Draft-ietf-behave-nat-udp-00 NAT Behavioral Requirements for Unicast UDP draft-ietf-behave-nat-upd-00 François Audet - Cullen Jennings.

Slides:

Advertisements

Similar presentations

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

Advertisements

Fall VoN 2000 SIP Servers SIP Servers: A Buyers Guide Jonathan Rosenberg Chief Scientist.

NAT-PT Applicability Statement Design Team IETF #57, IETF V6OPS WG Vienna, Austria July 16, 2003.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

NAT/Firewall Traversal April NAT revisited – “port-translating NAT”

1 © 2004 Cisco Systems, Inc. All rights reserved. Making NATs work for Online Gaming and VoIP Dr. Cullen Jennings

STUN Date: Speaker: Hui-Hsiung Chung 1.

SIP Traversal over NAT Problems and Solutions Mr. Ting-Yun Chi May 2,2006 (Taiwan,NICI IPv6 R&D Division)

Copyright 2005 – 2009 © by Elliot Eichen. All rights reserved. NAT (NAPT/PAT), STUN, and ICE `Structure of ice II, viewed along the hexagonal c-axis. Hydrogen.

IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: DT Update on MIH L3 transport Date Submitted: September, 2007 Presented.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

STUN Tutorial Jonathan Rosenberg Chief Technology Officer.

Security implications of Network Address Translators (NATs) (draft-gont-behave-nat-security) Fernando Gont Pyda Srisuresh UTN/FRH EMC Corporation 76th.

December 10, Policy Terminology - 01 Report for 49th IETF Preview for AAA Arch RG John Schnizlein.

ICE Jonathan Rosenberg dynamicsoft. Issue 1: Port Restricted Flow This case does not work well with ICE right now Race condition –Works if message 13.

RTSP NAT Traversal Update Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) IETF-60 MMUSIC WG draft-ietf-mmusic-rtsp-nat-03.txt.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

Lesson 1: Configuring Network Load Balancing

1 The Design and Implementation of Mobile Session Controller.

XCON Framework Overview & Issues Editors: Mary Barnes Chris Boulton

Company Confidential 1 © 2005 Nokia V1-Filename.ppt / yyyy-mm-dd / Initials Modification Proposals to Current TURN Spec Mikael Latvala.

P2PSIP Charter Proposal Many people helped write this charter…

March 7, 2005MOBIKE WG, IETF 621 Mobility Protocol Options for IKEv2 (MOPO-IKE) Pasi Eronen.

Introduction to Network Address Translation

1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.

© N. Ganesan, All rights reserved. Chapter IP Addressing Format.

BEHAVE BOF (Behavior Engineering for Hindrance AVoidancE) Cullen Jennings Jiri Kuthan.

Brad Baker CS591 Spring 2007 Term project 10/15/ Pktfilter modification - Brad Baker.

03/07/2005IETF 62, Minneapolis NAT requirements for TCP (BEHAVE WG) draft-sivakumar-behave-nat-tcp-req-00.txt S.Sivakumar, K.Biswas, B.Ford.

Draft-khan-ip-serv-peer-arch-03.txt SPEERMINT Peering Architecture IETF-66, Montreal, Canada Sohel Khan, Ph.D. Technology Strategist.

Behave Status IETF 62 - Behave WG Chairs (Cullen Jennings, Jiri Kuthan)

0 NAT/Firewall NSLP Activities IETF 60th - August 2nd 2004 Cedric Aoun, Martin Stiemerling, Hannes Tschofenig.

Network Address Translation External/ Internal/. OVERLOADING In Overloading, each computer on the private network is translated to the same IP address;

5 Firewalls in VoIP Selected Topics in Information Security – Bazara Barry.

Draft-ietf-rddp-security-02 Summary of outstanding issues August 4, 2004 Jim Pinkerton.

Guidance of Using Unique Local Addresses draft-liu-v6ops-ula-usage-analysis-05 draft-liu-v6ops-ula-usage-analysis-05 Bing Liu(speaker), Sheng Jiang, Cameron.

Draft-ietf-fecframe-config-signaling-02 1 FEC framework Configuration Signaling draft-ietf-fecframe-config-signaling-02.txt IETF 76 Rajiv Asati.

Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.

Page 1 IETF Speermint Working Group Speermint Requirements/Guidelines for SIP session peering draft-ietf-speermint-requirements-02 IETF 69 - Monday July.

Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.

NAT/Firewall Behavioral Requirements draft-audet-nat-behave-00 François Audet - Cullen Jennings -

RTP Splicing Status Update draft-ietf-avtext-splicing-for-rtp-11 Jinwei Xia.

NATFW NSLP Status draft-ietf-nsis-nslp-natfw-12.txt M. Stiemerling, H. Tschofenig, C. Aoun, and E. Davies NSIS Working Group,

Balanced Security for IPv6 CPE draft-ietf-v6ops-balanced-ipv6-security-01 IETF89 London M. Gysi, G. Leclanche, E. Vyncke, R. Anfinsen.

A Framework for Session Initiation Protocol User Agent Profile Delivery (draft-ietf-sipping-config-framework-11) SIPPING – IETF 68 Mar 19, 2007 Sumanth.

Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.

Softwire Security Requirement Update draft-ietf-softwire-security-requirements-02.txt IETF Meeting, Prague March 19, 2007 Shu Yamamoto Carl Williams Florent.

RObust Header Compression WG (ROHC) 66 th IETF Montreal, Canada, July 11, 2006 Meeting Chair: Carsten Bormann WG Chair: Lars-Erik Jonsson.

CLUE WG chair: Mary Barnes RTCWEB WG chair: Ted Hardie CLUE & RTCWEB WGs Adhoc Common (SDP/RTP) building blocks IETF-82.

History-Info header and Support of target-uri Solution Requirements Mary Barnes Francois Audet SIPCORE.

MIDCOM MIB Juergen Quittek, Martin Stiemerling, Pyda Srisuresh 60th IETF meeting, MIDCOM session.

ID-LOC Proposal Philip Matthews Eric Cooper Alan Johnston Avaya With contributions from Cullen Jennings, David Bryan, and Bruce Lowekamp.

SDP draft-ietf-mmusic-sdp-new-21.txt Colin Perkins.

Draft-ietf-behave-nat-00 NAT/Firewall Behavioral Requirements draft-ietf-behave-nat-00 François Audet - Cullen Jennings -

HIP-Based NAT Traversal in P2P-Environments

Planning the Addressing Structure

Usurp: Distributed NAT Traversal for Overlay Networks

MIDCOM Protocol Semantics 55th IETF

改良UDP洞穿技術設計物聯網通訊：以遠端門鈴監控系統為例 Improving UDP Hole Punching Technique For IoT Communications: A Remote Door-bell Monitoring System 報告時間28~32分佳楊凱勝指導教授：柯開維.

NAT Behavioral Requirements for Unicast UDP

IKEv2 Mobility and Multihoming Protocol (MOBIKE)

Magnus Westerlund / Ericsson Thomas Zeng / PacketVideo

NET323 D: Network Protocols

NET323 D: Network Protocols

Planning the Addressing Structure

Request for Comments(RFC) 3489

draft-ietf-dtn-bpsec-06

Guidelines for using the Multiplexing Features of RTP to Support Multiple Media Streams draft-ietf-avtcore-multiplex-guidelines-06 Magnus.

Presentation transcript:

draft-ietf-behave-nat-udp-00 NAT Behavioral Requirements for Unicast UDP draft-ietf-behave-nat-upd-00 François Audet - Cullen Jennings -

draft-ietf-behave-nat-udp-00 Status 2 nd release of Working Group Document Posted January 10 th Last version was draft-audet-nat-behave-00 presented at IETF 61 Integrates decisions made in IETF 61 and on mailing list since then No major outstanding issue

draft-ietf-behave-nat-udp-00 Terminology “address and port mapping” ≠ “binding” –translation between an external address and port and an internal address and port –Different from “binding” as per RFC 2663, MIDCOM, etc.

draft-ietf-behave-nat-udp-00 Applicability statement New text for “big NAT/FW opt-out” –Because of other more important requirements, security, multihoming, etc., some large Enterprise NATs may decide to comply to only some of the requirements in this draft –Based on last meeting’s input Any concerns?

draft-ietf-behave-nat-udp-00 Removal of redundant REQs No more “It is RECOMMENDED that X but you MAY also Y”. Replaced with “It is RECOMMENDED that X” –No more “best effort nonsense” –Simpler and clearer Removal of REQ-8 “The NAT UDP filter timeout behavior MUST be the same as the NAT UDP binding timeout”. (confusing)

draft-ietf-behave-nat-udp-00 Source Port Range Well-known (0-1023), Registered ( ), Dynamic/Private ( ) Old text: MUST NOT use Well-known (REQ-3c) New text (agreed at last meeting): –If the host's source port was in the range , it is RECOMMENDED the NAT's source port also be in the same range. If the host's source port was in the range , it is RECOMMENDED that the NAT's source port also be in that range.

draft-ietf-behave-nat-udp-00 ALGs Old text: –A NAT MUST have the capability to turn off individually all ALGs it supports, except for DNS and IPsec (REQ-10) –Any NAT ALG for SIP MUST be turned off by default (REQ-10a) New text (agreed at last meeting): –REQ-9 If a NAT includes ALGs, it is RECOMMENDED that all of those ALGs be disabled by default. (REQ-9) –If a NAT includes ALGs, it is RECOMMENDED that the NAT allow the user to enable or disable each ALG separately. (REQ-9a)

draft-ietf-behave-nat-udp-00 Deterministic behavior Clarification of requirement: –A NAT MUST have deterministic behavior, i.e., it MUST NOT change the NAT mapping or the External External Filtering Behavior at any point in time or under any particular conditions. (REQ-10)

draft-ietf-behave-nat-udp-00 Port Parity Finally and agreement No change to requirement (RECOMMEND respecting port parity) Changed wording on RFC 3550 Explains that some implementation don’t support RFC 3605 and may substract one to an RTP port if it is odd causing lost media (even if the sender did everything correctly), thus the recommendation Note: SDP-new-24 now explains that if you don’t respect the parity and/or contiguity rule (because of NAT for example), then you must use RFC 3605

draft-ietf-behave-nat-udp-00 RTCP=RTP+1 No requirement to attempt to preserve the Port contiguity rule New text (agreed at last meeting): –Explaining that techniques currently used (sequential assignment, port reservation) have significant issues with glare and/or is wasteful for non-RTP UDP packets. –Separate negotiation must be done by application, e.g., RFC 3605 (out-of-scope of this document: for app document).

draft-ietf-behave-nat-udp-00 Relationship with Cone and Symmetric NAT Terminology New explanatory section || External Filtering Behavior | | | External NAT || Endpoint | Endpoint | Endpoint | | Mapping Behavior || Independent | Address | Address/Port | | || | Dependent | Dependent | |=================================================================| | Endpoint || Full | Restricted | Port Restricted | | Independent || Cone | Cone | Cone | | | | Endpoint Address || Symmetric~ | Symmetric~ | Symmetric~ | | Dependent || (a) | (a, 2) | (a, b) | | | | Endpoint Address || Symmetric~ | Symmetric | Symmetric~ | | /Port Dependent || (1) | (1, 2) | (1, b) |

draft-ietf-behave-nat-udp-00 Open issues Port preservation –REQ-3: It is RECOMMENDED that a NAT have a "Port assignment" behavior of "No port preservation". a)NAT MAY use a "Port assignment" behavior of "Port preservation". –Not recommending “port preservation” is meaningless because “random” can mean preservation –Either we recommend port preservation or we don’t recommend anything at all –Proposal: Don’t recommend anything at all (i.e., ports may or may not be preserved: not important) Others? Next step?