Path MTU Discovery Using Session Traversal Utilities for NAT (STUN)Impedance Mismatchmarc@petit-huguenin.orgCisco Systems, Inc.7200-12 Kit Creek RoadResearch Triangle ParkNC27709United Statesgsalguei@cisco.com
TSV
TRAMThis document describes a Session Traversal Utilities for NAT (STUN) usage for Path MTU Discovery (PMTUD) between a client and a server.The Packetization Layer Path MTU Discovery specification describes a method to discover the path MTU but does not describe a practical protocol to do so with UDP. This document only describes how probing mechanisms are implemented with Session Traversal Utilities for NAT (STUN). The algorithm to find the path MTU is described in .The STUN usage defined in this document for Path MTU Discovery (PMTUD) between a client and a server simplifies troubleshooting and has multiple applications across a wide variety of technologies.Additional network characteristics like the network path (using the STUN Traceroute mechanism described in
) and bandwidth availability (using the mechanism described in ) can be discovered using complementary techniques.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in . When these words are not in ALL CAPS (such as "must" or "Must"), they have their usual English meanings, and are not to be interpreted as RFC 2119 key words. A client MUST NOT send a probe if it does not have knowledge that the server supports this specification. This is done by an external mechanism specific to each UDP protocol. describes some of this mechanisms. The probe mechanism is used to discover the path MTU in one direction only, from the client to the server. Two probing mechanisms are described, a simple probing mechanism and a more complete mechanism that can converge quicker. The simple probing mechanism is implemented by sending a Probe Request with a PADDING attribute and the DF bit set over UDP. A router on the path to the server can reject this request with an ICMP message or drop it. The client SHOULD cease retransmissions after 3 missing responses. The complete probing mechanism is implemented by sending one or more Probe Indication with a PADDING attribute and the DF bit set over UDP then a Report Request to the same server. A router on the path to the server can reject this indication with an ICMP message or drop it. The server keeps a time ordered list of identifiers of all packets received (including retransmitted packets) and sends this list back to the client in the Report Response. The client analyzes this list to find which packets were not received. Because UDP packets does not contain an identifier, the complete probing mechanism needs a way to identify each packet received. While there are other possible packet identification schemes, this document describes two different ways to identify a specific packet. In the first packet identifier mechanism, the server computes a checksum over each packet received and sends back to the sender the ordered list of checksums. The client compares this list to its own list of checksums. In the second packet identifier mechanism, the client adds a sequential number in front of each UDP packet sent. The server sends back the ordered list of sequential numbers received that the client compares to its own list A client forms a Probe Request by following the rules in Section 7.1 of . No authentication method is used. The client adds a PADDING attribute with a length that, when added to the IP and UDP headers and the other STUN components, is equal to the Selected Probe Size, as defined in section 7.3. The client MUST add the FINGERPRINT attribute. Then the client sends the Probe Request to the server over UDP with the DF bit set. The client SHOULD stop retransmitting after 3 missing responses. A server receiving a Probe Request MUST process it as specified in . The server MUST NOT challenge the client. The server then creates a Probe Response. The server MUST add the FINGERPRINT attribute. The server then sends the response to the client. A client receiving a Probe Response MUST process it as specified in . If a response is received this is interpreted as a Probe Success as defined in section 7.6.1. If an ICMP packet "Fragmentation needed" is received then this is interpreted as a Probe Failure as defined in section 7.6.2. If the Probe transactions fails in timeout, then this is interpreted as a Probe Inconclusive as defined in section 7.6.4. A client forms a Probe Indication by following the rules in section 7.1. The client adds to the Probe Indication a PADDING attribute with a size that, when added to the IP and UDP headers and the other STUN components, is equal to the Selected Probe Size, as defined in section 7.3. The client MUST add the FINGERPRINT attribute. Then the client sends the Probe Indication to the server over UDP with the DF bit set. Then the client forms a Report Request by following the rules in section 7.1. No authentication method is used. The client MUST add the FINGERPRINT attribute. Then the client waits half the RTO if it is known or 50 milliseconds after sending the Probe Indication and sends the Report Request to the server over UDP. If an ICMP packet "Fragmentation needed" is received then this is interpreted as a Probe Failure as defined in section 7.5. A server supporting this specification and knowing that the client also supports it will keep the identifiers of all packets received in a list ordered by receiving time. The same identifier can appear multiple times in the list because of retransmission. The maximum size of this list is calculated so that when the list is added to the Report Response, the total size of the packet does not exceed the unknown path MTU as defined in section 7.1. Older identifiers are removed when new identifiers are added to a list already full. A server receiving a Report Request MUST process it as specified in . The server MUST NOT challenge the client. The server creates a Report Response and adds an IDENTIFIERS attribute that contains the list of all identifiers received so far. The server MUST add the FINGERPRINT attribute. The server then sends the response to the client. A client receiving a Report Response processes it as specified in . If the response IDENTIFIERS attribute contains the identifier of the Probe Indication, then this is interpreted as a Probe Success for this probe as defined in Section 7.5. If the Probe Indication identifier cannot be found in the Report Response, this is interpreted as a Probe Failure as defined in Section 7.5. If the Probe Indication identifier cannot be found in the Report Response but other packets identifier sent before or after the Probe Indication cannot also be found, this is interpreted as a Probe Inconclusive as defined in Section 7.5. If the Report Transaction fails in timeout, this is interpreted as a Full-Stop Timeout as defined in Section 3. When using checksum as packet identifiers, the client calculate the checksum for each packet sent over UDP and keep this checksum in an ordered list. The server does the same thing and send back this list in the Report Response. It could have been possible to use the checksum generated in the UDP checksum for this, but this value is generally not accessible to applications. Also sometimes the checksum is not calculated or off-loaded to the network card. When using sequential numbers, a small header similar to the TURN ChannelData header is added in front of all non-STUN packets. The sequential number is incremented for each packet sent. The server collects the sequence number of the packets sent.The Channel Number is always 0xFFFF.An endpoint acting as a client for the STUN usage described in this specification MUST also act as a server for this STUN usage. This means that a server receiving a probe can assumes that it can acts as a client to discover the path MTU to the IP address and port from which it received the probe. A TURN client supporting this STUN usage will add a PMTUD-SUPPORTED attribute to the Allocate Request sent to the TURN server. The TURN server can immediately start to send probes to the TURN client on reception of an Allocation Request with a PMTUD-SUPPORTED attribute. The TURN client will then use the Implicit Mechanism described above to send probes. An ICE client supporting this STUN usage will add a PMTUD-SUPPORTED attribute to the Binding Request sent during a connectivity check. The ICE server can immediately start to send probes to the ICE client on reception of a Binding Request with a PMTUD-SUPPORTED attributed. Local candidates receiving Binding Request with the PMTUD-SUPPORTED flag must not start PMTUD with the remote candidate if already done so. The ICE client will then use the Implicit Mechanism described above to send probes. This specification defines the following new STUN methods: 0x801 : Probe0x802 : ReportThis specification defines the following new STUN attributes: 0x4001 : IDENTIFIERS0xC001 : PMTUD-SUPPORTEDThe IDENTIFIERS attribute is used in Report Response. It contains a list of UDP packet identifiers. The PMTUD-SUPPORTED attribute is used in STUN usages and extensions to signal the support of this specification. This attribute has no content. TBD TBD Thanks to Eilon Yardeni, Geir Sandbakken and Paal-Erik Martinsen for their review comments, suggestions and questions that helped to improve this document.Special thanks to Dan Wing, who supported this document since its first publication back in 2008.Key words for use in RFCs to Indicate Requirement LevelsHarvard University1350 Mass. Ave.CambridgeMA 02138- +1 617 495 3864sob@harvard.edu
General
keywordIn many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. Authors who follow these guidelines should incorporate this phrase near the beginning of their document: The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. Note that the force of these words is modified by the requirement level of the document in which they are used. Packetization Layer Path MTU DiscoveryThis document describes a robust method for Path MTU Discovery (PMTUD) that relies on TCP or some other Packetization Layer to probe an Internet path with progressively larger packets. This method is described as an extension to RFC 1191 and RFC 1981, which specify ICMP-based Path MTU Discovery for IP versions 4 and 6, respectively. [STANDARDS-TRACK]Session Traversal Utilities for NAT (STUN)Session Traversal Utilities for NAT (STUN) is a protocol that serves as a tool for other protocols in dealing with Network Address Translator (NAT) traversal. It can be used by an endpoint to determine the IP address and port allocated to it by a NAT. It can also be used to check connectivity between two endpoints, and as a keep-alive protocol to maintain NAT bindings. STUN works with many existing NATs, and does not require any special behavior from them.</t><t> STUN is not a NAT traversal solution by itself. Rather, it is a tool to be used in the context of a NAT traversal solution. This is an important change from the previous version of this specification (RFC 3489), which presented STUN as a complete solution.</t><t> This document obsoletes RFC 3489. [STANDARDS-TRACK]Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer ProtocolsThis document describes a protocol for Network Address Translator (NAT) traversal for UDP-based multimedia sessions established with the offer/answer model. This protocol is called Interactive Connectivity Establishment (ICE). ICE makes use of the Session Traversal Utilities for NAT (STUN) protocol and its extension, Traversal Using Relay NAT (TURN). ICE can be used by any protocol utilizing the offer/answer model, such as the Session Initiation Protocol (SIP). [STANDARDS-TRACK]NAT Behavior Discovery Using Session Traversal Utilities for NAT (STUN)This specification defines an experimental usage of the Session Traversal Utilities for NAT (STUN) Protocol that discovers the presence and current behavior of NATs and firewalls between the STUN client and the STUN server. This document defines an Experimental Protocol for the Internet community.Improving Awareness of Running Code: The Implementation Status SectionThis document describes a simple process that allows authors of Internet-Drafts to record the status of known implementations by including an Implementation Status section. This will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature.</t><t> The process in this document is offered as an experiment. Authors of Internet-Drafts are encouraged to consider using the process for their documents, and working groups are invited to think about applying the process to all of their protocol specifications. The authors of this document intend to collate experiences with this experiment and to report them to the community.This section must be removed before publication as an RFC. Moved some Introduction text to the Probing Mechanism section.Added cross-reference to the other two STUN troubleshooting mechanism drafts.Updated references.Added Gonzalo Salgueiro as co-author.General refresh for republication.Changed author address.Changed the IPR to trust200902.Replaced the transactions identifiers by packet identifiersDefined checksum and sequential numbers as possible packet identifiers.Updated the reference to RFC 5389The FINGERPRINT attribute is now mandatory.Changed the delay between Probe indication and Report request to be RTO/2 or 50 milliseconds.Added ICMP packet processing.Added Full-Stop Timeout detection.Stated that Binding request with PMTUD-SUPPORTED does not start the PMTUD process if already started.Removed the use of modified STUN transaction but shorten the retransmission for the simple probing mechanism. Added a complete probing mechanism. Removed the PADDING-RECEIVED attribute. Added release notes.