TCP Fails To Respect IPV6_USE_MIN

The IPV6_USE_MIN_MTU , Section 11.1, socket option directs the IP layer to limit the IPv6 packet size to the minimum required supported MTU from the base IPv6 specification , i.e. 1280 bytes. Many implementations of TCP running over IPv6 neglect to check the IPV6_USE_MIN_MTU value when performing MSS negotiation and when constructing a TCP segment. This leads to oversized IPv6 packets being sent resulting in unintended Path Maximum Transport Unit Discovery (PMTUD) being performed and to fragmented IPv6 packets being sent. TCP, when running over IPv6, SHOULD check the value of IPV6_USE_MIN_MTU when performing MSS negotiation. TCP implementations already use learnt PMTU and interface MTU when performing MSS negotiation. This is yet another constraint on the MTU which SHOULD be considered. TCP, when running over IPv6, SHOULD check the value of IPV6_USE_MIN_MTU when calculating the segment size to send. TCP implementations already use learnt PMTU and interface MTU when calculating the segment size to send.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in .

TCP, when running over IPv6, SHOULD check the value of IPV6_USE_MIN_MTU when performing MSS negotiation. If the value of IPV6_USE_MIN_MTU is one (1) then the application has requested that PMTUD not be performed on the socket and that IPv6 packets be sent at a size no greater then the network minimum MTU of 1280 bytes. This means that the TCP MSS negotiation size SHOULD be no bigger than 1220 (1280 - 40 - 20) to account for the IPv6 header and the TCP header and MAY be smaller. If this negotiation is properly performed then PMTUD of reply traffic should not normally occur.

TCP, when running over IPv6, SHOULD check the value of IPV6_USE_MIN_MTU when calculation the next segment to send. If the value of IPV6_USE_MIN_MTU is one (1) them the maximum segment size SHOULD be 1220. If the TCP layer neglects to check the value of IPV6_USE_MIN_MTU and it is one (1), the packet, when passed to the IPv6 layer, will be fragmented if the resulting packet is bigger that 1280 octets. This can result in communications failures due to intermediate nodes not passing fragmented packets.

A example of current usage of IPV6_USE_MIN_MTU=1 and TCP is in DNS nameservers. This is done as the TCP message streams are normally no more than a couple of IPv6 packets so there is little benefit in using maximum sized packet, and no real negative effects from using smaller packets. There are lots of servers / clients that these servers talk to and maintaining PMTU knowledge is not effective for long enough resulting in PMTUD being repeated performed. There are external time constraints where recovery from lost ICMPv6 PTB will result in a elapsed transaction time that falls outside of the time constraint window.

I would like to thank Havard Eidnes, Sander Steffann and John Leslie for their feedback.

The document makes not changes that could impact on the security of a IPv6 stack.

There are no actions for IANA.