the previously stated
   requirements REQ-3, REQ-4, REQ-5 and REQ-6."

Does REQ-6 really apply here? (ICMP PTBs are not query/response messages)

Kind regards,

--
Fernando Gont
e-mail: [EMAIL PROTECTED] || [EMAIL PROTECTED]
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1




_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area






















					Reply via email to