NAT Behavioral Requirements for TCP
RFC 5382
Document Type RFC - Best Current Practice (October 2008; No errata)
Updated by RFC 7857
Also known as BCP 142
Last updated 2015-10-14
Replaces draft-hoffman-behave-tcp
Stream IETF
Formats plain text pdf htmlized bibtex
Reviews
SECDIR Last Call Review
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state RFC 5382 (Best Current Practice)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Magnus Westerlund
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                       S. Guha, Ed.
Request for Comments: 5382                                    Cornell U.
BCP: 142                                                       K. Biswas
Category: Best Current Practice                            Cisco Systems
                                                                 B. Ford
                                                                 MPI-SWS
                                                            S. Sivakumar
                                                           Cisco Systems
                                                            P. Srisuresh
                                                          Kazeon Systems
                                                            October 2008

                  NAT Behavioral Requirements for TCP

Status of This Memo

   This document specifies an Internet Best Current Practices for the
   Internet Community, and requests discussion and suggestions for
   improvements.  Distribution of this memo is unlimited.

Abstract

   This document defines a set of requirements for NATs that handle TCP
   that would allow many applications, such as peer-to-peer applications
   and online games to work consistently.  Developing NATs that meet
   this set of requirements will greatly increase the likelihood that
   these applications will function properly.

Guha, et al.             Best Current Practice                  [Page 1]
RFC 5382                  NAT TCP Requirements              October 2008

Table of Contents

   1.  Applicability Statement  . . . . . . . . . . . . . . . . . . .  3
   2.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   4.  TCP Connection Initiation  . . . . . . . . . . . . . . . . . .  4
     4.1.  Address and Port Mapping Behavior  . . . . . . . . . . . .  5
     4.2.  Internally Initiated Connections . . . . . . . . . . . . .  5
     4.3.  Externally Initiated Connections . . . . . . . . . . . . .  7
   5.  NAT Session Refresh  . . . . . . . . . . . . . . . . . . . . . 10
   6.  Application Level Gateways . . . . . . . . . . . . . . . . . . 12
   7.  Other Requirements Applicable to TCP . . . . . . . . . . . . . 12
     7.1.  Port Assignment  . . . . . . . . . . . . . . . . . . . . . 12
     7.2.  Hairpinning Behavior . . . . . . . . . . . . . . . . . . . 13
     7.3.  ICMP Responses to TCP Packets  . . . . . . . . . . . . . . 13
   8.  Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 14
   9.  Security Considerations  . . . . . . . . . . . . . . . . . . . 16
   10. Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 17
   11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18
     11.1. Normative References . . . . . . . . . . . . . . . . . . . 18
     11.2. Informational References . . . . . . . . . . . . . . . . . 18

Guha, et al.             Best Current Practice                  [Page 2]
RFC 5382                  NAT TCP Requirements              October 2008

1.  Applicability Statement

   This document is adjunct to [BEHAVE-UDP], which defines many terms
   relating to NATs, lays out general requirements for all NATs, and
   sets requirements for NATs that handle IP and unicast UDP traffic.
   The purpose of this document is to set requirements for NATs that
   handle TCP traffic.

   The requirements of this specification apply to traditional NATs as
   described in [RFC2663].

   This document only covers the TCP aspects of NAT traversal.
   Middlebox behavior that is not necessary for network address
   translation of TCP is out of scope.  Packet inspection above the TCP
   layer and firewalls are out of scope except for Application Level
   Gateway (ALG) behavior that may interfere with NAT traversal.
   Application and OS aspects of TCP NAT traversal are out of scope.
   Signaling-based approaches to NAT traversal, such as Middlebox
   Communication (MIDCOM) and Universal Plug and Play (UPnP), that
   directly control the NAT are out of scope.  Finally, TCP connections
   intended for the NAT (e.g., an HTTP or Secure Shell Protocol (SSH)
   management interface) and TCP connections initiated by the NAT (e.g.,
   reliable syslog client) are out of scope.

2.  Introduction

   Network Address Translators (NATs) hinder connectivity in
   applications where sessions may be initiated to internal hosts.
   Readers may refer to [RFC3022] for detailed information on
   traditional NATs.  [BEHAVE-UDP] lays out the terminology and
   requirements for NATs in the context of IP and UDP.  This document
   supplements these by setting requirements for NATs that handle TCP
   traffic.  All definitions and requirements in [BEHAVE-UDP] are
   inherited here.

   [RFC4614] chronicles the evolution of TCP from the original
   definition [RFC0793] to present-day implementations.  While much has
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools