Joe Touch wrote: >>>> 9. ICMP > I quoted the start of the section. The first sentence, without further > qualification, is inaccurate, IMO. Anyway, most of the discussion in the section is inapplicable to end to end NAT where public source addresses are used even within private networks. > ICMP messages do not themselves have port numbers, but they are intended > to *carry* port numbers of the messages that caused their generation (if > they report errors). FYI, traceroute both with UDP or ICMP ECHO is working to/from /between private network behind end to end gateway is working. > IMO, any device that initiates packets MUST verify that the IDs emitted > follow spec. Once a packet's address(es) are rewritten, the NAT is > responsible for ensuring that the IDs are unique across the > src/dst/proto triple. > > I'm not aware of NATs that do this; they typically copy the ID field, > and this can easily cause reassembly errors later - even if the packet > is reassembled at the NAT itself. IC. We can rely on random id and transport checksum, then. > See draft-ietf-intarea-ipv4-id-update for more a discussion of this > issue and the proposed requirements to address it. It should be noted that packet smaller than 69B is also atomic. The problem of the draft (and IPv6) is that it depends on PMTUD. PMTUD just does not work. Worse, PMTUD is inefficient. That is, that PMTUD periodically sends oversized packets means PMTUD overloads routers, just as IPv4 fragmentation overloads routers. If we write a draft on IPv6 issues, it should contain a lot more and a lot more serious issues than those of shared addressing. Masataka Ohta _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf