behave-05----Page:5
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
|
Req # 3 – TCP SM Timeouts NAT MUST maintain timeouts for different states of state machine in a TCP NAT Session.The timeouts MUST be configurable. NAT MUST maintain SYN Timer to protect against SYN flood-attacks in STARTUP state. Suggested timeout: 30 to 60 secs. NAT MUST maintain Session Timer to track idle-time on active TCP sessions. Suggested timeout: 60 mins if no KeepAlive implemented and 120 minutes if KeepAlive implemented. NAT MUST maintain Close Timer, to allow for proper session termination, and to allow re-opening a recently closed or reset TCP session if desired. NAT can delete the TCP NAT session Upon expiry of Close timer, or enter STARTUP state and initiate SYN timer upon receipt of SYN. Suggested timeout: 2xMSL (Maximum Segment Lifetime) to 60 seconds. |