Last Modified: 2005-06-28
Mar 05 | Produce a BCP document that describes the usage of protocols like STUN for performing black-box testing and characterizing NAT behavior | |
May 05 | Produce a BCP that defines unicast UDP behavioral requirements for NATs | |
Jul 05 | Any revisions to STUN required by other WG deliverables | |
Sep 05 | Produce a BCP that defines TCP behavioral requirements for NATs | |
Nov 05 | Produce a BCP that defines basic ICMP behavioral requirements for NATs | |
Dec 05 | Produce a BCP that discusses protocol design techniques for using the existing set of NAT traversal approaches | |
Jan 06 | Close WG or recharter |
Behave WG IETF63, Tuesday 2-Aug-2005 Scribe: Paul Kyzivat Draft-ietf-behave-nat-udp-03 Presented by Francois Audet Discussed status and changes. There were two open issues: 1. Removal of Section 5.2. Final Resolution: Approved. 2. In new REQ-7 (a) there is debate whether to use MAY or SHOULD in: the filtering behavior {MAY/SHOULD} be an option configurable by the administrator of the NAT. Brian Ford advocated SHOULD, Cullen Jennings advocated MAY. Cullen said applications can’t depend on this favor anyway, so no point in requiring it. Paul Hoffmann noted that SHOULD must include the rationale when it can be violated, and he thought that may be hard to do in this case. Jon Peterson thought there was confusion regarding the target for this requirement – a NAT builder or administrator. Brian said just having the option is helpful for self organizing peer-to-peer systems where some of the nodes need to be super nodes that require special NAT behavior. He postulated that the objection to SHOULD was that some NAT vendors might object to meeting it. He asked if there were NAT vendors in the room that could answer, but none did. Jon asked for anybody other than Brian in favor of SHOULD to respond. Nobody did. Someone from Juniper (I didn’t catch who) spoke as a NAT vendor. He said they are concerned about security in their NAT, and that if they were convinced to implement the option they would strongly encourage customers not to enable it. Final resolution: this stays a MAY. Other discussion on the draft: Dan Wing suggested that maybe the document should be targeted at application developers (what they should expect) rather than what NAT vendors should do. Brian Ford brought up an issue regarding fragmented UDP packets. He said some operating systems routinely send fragmented packets out of order, and this breaks applications. This was identified as a change from a MAY to a MUST in Requirement 13. Cullen claimed it is impossible because it opens up DOS attacks. Dave Oran said there is no DOS attack if reassembly of fragmented packets is done right. (By reserving a fixed number of reassembly buffers and only doing reassembly when a buffer is available.) Final resolution: Agreed in principle to this change pending a write-up by Brian Ford. Brian brought up another issue: Twice NAT is becoming a big issue. Almost all consumer NATs use DHCP to obtain their IP address. If this gets an address from another NAT, then the downstream and upstream addresses could end up the same. Some NATs have been observed to fail in this case. He requested language that NAT vendors be sure to cope with this. There was some question of whether use of twice NAT is increasing or decreasing. However no one in the room had first hand knowledge of this situation – only hearsay. Final resolution: Brian and Cullen will come up with wording to address this. Brian had an issue regarding document organization. Final Resolution: Paul Hoffman said that can be done by chairs and AD – it doesn’t require consensus. Brian had another issue about terminology and wanted to talk about the adoption of gen draft and overall organization of documents. Jon Peterson thought it appropriate to discuss this. Brian complained he hasn’t had a hearing on all the documents he has tried to offer. Jon Peterson thought this has had ample hearing on the list. The room was polled for others agreeing with Brian. No one responded, so Brian agreed to drop his objections. The end of the meeting was then at hand so there was no time to discuss other documents. |