NAT Behavioral Requirements for TCP
RFC 5382
Document | Type |
RFC - Best Current Practice
(October 2008; No errata)
Updated by RFC 7857
Also known as BCP 142
|
|
---|---|---|---|
Authors | Bryan Ford , Saikat Guha , Kaushik Biswas , Senthil Sivakumar , Pyda Srisuresh | ||
Last updated | 2015-10-14 | ||
Replaces | draft-hoffman-behave-tcp | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | WG Document | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5382 (Best Current Practice) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Magnus Westerlund | ||
Send notices to | (None) |
Network Working Group S. Guha, Ed. Request for Comments: 5382 Cornell U. BCP: 142 K. Biswas Category: Best Current Practice Cisco Systems B. Ford MPI-SWS S. Sivakumar Cisco Systems P. Srisuresh Kazeon Systems October 2008 NAT Behavioral Requirements for TCP Status of This Memo This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited. Abstract This document defines a set of requirements for NATs that handle TCP that would allow many applications, such as peer-to-peer applications and online games to work consistently. Developing NATs that meet this set of requirements will greatly increase the likelihood that these applications will function properly. Guha, et al. Best Current Practice [Page 1] RFC 5382 NAT TCP Requirements October 2008 Table of Contents 1. Applicability Statement . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 4. TCP Connection Initiation . . . . . . . . . . . . . . . . . . 4 4.1. Address and Port Mapping Behavior . . . . . . . . . . . . 5 4.2. Internally Initiated Connections . . . . . . . . . . . . . 5 4.3. Externally Initiated Connections . . . . . . . . . . . . . 7 5. NAT Session Refresh . . . . . . . . . . . . . . . . . . . . . 10 6. Application Level Gateways . . . . . . . . . . . . . . . . . . 12 7. Other Requirements Applicable to TCP . . . . . . . . . . . . . 12 7.1. Port Assignment . . . . . . . . . . . . . . . . . . . . . 12 7.2. Hairpinning Behavior . . . . . . . . . . . . . . . . . . . 13 7.3. ICMP Responses to TCP Packets . . . . . . . . . . . . . . 13 8. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 14 9. Security Considerations . . . . . . . . . . . . . . . . . . . 16 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 18 11.1. Normative References . . . . . . . . . . . . . . . . . . . 18 11.2. Informational References . . . . . . . . . . . . . . . . . 18 Guha, et al. Best Current Practice [Page 2] RFC 5382 NAT TCP Requirements October 2008 1. Applicability Statement This document is adjunct to [BEHAVE-UDP], which defines many terms relating to NATs, lays out general requirements for all NATs, and sets requirements for NATs that handle IP and unicast UDP traffic. The purpose of this document is to set requirements for NATs that handle TCP traffic. The requirements of this specification apply to traditional NATs as described in [RFC2663]. This document only covers the TCP aspects of NAT traversal. Middlebox behavior that is not necessary for network address translation of TCP is out of scope. Packet inspection above the TCP layer and firewalls are out of scope except for Application Level Gateway (ALG) behavior that may interfere with NAT traversal. Application and OS aspects of TCP NAT traversal are out of scope. Signaling-based approaches to NAT traversal, such as Middlebox Communication (MIDCOM) and Universal Plug and Play (UPnP), that directly control the NAT are out of scope. Finally, TCP connections intended for the NAT (e.g., an HTTP or Secure Shell Protocol (SSH) management interface) and TCP connections initiated by the NAT (e.g., reliable syslog client) are out of scope. 2. Introduction Network Address Translators (NATs) hinder connectivity in applications where sessions may be initiated to internal hosts. Readers may refer to [RFC3022] for detailed information on traditional NATs. [BEHAVE-UDP] lays out the terminology and requirements for NATs in the context of IP and UDP. This document supplements these by setting requirements for NATs that handle TCP traffic. All definitions and requirements in [BEHAVE-UDP] are inherited here. [RFC4614] chronicles the evolution of TCP from the original definition [RFC0793] to present-day implementations. While much hasShow full document text