Network Working Group S. Guha, Ed.
Request for Comments: 5382 Cornell U.
BCP: 142 K. Biswas
Category: Best Current Practice Cisco Systems
B. Ford
MPI-SWS
S. Sivakumar
Cisco Systems
P. Srisuresh
Kazeon Systems
October 2008
NAT Behavioral Requirements for TCP
Status of This Memo
This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for
improvements. Distribution of this memo is unlimited.
Abstract
This document defines a set of requirements for NATs that handle TCP
that would allow many applications, such as peer-to-peer applications
and online games to work consistently. Developing NATs that meet
this set of requirements will greatly increase the likelihood that
these applications will function properly.
Guha, et al. Best Current Practice [Page 1]RFC 5382 NAT TCP Requirements October 2008Table of Contents
1. Applicability Statement . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. TCP Connection Initiation . . . . . . . . . . . . . . . . . . 4
4.1. Address and Port Mapping Behavior . . . . . . . . . . . . 5
4.2. Internally Initiated Connections . . . . . . . . . . . . . 5
4.3. Externally Initiated Connections . . . . . . . . . . . . . 7
5. NAT Session Refresh . . . . . . . . . . . . . . . . . . . . . 10
6. Application Level Gateways . . . . . . . . . . . . . . . . . . 12
7. Other Requirements Applicable to TCP . . . . . . . . . . . . . 12
7.1. Port Assignment . . . . . . . . . . . . . . . . . . . . . 12
7.2. Hairpinning Behavior . . . . . . . . . . . . . . . . . . . 13
7.3. ICMP Responses to TCP Packets . . . . . . . . . . . . . . 13
8. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 14
9. Security Considerations . . . . . . . . . . . . . . . . . . . 16
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
11.1. Normative References . . . . . . . . . . . . . . . . . . . 18
11.2. Informational References . . . . . . . . . . . . . . . . . 18
Guha, et al. Best Current Practice [Page 2]RFC 5382 NAT TCP Requirements October 20081. Applicability Statement
This document is adjunct to [BEHAVE-UDP], which defines many terms
relating to NATs, lays out general requirements for all NATs, and
sets requirements for NATs that handle IP and unicast UDP traffic.
The purpose of this document is to set requirements for NATs that
handle TCP traffic.
The requirements of this specification apply to traditional NATs as
described in [RFC2663].
This document only covers the TCP aspects of NAT traversal.
Middlebox behavior that is not necessary for network address
translation of TCP is out of scope. Packet inspection above the TCP
layer and firewalls are out of scope except for Application Level
Gateway (ALG) behavior that may interfere with NAT traversal.
Application and OS aspects of TCP NAT traversal are out of scope.
Signaling-based approaches to NAT traversal, such as Middlebox
Communication (MIDCOM) and Universal Plug and Play (UPnP), that
directly control the NAT are out of scope. Finally, TCP connections
intended for the NAT (e.g., an HTTP or Secure Shell Protocol (SSH)
management interface) and TCP connections initiated by the NAT (e.g.,
reliable syslog client) are out of scope.
2. Introduction
Network Address Translators (NATs) hinder connectivity in
applications where sessions may be initiated to internal hosts.
Readers may refer to [RFC3022] for detailed information on
traditional NATs. [BEHAVE-UDP] lays out the terminology and
requirements for NATs in the context of IP and UDP. This document
supplements these by setting requirements for NATs that handle TCP
traffic. All definitions and requirements in [BEHAVE-UDP] are
datatracker.ietf.org