idnits 2.17.1 draft-fairhurst-tsvwg-datagram-plpmtud-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 3) being 60 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 11 instances of too long lines in the document, the longest one being 2 characters in excess of 72. -- The abstract seems to indicate that this document updates RFC8201, but the header doesn't have an 'Updates:' line to match this. -- The abstract seems to indicate that this document updates RFC4821, but the header doesn't have an 'Updates:' line to match this. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 6, 2017) is 2331 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-34) exists of draft-ietf-quic-transport-04 == Outdated reference: A later version (-32) exists of draft-ietf-tsvwg-udp-options-01 ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 4960 (Obsoleted by RFC 9260) Summary: 3 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force G. Fairhurst 3 Internet-Draft T. Jones 4 Intended status: Standards Track University of Aberdeen 5 Expires: June 07, 2018 M. Tuexen 6 I. Ruengeler 7 Muenster University of Applied Sciences 8 December 6, 2017 10 Packetization Layer Path MTU Discovery for Datagram Transports 11 draft-fairhurst-tsvwg-datagram-plpmtud-02 13 Abstract 15 This document describes a robust method for Path MTU Discovery 16 (PMTUD) for datagram Packetization layers. The method allows a 17 Packetization layer (or a datagram application that uses it) to probe 18 an network path with progressively larger packets to determine a 19 maximum packet size. The document describes as an extension to RFC 20 1191 and RFC 8201, which specify ICMP-based Path MTU Discovery for 21 IPv4 and IPv6. This provides functionally for datagram transports 22 that is equivalent to the Packetization layer PMTUD specification for 23 TCP, specified in RFC4821. 25 When published, this specification updates RFC4821. 27 Status of this Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at http://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on June 07, 2018. 44 Copyright Notice 46 Copyright (c) 2017 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents (http://trustee.ietf.org/ 51 license-info) in effect on the date of publication of this document. 52 Please review these documents carefully, as they describe your rights 53 and restrictions with respect to this document. Code Components 54 extracted from this document must include Simplified BSD License text 55 as described in Section 4.e of the Trust Legal Provisions and are 56 provided without warranty as described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 61 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 62 3. Features required to provide Datagram PLPMTUD . . . . . . . . 6 63 3.1. PMTU Probe Packets . . . . . . . . . . . . . . . . . . . . 8 64 3.2. Validation of the current effective PMTU . . . . . . . . . 9 65 3.3. Reduction of the effective PMTU . . . . . . . . . . . . . 10 66 4. Datagram Packetization Layer PMTUD . . . . . . . . . . . . . . 10 67 4.1. Probing . . . . . . . . . . . . . . . . . . . . . . . . . 10 68 4.2. Verication and use of PTB messages . . . . . . . . . . . . 11 69 4.3. Timers . . . . . . . . . . . . . . . . . . . . . . . . . . 11 70 4.4. Constants . . . . . . . . . . . . . . . . . . . . . . . . 12 71 4.5. Variables . . . . . . . . . . . . . . . . . . . . . . . . 12 72 4.6. State Machine . . . . . . . . . . . . . . . . . . . . . . 13 73 5. Specification of Protocol-Specific Methods . . . . . . . . . . 15 74 5.1. DPLPMTUD for UDP and UDP-Lite . . . . . . . . . . . . . . 16 75 5.1.1. UDP Options . . . . . . . . . . . . . . . . . . . . . 16 76 5.1.2. UDP Options required for PLPMTUD . . . . . . . . . . . 16 77 5.1.2.1. Echo Request Option . . . . . . . . . . . . . . . 16 78 5.1.2.2. Echo Response Option . . . . . . . . . . . . . . . 16 79 5.1.3. Sending UDP-Option Probe Packets . . . . . . . . . . . 17 80 5.1.4. Validating the Path with UDP Options . . . . . . . . . 17 81 5.1.5. Handling of PTB Messages by UDP . . . . . . . . . . . 17 82 5.2. DPLPMTUD for SCTP . . . . . . . . . . . . . . . . . . . . 17 83 5.2.1. SCTP/IP4 and SCTP/IPv6 . . . . . . . . . . . . . . . . 17 84 5.2.1.1. Sending SCTP Probe Packets . . . . . . . . . . . . 18 85 5.2.1.2. Validating the Path with SCTP . . . . . . . . . . 18 86 5.2.1.3. PTB Message Handling by SCTP . . . . . . . . . . . 18 87 5.2.2. DPLPMTUD for SCTP/UDP . . . . . . . . . . . . . . . . 18 88 5.2.2.1. Sending SCTP/UDP Probe Packets . . . . . . . . . . 18 89 5.2.2.2. Validating the Path with SCTP/UDP . . . . . . . . 18 90 5.2.2.3. Handling of PTB Messages by SCTP/UDP . . . . . . . 19 91 5.2.3. DPLPMTUD for SCTP/DTLS . . . . . . . . . . . . . . . . 19 92 5.2.3.1. Sending SCTP/DTLS Probe Packets . . . . . . . . . 19 93 5.2.3.2. Validating the Path with SCTP/DTLS . . . . . . . . 19 94 5.2.3.3. Handling of PTB Messages by SCTP/DTLS . . . . . . 19 95 5.3. Other IETF Transports . . . . . . . . . . . . . . . . . . 19 96 5.4. DPLPMTUD by Applications . . . . . . . . . . . . . . . . . 19 97 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 20 98 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 99 8. Security Considerations . . . . . . . . . . . . . . . . . . . 20 100 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 101 9.1. Normative References . . . . . . . . . . . . . . . . . . . 20 102 9.2. Informative References . . . . . . . . . . . . . . . . . . 22 103 Appendix A. Event-driven state changes . . . . . . . . . . . . . . 22 104 Appendix B. Revision Notes . . . . . . . . . . . . . . . . . . . . 25 105 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26 107 1. Introduction 109 The IETF has specified datagram transport using UDP, SCTP, and DCCP, 110 as well as protocols layered on top of these transports (e.g., SCTP/ 111 UDP, DCCP/UDP). 113 Classical Path Maximum Transmission Unit Discovery (PMTUD) can be 114 used with any transport that is able to process ICMP Packet Too Big 115 (PTB) messages (e.g., [RFC1191] and [RFC8201]). It adjusts the 116 effective Path MTU (PMTU), based on reception of ICMP Path too Big 117 (PTB) messages to decrease the PMTU when a packet is sent with a size 118 larger than the value supported along a path, and a method that from 119 time-to-time increases the packet size in attempt to discover an 120 increase in the supported PMTU. 122 However, Classical PMTUD is subject to protocol failures. One 123 failure arises when traffic using a packet size larger than the 124 actual supported PMTU is black-holed (all datagrams sent with this 125 size are silently discarded). This could continue to happen when ICMP 126 PTB messages are not delivered back to the sender for some reason 127 [RFC2923]). For example, ICMP messages are increasingly filtered by 128 middleboxes (including firewalls) [RFC4890], and in some cases are 129 not correctly processed by tunnel endpoints. 131 Another failure could result if a system not on the network path 132 sends a PTB that attempts to force the sender to change the effective 133 PMTU [RFC8201]. A sender can protect itself from reacting to such 134 messages by utilising the quoted packet within the PTB message 135 payload to verify that the received PTB message was generated in 136 response to a packet that had actually been sent. However, there are 137 situations where a sender is unable to provide this verification 138 (e.g., when the PTB message does not include sufficient information, 139 often the case for IPv4; or where the information corresponds to an 140 encrypted packet). Most routers implement RFC792 [RFC0792], which 141 requires them to return only the first 64 bits of the IP payload of 142 the packet, whereas RFC1812 [RFC1812] requires routers to return the 143 full packet if possible. 145 Even when the PTB message includes sufficient bytes of the quoted 146 packet, the network layer could lack sufficient context to perform 147 verification, because this depends on information about the active 148 transport flows at an endpoint node (e.g., the socket/address pairs 149 being used, and other protocol header information). 151 The term Packetization Layer (PL) has been introduced to describe the 152 layer that is responsible for placing data blocks into the payload of 153 packets and selecting an appropriate maximum packet size. This 154 function is often performed by a transport protocol, but can also be 155 performed by other encapsulation methods working above the transport. 156 PTB verification is more straight forward at the PL or at a higher 157 layer. 159 In contrast to PMTUD, Packetization Layer Path MTU Discovery 160 (PLPMTUD) [RFC4821] does not rely upon reception and verification of 161 PTB messages. It is therefore more robust than Classical PMTUD. This 162 has become the recommended approach for implementing PMTU discovery 163 with TCP. It uses a general strategy where the PL searches for an 164 appropriate PMTU by sending probe packets along the network path with 165 a progressively larger packet size. If a probe packet is 166 successfully delivered (as determined by the PL), then the effective 167 Path MTU is raised to the size of the successful probe. 169 PLPMTUD introduces flexibility in the implementation of PMTU 170 discovery. At one extreme, it can be configured to only perform PTB 171 black hole detection and recovery to increase the robustness of 172 Classical PMTUD, or at the other extreme, all PTB processing can be 173 disabled and PLPMTUD can completely replace Classical PMTUD. PLPMTUD 174 can also include additional consistency checks without increasing the 175 risk of increased blackholing. 177 The UDP-Guidelines [RFC8085] state "an application SHOULD either use 178 the path MTU information provided by the IP layer or implement Path 179 MTU Discovery (PMTUD)", but does not provide a mechanism for 180 discovering the largest size of unfragmented datagram than can be 181 used on a path. PLPMTUD has not currently been specified for UDP, 182 while Section 10.2 of [RFC4821] recommends a PLPMTUD probing method 183 for SCTP that utilises heartbeat messages as probe packets, but does 184 not provide a complete specification. This document provides the 185 details to complete that specification. Similarly, the method 186 defined in this specification could be used with the Datagram 187 Congestion Control Protocol (DCCP) [RFC4340] requires implementations 188 to support Classical PMTUD and states that a DCCP sender "MUST 189 maintain the maximum packet size (MPS) allowed for each active DCCP 190 session". It also defines the current congestion control maximum 191 packet size (CCMPS) supported by a path. This recommends use of 192 PMTUD, and suggests use of control packets (DCCP-Sync) as path probe 193 packets, because they do not risk application data loss. 195 Section 4 of this document presents a set of algorithms for datagram 196 protocols to discover a maximum size for the effective PMTU across a 197 path. The methods described rely on features of the PL Section 3 and 198 apply to transport protocols over IPv4 and IPv6. It does not require 199 cooperation from the lower layers (except that they are consistent 200 about which packet sizes are acceptable). A method can utilise ICMP 201 PTB messages when received messages are made available to the PL. 203 Finally, Section 5 specifies the method for a set of transports, and 204 provides information to enables the implementation of PLPMTUD with 205 other datagram transports and applications that use datagram 206 transports. 208 2. Terminology 210 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 211 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 212 document are to be interpreted as described in [RFC2119]. 214 Other terminology is directly copied from [RFC4821], and the 215 definitions in [RFC1122]. 217 Black-Holed: When the sender is unaware that packets are not 218 delivered to the destination endpoint (e.g., when the sender 219 transmits packets of a particular size with a previously known 220 PMTU, but is unaware of a change to the path that resulted in a 221 smaller PMTU). 223 Classical Path MTU Discovery: Classical PMTUD is a process described 224 in [RFC1191] and [RFC8201], in which nodes rely on PTB messages to 225 learn the largest size of unfragmented datagram than can be used 226 across a path. 228 Datagram: A datagram is a transport-layer protocol data unit, 229 transmitted in the payload of an IP packet. 231 Effective PMTU: The current estimated value for PMTU that is used by 232 a Packetization Layer. 234 EMTU_S: The Effective MTU for sending (EMTU_S) is defined in 235 [RFC1122] as "the maximum IP datagram size that may be sent, for a 236 particular combination of IP source and destination addresses...". 238 EMTU_R: The Effective MTU for receiving (EMTU_R) is designated in 239 [RFC1122] as the largest datagram size that can be reassembled by 240 EMTU_R ("Effective MTU to receive"). 242 Link: A communication facility or medium over which nodes can 243 communicate at the link layer, i.e., a layer below the IP layer. 244 Examples are Ethernet LANs and Internet (or higher) layer and 245 tunnels. 247 Link MTU: The Maximum Transmission Unit (MTU) is the size in bytes of 248 the largest IP packet, including the IP header and payload, that 249 can be transmitted over a link. Note that this could more 250 properly be called the IP MTU, to be consistent with how other 251 standards organizations use the acronym MTU. This includes the IP 252 header, but excludes link layer headers and other framing that is 253 not part of IP or the IP payload. Other standards organizations 254 generally define link MTU to include the link layer headers. 256 MPS: The Maximum Packet Size (MPS), the largest size of application 257 data block that can be sent unfragmented across a path. In 258 PLPMTUD this quantity is derived from Effective PMTU by taking 259 into consideration the size of the application and lower protocol 260 layer headers, and can be limited by the application protocol. 262 Packet: An IP header plus the IP payload. 264 Packetization Layer (PL): The layer of the network stack that places 265 data into packets and performs transport protocol functions. 267 Path: The set of link and routers traversed by a packet between a 268 source node and a destination node. 270 Path MTU (PMTU): The minimum of the link MTU of all the links forming 271 a path between a source node and a destination node. 273 PLPMTUD: Packetization Layer Path MTU Discovery, the method described 274 in this document for datagram PLs, which is an extension to 275 Classical PMTU Discovery. 277 Probe packet: A datagram sent with a purposely chosen size (typically 278 larger than the current Effective PMTU or MPS) to detect if 279 messages of this size can be successfully sent along the end-to- 280 end path. 282 3. Features required to provide Datagram PLPMTUD 284 TCP PLPMTUD has been defined using standard TCP protocol mechanisms. 285 All of the requirements in [RFC4821] also apply to use of the 286 technique with a datagram PL. Unlike TCP, some datagram PLs require 287 additional mechanisms to implement PLPMTUD. 289 There are nine requirements for performing the datagram PLPMTUD 290 method described in this specification: 292 1. PMTU parameters: A PLPMTUD sender is REQUIRED to provide 293 information about the maximum size of packet that can be 294 transmitted by the sender on the local link (the Link MTU and MAY 295 utilize similar information about the receiver when this is 296 supplied (note this could be less than EMTU_R). Some applications 297 also have a maximum transport protocol data unit (PDU) size, in 298 which case there is no benefit from probing for a size larger 299 than this (unless a transport allows multiplexing multiple 300 applications PDUs into the same datagram). 302 2. Effective PMTU: A datagram application MUST be able to choose the 303 size of datagrams sent to the network, up to the effective PMTU, 304 or a smaller value (such as the MPS) derived from this. This 305 value is managed by the PMTUD method. The effective PMTU 306 (specified in Section 1 of [RFC1191]) is equivalent to the EMTU_S 307 (specified in [RFC1122]). 309 3. Probe packets: On request, a PLPMTUD sender is REQUIRED to be 310 able to transmit a packet larger than the current effective PMTU 311 (but always with a total size less than the link MTU). The method 312 can use this as a probe packet. In IPv4, a probe packet is 313 always sent with the Don't Fragment (DF) bit set and without 314 network layer endpoint fragmentation. In IPv6, a probe packet is 315 always sent without source fragmentation (as specified in section 316 5.4 of [RFC8201]). 318 4. Processing PTB messages: A PLPMTUD sender MAY optionally utilize 319 PTB messages received from the network layer to help identify 320 when a path does not support the current size of packet probe. 321 Any received PTB message SHOULD/MUST be verified before it is 322 used to update the PMTU discovery information [RFC8201]. This 323 verification confirms that the PTB message was sent in response 324 to a packet originating by the sender, and needs to be performed 325 before the PMTU discovery method reacts to the PTB message. When 326 the router link MTU is indicated in the PTB message this MAY be 327 used by datagram PLPMTUD to reduce the size of a probe, but MUST 328 NOT be used increase the effective PMTU ([RFC8201]). 330 5. Reception feedback: The destination PL endpoint is REQUIRED to 331 provide a feedback method that indicates when a probe packet has 332 been received by the destination endpoint. The local PL endpoint 333 at the sending node is REQUIRED to pass this feedback to the 334 sender-side PLPMTUD method. 336 6. Probing and congestion control: The isolated loss of a probe 337 packet SHOULD NOT be treated as an indication of congestion and 338 its loss does not directly trigger a congestion control reaction 339 [RFC4821]. 341 7. Probe loss recovery: If the data block carried by a probe message 342 needs to be sent reliably, the PL (or layers above) MUST arrange 343 retransmission/repair of any resulting loss. This method MUST be 344 robust in the case where probe packets are lost due to other 345 reasons (including link transmission error, congestion). The 346 PLPMTUD method treats isolated loss of a probe packet (with or 347 without an PTB message) as a potential indication of a PMTU limit 348 on the path. The PL MAY retransmit any data included in a lost 349 probe packet without adjusting its congestion window [RFC4821]. 351 8. Cached effective PMTU: The sender MUST cache the effective PMTU 352 value used by an instance of the PL between probes and needs also 353 to consider the disruption that could be incurred by an 354 unsuccessful probe - both upon the flow that incurs a probe loss, 355 and other flows that experience the effect of additional probe 356 traffic. 358 9. Shared effective PMTU state: The PMTU value could also be stored 359 with the corresponding entry in the destination cache and used by 360 other PL instances. The specification of PLPMTUD [RFC4821] 361 states: "If PLPMTUD updates the MTU for a particular path, all 362 Packetization Layer sessions that share the path representation 363 (as described in Section 5.2 of [RFC4821]) SHOULD be notified to 364 make use of the new MTU and make the required congestion control 365 adjustments". Such methods need to robust to the wide variety of 366 underlying network forwarding behaviours. Section 5.2 of 367 [RFC8201] provides guidance on the caching of PMTU information 368 and also the relation to IPv6 flow labels. 370 In addition the following design principles are stated: 372 o Suitable MPS: The PLPMTUD method SHOULD avoid forcing an 373 application to use an arbitrary small MPS (effective PMTU) for 374 transmission while the method is searching for the currently 375 supported PMTU. Datagram PLs do not necessarily support 376 fragmentation of PDUs larger than the PMTU. A reduced MPS can 377 adversely impact the performance of a datagram application. 379 o Path validation: The PLPMTUD method MUST be robust to path changes 380 that could have occurred since the path characteristics were last 381 confirmed. 383 o Datagram reordering: A method MUST be robust to the possibility 384 that a flow encounters reordering, or has the traffic (including 385 probe packets) is divided over more than one network path. 387 o When to probe: The PLPMTUD method SHOULD determine whether the 388 path capacity has increased since it last measured the path. This 389 determines when the path should again be probed. 391 3.1. PMTU Probe Packets 393 PMTU discovery relies upon the sender being able to generate probe 394 messages with a specific size. TCP is able to generate probe packets 395 by choosing to appropriately segment data being sent [RFC4821]. 397 In contrast, a datagram PL that needs to construct a probe packet has 398 to either request an application to send a data block that is larger 399 than that generated by an application, or to utilise padding 400 functions to extend a datagram beyond the size of the application 401 data block. Protocols that permit exchange of control messages 402 (without an application data block) could alternatively prefer to 403 generate a probe packet by extending a control message with padding 404 data. 406 When the method fails to validate the PMTU for the path, it may be 407 required to send a probe packet with a size less than the size of the 408 data block generated by an application. In this case, the PL could 409 provide a way to fragment a datagram at the PL, or could instead 410 utilise a control packet with padding. 412 A receiver needs to be able to distinguish an in-band data block from 413 any added padding. This is needed to ensure that any added padding 414 is not passed on to an application at the receiver. 416 This results in three possible ways that a sender can create a probe 417 packet: 419 Probing using appication data: A probe packet that contains a data 420 block supplied by an application that matches the size required 421 for the probe. This method requests the application to issue a 422 data block of the desired probe size. If the application/ 423 transport needs protection from the loss of an unsuccessful probe 424 packet, the application/transport needs then to perform transport- 425 layer retransmission/repair of the data block (e.g., by 426 retransmission after loss is detected or by duplicating the data 427 block in a datagram without the padding). 429 Probing using appication data and padding data: A probe packet that 430 contains a data block supplied by an application that is combined 431 with padding to inflate the length of the datagram to the size 432 required for the probe. If the application/transport needs 433 protection from the loss of this probe packet, the application/ 434 transport may perform transport-layer retransmission/repair of the 435 data block (e.g., by retransmission after loss is detected or by 436 duplicating the data block in a datagram without the padding 437 data). 439 Probing using padding data: A probe packet that contains only control 440 information together with any padding needed to inflate the packet 441 to the size required for the probe. Since these probe packets do 442 not carry an application-supplied data block,they do not typically 443 require retransmission, although they do still consume network 444 capacity and incur endpoint processing. 446 A datagram PLPMTUD MAY choose to use only one of these methods to 447 simplify the implementation. 449 3.2. Validation of the current effective PMTU 451 The PL needs a method to determine when probe packets have been 452 successfully received end-to-end across a network path. 454 Transport protocols can include end-to-end methods that detect and 455 report reception of specific datagrams that they send (e.g., DCCP and 456 SCTP provide keep-alive/heartbeat features). When supported, this 457 mechanism SHOULD also be used by PLPMTUD to acknowledge reception of 458 a probe packet. 460 A PL that does not acknowledge data reception (e.g., UDP and UDP- 461 Lite) is unable to detect when the packets it sends are discarded 462 because their size is greater than the actual PMTUD. These PLs need 463 to either rely on an application protocol to detect this, or make use 464 of an additional transport method such as UDP-Options [I-D.ietf- 465 tsvwg-udp-options]. In addition, they might need to send 466 reachability probes (e.g., periodically solicit a response from the 467 destination) to determine whether the current effective PMTU is still 468 supported by the network path. 470 Section Section 4 specifies this function for a set of IETF-specified 471 protocols. 473 3.3. Reduction of the effective PMTU 475 When the current effective PMTU is no longer supported by the network 476 path, the transport needs to detect this and reduce the effective 477 PMTU. 479 o A PL that sends a datagram larger than the actual PMTU that 480 includes no application data block, or one that does not attempt 481 to provide any retransmission, can send a new probe packet with an 482 updated probe size. 484 o A PL that wishes to resend the application data block, could then 485 need to re-fragment the data block to a smaller packet size that 486 is expected to traverse the end-to-end path. This could utilise 487 network-layer or PL fragmentation when these are available. A 488 fragmented datagram MUST NOT be used as a probe packet (see 489 [RFC8201]). 491 A method can additionally utilise PTB messages to detect when the 492 actual PMTU supported by a network path is less than the current size 493 of datagrams (or probe messages) that are being sent. 495 4. Datagram Packetization Layer PMTUD 497 This section specifies Datagram PLPMTUD. 499 The central idea of PLPMTU discovery is probing by a sender. Probe 500 packets of increasing size are sent to find out the maximum size of a 501 user message that is completely transferred across the network path 502 from the sender to the destination. 504 4.1. Probing 506 The PLPMTUD method utilises a timer to trigger the generation of 507 probe packets. The probe_timer is started each time a probe packet 508 is sent to the destination and is cancelled when receipt of the probe 509 packet is acknowledged. 511 The PROBE_COUNT is initialised to zero when a probe packet is first 512 sent with a particular size. Each time the probe_timer expires, the 513 PROBE_COUNT is incremented, and a probe packet of the same size is 514 retransmitted. The maximum number of retransmissions per probing 515 size is configured (MAX_PROBES). If the value of the PROBE_COUNT 516 reaches MAX_PROBES, probing will be stopped and the last successfully 517 probed PMTU is set as the effective PMTU. 519 Once probing is completed, the sender continues to use the effective 520 PMTU until either a PTB message is received or the PMTU_RAISE_TIMER 521 expires. If the PL is unable to verify reachability to the 522 destination endpoint after probing has completed, the method uses a 523 REACHABILITY_TIMER to periodically repeat a probe packet for the 524 current effective PMTU size, while the PMTU_RAISE_TIMER is running. 525 If the resulting probe packet is not acknowledged (i.e. the 526 PROBE_TIMER expires), the method re-starts probing for the PMTU. 528 4.2. Verication and use of PTB messages 530 XXX A decision on SHOULD/MUST needs to be made XXX 532 A node that receives a PTB message from a router or middlebox, SHOULD 533 /MUST verify the PTB message. The node checks the protocol 534 information in the quoted payload to verify that the message 535 originated from the sending node. The node also checks that the 536 reported MTU size is less than the size used by packet probes. PTB 537 messages are discarded if they fail to pass these checks, or where 538 there is insufficient ICMP payload to perform these checks. The 539 checks are intended to provide protection from packets that originate 540 from a node that is not on the network path or a node that attempts 541 to report a larger MTU than the current probe size. 543 PTB messages that have been verified can be utilised by the DPLPMTUD 544 algorithm. A method that utilises these PTB messages can improve 545 performance compared to one that relies solely on probing. 547 4.3. Timers 549 This method utilises three timers: 551 PROBE_TIMER: Configured to expire after a period longer than the 552 maximum time to receive an acknowledgment to a probe packet. This 553 value MUST be larger than 1 second, and SHOULD be larger than 15 554 seconds. Guidance on selection of the timer value are provide in 555 section 3.1.1 of the UDP Usage Guidelines [RFC8085]. 557 PMTU_RAISE_TIMER: Configured to the period a sender ought to continue 558 use the current effective PMTU, after which it re-commences 559 probing for a higher PMTU. This timer has a period of 600 secs, as 560 recommended by PLPMTUD [RFC4821]. 562 REACHABILITY_TIMER: Configured to the period a sender ought to wait 563 before confirming the current effective PMTU is still supported. 564 This is less than the PMTU_RAISE_TIMER. 566 An application that needs to employ keep-alive messages to deliver 567 useful service over UDP SHOULD NOT transmit them more frequently 568 than once every 15 seconds and SHOULD use longer intervals when 569 possible. DPLPMTUD ought to suspend reachability probes when no 570 application data has been sent since the previous probe packet. 571 Guidance on selection of the timer value are provide in section 572 3.1.1 of the UDP Usage Guidelines[RFC8085]. 574 An implementation could implement the various timers using a single 575 timer process. 577 4.4. Constants 579 The following constants are defined: 581 MAX_PROBES: The maximum value of the PROBE_ERROR_COUNTER. The default 582 value of MAX_PROBES is 10. 584 MIN_PMTU: The smallest allowed probe packet size. This value is 1280 585 bytes, as specified in [RFC2460]. For IPv4, the minimum value is 586 68 bytes. (An IPv4 routed is required to be able to forward a 587 datagram of 68 octets without further fragmentation. This is the 588 combined size of an IPv4 header and the minimum fragment size of 8 589 octets.) 591 BASE_PMTU: The BASE_PMTU is a considered a size that ought to work in 592 most cases. The size is equal to or larger than the minimum 593 permitted and smaller than the maximum allowed. In the case of 594 IPv6, this value is 1280 bytes [RFC2460]. When using IPv4, a size 595 of 1200 is RECOMMENDED. 597 MAX_PMTU: The MAX_PMTU is the largest size of PMTU that is probed. 598 This has to be less than or equal to the minimum of the local MTU 599 of the outgoing interface and the destination effective MTU for 600 receiving. An application or PL may reduce this when it knows 601 there is no need to send packets above a specific size. 603 4.5. Variables 605 This method utilises a set of variables: 607 effective PMTU: The effective PMTU is the maximum size of datagram 608 that the method has currently determined can be supported along 609 the entire path. 611 PROBED_SIZE: The PROBED_SIZE is the size of the current probe packet. 612 This is a tentative value for the effective PMTU, which is 613 awaiting confirmation by an acknowledgment. 615 PROBE_COUNT: This is a count of the number of unsuccessful probe 616 packets that have been sent with size PROBED_SIZE. The value is 617 initialised to zero when a particular size of PROBED_SIZE is first 618 attempted. 620 PTB_SIZE: The PTB_Size is value returned by a verified PTB message 621 indicating the local MTU size of a router along the path. 623 4.6. State Machine 625 A state machine for Datagram PLPMTUD is depicted in Figure 1. If 626 multihoming is supported, a state machine is needed for each active 627 path. 629 PROBE_TIMER expiry 630 (PROBE_COUNT = MAX_PROBES) 631 +-------------+ +--------------+ 632 =->| PROBE_START |--------------->|PROBE_DISABLED| 633 PROBE_TIMER expiry | +-------------+ +--------------+ 634 (PROBE_COUNT = | | | 635 MAX_PROBES) ------- | Connectivity confirmed 636 v 637 ----------- +------------+ -- PROBE_TIMER expiry 638 MAX_PMTU acked | | PROBE_BASE | | (PROBE_COUNT < 639 PTB (>= BASE_PMTU)| -----> +------------+ <- MAX_PROBES) 640 ---------------- | /\ | | 641 | | | | | PTB 642 | PMTU_RAISE_TIMER| | | | (PTB_SIZE < BASE_PMTU) 643 | or reachability | | | | or 644 | (PROBE_COUNT | | | | PROBE_TIMER expiry 645 | = MAX_PROBES) | | | | (PROBE_COUNT = MAX_PROBES) 646 | ------------- | | \ 647 | | PTB | | \ 648 | | (< PROBED_SIZE)| | \ 649 | | | | ---------------- 650 | | | | | 651 | | | | Probe | 652 | | | | acked | 653 v | | v v 654 +------------+ +--------------+ Probe +-------------+ 655 | PROBE_DONE |<-------------- | PROBE_SEARCH |<-------| PROBE_ERROR | 656 +------------+ MAX_PMTU acked +--------------+ acked +-------------+ 657 /\ | or /\ | 658 | | PROBE_TIMER expiry | | 659 | |(PROBE_COUNT = MAX_PROBES) | | 660 | | | | 661 ------ -------- 662 Reachability probe acked PROBE_TIMER expiry 663 or PROBE_TIMER expiry (PROBE_COUNT < MAX_PROBES) 664 (PROBE_COUNT < MAX_PROBES) or 665 Probe acked 667 The following states are defined to reflect the probing process: 669 PROBE_START: The PROBE_START state is the initial state before 670 probing has started. PLPMTUD is not performed in this state. The 671 state transitions to PROBE_BASE, when a path has been confirmed, 672 i.e. when a sent packet has been acknowledged on this path. The 673 effective PMTU is set to the BASE_PMTU size. Probing ought to 674 start immediately after connection setup to prevent the loss of 675 user data. 677 PROBE_BASE: The PROBE_BASE state is the starting point for probing 678 with datagram PLPMTUD. It is used to confirm whether the BASE_PMTU 679 size is supported by the network path. On entry, the PROBED_SIZE 680 is set to the BASE_PMTU size and the PROBE_COUNT is set to zero. 681 A probe packet is sent, and the PROBE_TIMER is started. The state 682 is left when the PROBE_COUNT reaches MAX_PROBES; a PTB message is 683 verified, or a probe packet is acknowledged. 685 PROBE_SEARCH: The PROBE_SEARCH state is the main probing state. This 686 state is entered either when probing for the BASE_PMTU was 687 successful or when there is a successful reachability test in the 688 PROBE_ERROR state. On entry, the effective PMTU is set to the 689 last acknowledged PROBED_SIZE. 691 On the first probe packet for each probed size, the PROBE_COUNT is 692 set to zero. Each time a probe packet is acknowledged, the 693 effective PMTU is set to the PROBED_SIZE, and then the PROBED_SIZE 694 is increased. When a probe packet is not acknowledged within the 695 period of the PROBE_TIMER, the PROBE_COUNT is incremented and the 696 probe packet is retransmitted. The state is exited when the 697 PROBE_COUNT reaches MAX_PROBES; a PTB message is verified; or a 698 probe of size PMTU_MAX is acknowledged. 700 PROBE_ERROR: The PROBE_ERROR state represents the case where the 701 network path is not known to support an effective PMTU of at least 702 the BASE_PMTU size. It is entered when either a probe of size 703 BASE_PMTU has not been acknowledged or a verified PTB message 704 indicates a smaller link MTU than the BASE_PMTU. On entry, the 705 PROBE_COUNT is set to zero and the PROBED_SIZE is set to the 706 MIN_PMTU size, and the effective PMTU is reset to MIN_PMTU size. 707 In this state, a probe packet is sent, and the PROBE_TIMER is 708 started. The state transitions to the PROBE_SEARCH state when a 709 probe packet is acknowledged. 711 PROBE_DONE: The PROBE_DONE state indicates a successful end to a 712 probing phase. Datagram PLPMTUD remains in this state until 713 either the PMTU_RAISE_TIMER expires or a PTB message is verified. 715 When PLPMTUD uses an unacknowledged PL and is in the PROBE_DONE 716 state, a REACHABILITY_TIMER periodically resets the PROBE_COUNT 717 and schedules a probe packet with the size of the effective PMTU. 718 If the probe packet fails to be acknowledged after MAX_PROBES 719 attempts, the method enters the PROBE_BASE state. When used with 720 an acknowledged PL (e.g., SCTP), DPLPMTUD SHOULD NOT continue to 721 probe in this state. 723 PROBE_DISABLED: The PROBE_DISABLED state indicates that connectivity 724 could not be established. DPLPMTUD MUST NOT probe in this state. 726 Appendix Appendix A contains an informative description of key 727 events. 729 5. Specification of Protocol-Specific Methods 730 This section specifies protocol-specific details for datagram PLPMTUD 731 for IETF-specified transports. 733 5.1. DPLPMTUD for UDP and UDP-Lite 735 The current specifications of UDP [RFC0768] and UDP-LIte [RFC3828] do 736 not define a method in the RFC-series that supports PLPMTUD. In 737 particular, these transports do not provide the transport layer 738 features needed to implement datagram PLPMTUD, and any support for 739 Datagram PLPMTUD would therefore need to rely on higher-layer 740 protocol features [RFC8085]. 742 5.1.1. UDP Options 744 UDP-Options [I-D.ietf-tsvwg-udp-options] supply the additional 745 functionality required to implement datagram PLPMTUD. This enables 746 padding to be added to UDP datagrams and can be used to provide 747 feedback acknowledgement of received probe packets. 749 5.1.2. UDP Options required for PLPMTUD 751 This subsection proposes two new UDP-Options that add support for 752 requesting a datagram response be sent and to mark this datagram as a 753 response to a request. 755 XXX << Future versions of the spec may define a parameter in an 756 Option to indicate the EMTU_R to the peer.>> 758 5.1.2.1. Echo Request Option 760 The Echo Request Option allows a sending endpoint to solicit a 761 response from a destination endpoint. 763 The Echo Request carries a four byte token set by the sender. This 764 token can be set to a value that is likely to be known only to the 765 sender (and becomes known to nodes along the end-to-end path). The 766 sender can then check the value returned in the response to provide 767 additional protection from off-path insertion of data [RFC8085]. 769 +---------+--------+-----------------+ 770 | Kind=9 | Len=6 | Token | 771 +---------+--------+-----------------+ 772 1 byte 1 byte 4 bytes 774 5.1.2.2. Echo Response Option 776 The Echo Response Option is generated by the PL in response to 777 reception of a previously received Echo Request. The Token field 778 associates the response with the Token value carried in the most 779 recently-received Echo Request. The rate of generation of UDP 780 packets carrying an Echo Response Option MAY be rate-limited. 782 +---------+--------+-----------------+ 783 | Kind=10 | Len=6 | Token | 784 +---------+--------+-----------------+ 785 1 byte 1 byte 4 bytes 787 5.1.3. Sending UDP-Option Probe Packets 789 This method specifies a probe packet that does not carry an 790 application data block. The probe packet consists of a UDP datagram 791 header followed by a UDP Option containing the ECHOREQ option, which 792 is followed by NOP Options to pad the remainder of the datagram 793 payload to the probe size. NOP padding is used to control the length 794 of the probe packet. 796 A UDP Option carrying the ECHORES option is used to provide feedback 797 when a probe packet is received at the destination endpoint. 799 5.1.4. Validating the Path with UDP Options 801 Since UDP is an unacknowledged PL, a sender that does not have 802 higher-layer information confirming correct delivery of datagrams 803 SHOULD implement the REACHABILITY_TIMER to periodically send probe 804 packets while in the PROBE_DONE state. 806 5.1.5. Handling of PTB Messages by UDP 808 Normal ICMP verification MUST be performed as specified in Section 809 5.2 of [RFC8085]. This requires that the PL verifies each received 810 PTB messages to verify these are received in response to transmitted 811 traffic and that the reported LInk MTU is less than the current probe 812 size. A verified PTB message MAY be used as input to the PLPMTUD 813 algorithm. 815 5.2. DPLPMTUD for SCTP 817 Section 10.2 of [RFC4821] specifies a recommended PLPMTUD probing 818 method for SCTP. It recommends the use of the PAD chunk, defined in 819 [RFC4820] to be attached to a minimum length HEARTBEAT chunk to build 820 a probe packet. This enables probing without affecting the transfer 821 of user messages and without interfering with congestion control. 822 This is preferred to using DATA chunks (with padding as required) as 823 path probes. 825 XXX << Future versions of this specification might define a parameter 826 contained in the INIT and INIT ACK chunk to indicate the MTU to the 827 peer. However, multihoming makes this a bit complex, so it might not 828 be worth doing.>> 830 5.2.1. SCTP/IP4 and SCTP/IPv6 832 The base protocol is specified in [RFC4960]. 834 5.2.1.1. Sending SCTP Probe Packets 836 Probe packets consist of an SCTP common header followed by a 837 HEARTBEAT chunk and a PAD chunk. The PAD chunk is used to control 838 the length of the probe packet. The HEARTBEAT chunk is used to 839 trigger the sending of a HEARTBEAT ACK chunk. The reception of the 840 HEARTBEAT ACK chunk acknowledges reception of a successful probe. 842 The HEARTBEAT chunk carries a Heartbeat Information parameter which 843 should include, besides the information suggested in [RFC4960], the 844 probing size, which is the MTU size the complete datagram will add up 845 to. The size of the PAD chunk is therefore computed by reducing the 846 probing size by the IPv4 or IPv6 header size, the SCTP common header, 847 the HEARTBEAT request and the PAD chunk header. The payload of the 848 PAD chunk contains arbitrary data. 850 To avoid fragmentation of retransmitted data, probing starts right 851 after the handshake, before data is sent. Assuming normal behaviour 852 (i.e., the PMTU is smaller than or equal to the interface MTU), this 853 process will take a few round trip time periods depending on the 854 number of PMTU sizes probed. The Heartbeat timer can be used to 855 implement the PROBE_TIMER. 857 5.2.1.2. Validating the Path with SCTP 859 Since SCTP provides an acknowledged PL, a sender does MUST NOT 860 implement the REACHABILITY_TIMER while in the PROBE_DONE state. 862 5.2.1.3. PTB Message Handling by SCTP 864 Normal ICMP verification MUST be performed as specified in Appendix C 865 of [RFC4960]. This requires that the first 8 bytes of the SCTP 866 common header are quoted in the payload of the PTB message, which can 867 be the case for ICMPv4 and is normally the case for ICMPv6. 869 When a PTB mesage has been verified, the router Link MTU indicated in 870 the PTB message SHOULD be used with the PLPMTUD algorithm, providing 871 that the reported Link MTU is less than the current probe size. 873 5.2.2. DPLPMTUD for SCTP/UDP 875 The UDP encapsulation of SCTP is specified in [RFC6951]. 877 5.2.2.1. Sending SCTP/UDP Probe Packets 879 Packet probing can be performed as specified in Section 5.2.1.1. The 880 maximum payload is reduced by 8 bytes, which has to be considered 881 when filling the PAD chunk. 883 5.2.2.2. Validating the Path with SCTP/UDP 884 Since SCTP provides an acknowledged PL, a sender does MUST NOT 885 implement the REACHABILITY_TIMER while in the PROBE_DONE state. 887 5.2.2.3. Handling of PTB Messages by SCTP/UDP 889 Normal ICMP verification MUST be performed for PTB messages as 890 specified in Appendix C of [RFC4960]. This requires that the first 8 891 bytes of the SCTP common header are contained in the PTB message, 892 which can be the case for ICMPv4 (but note the UDP header also 893 consumes a part of the quoted packet header) and is normally the case 894 for ICMPv6. When the verification is completed, the router Link MTU 895 size indicated in the PTB message SHOULD be used with the PLPMTUD 896 algorithm providing that the reported LInk MTU is less than the 897 current probe size. 899 5.2.3. DPLPMTUD for SCTP/DTLS 901 The Datagram Transport Layer Security (DTLS) encapsulation of SCTP is 902 specified in [I-D.ietf-tsvwg-sctp-dtls-encaps]. It is used for data 903 channels in WebRTC implementations. 905 5.2.3.1. Sending SCTP/DTLS Probe Packets 907 Packet probing can be done as specified in Section 5.2.1.1. 909 5.2.3.2. Validating the Path with SCTP/DTLS 911 Since SCTP provides an acknowledged PL, a sender does MUST NOT 912 implement the REACHABILITY_TIMER while in the PROBE_DONE state. 914 5.2.3.3. Handling of PTB Messages by SCTP/DTLS 916 It is not possible to perform normal ICMP verification as specified 917 in [RFC4960], since even if the ICMP message payload contains 918 sufficient information, the reflected SCTP common header would be 919 encrypted. Therefore it is not possible to process PTB messages at 920 the PL. 922 5.3. Other IETF Transports 924 Quick UDP Internet Connection (QUIC( is a UDP-based transport that 925 provides reception feedback [I-D.ietf-quic-transport]. 927 XXX << This section will be completed in a future revision of this ID 928 >> 930 5.4. DPLPMTUD by Applications 932 Applications that use the Datagram API (e.g., applications built 933 directly or indirectly on UDP) can implement DPLPMTUD. Some 934 primitives used by DPLPMTUD might not be available via this interface 935 (e.g., the ability to access the PMTU cache, or interpret received 936 ICMP PTB messages). 938 In addition, it is important that PMTUD is not performed by multiple 939 protocol layers. 941 XXX << This section will be completed in a future revision of this ID 942 >> 944 6. Acknowledgements 946 This work was partially funded by the European Union's Horizon 2020 947 research and innovation programme under grant agreement No. 644334 948 (NEAT). The views expressed are solely those of the author(s). 950 7. IANA Considerations 952 This memo includes no request to IANA. 954 XXX << If new UDP Options are specified in this document, a request 955 to IANA will be included here.>> 957 If there are no requirements for IANA, the section will be removed 958 during conversion into an RFC by the RFC Editor. 960 8. Security Considerations 962 The security considerations for the use of UDP and SCTP are provided 963 in the references RFCs. Security guidance for applications using UDP 964 is provided in the UDP-Guidelines [RFC8085]. 966 PTB messages could potentially be used to cause a node to 967 inappropriately reduce the effective PMTU. A node supporting PLPMTUD 968 SHOULD/MUST appropriately verify the payload of PTB messages to 969 ensure these are received in response to transmitted traffic (i.e., a 970 reported error condition that corresponds to a datagram actually sent 971 by the path layer. 973 XXX Determine if parallel forwarding paths needs to be considred XXX 975 A node performing PLPMTUD could experience conflicting information 976 about the size of supported probe packets. This could occur when 977 there are multiple paths are concurrently in use and these exhibit a 978 different PMTU. If not considered, this could result in data being 979 blackholed when the effective PMTU is larger than the smallest PMTU 980 across the current paths. 982 9. References 984 9.1. Normative References 986 [I-D.ietf-quic-transport] 987 Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed 988 and Secure Transport", Internet-Draft draft-ietf-quic- 989 transport-04, June 2017. 991 [I-D.ietf-tsvwg-sctp-dtls-encaps] 992 Tuexen, M., Stewart, R., Jesup, R. and S. Loreto, "DTLS 993 Encapsulation of SCTP Packets", Internet-Draft draft-ietf- 994 tsvwg-sctp-dtls-encaps-09, January 2015. 996 [I-D.ietf-tsvwg-udp-options] 997 Touch, J., "Transport Options for UDP", Internet-Draft 998 draft-ietf-tsvwg-udp-options-01, June 2017. 1000 [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI 1001 10.17487/RFC0768, August 1980, . 1004 [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, 1005 RFC 792, DOI 10.17487/RFC0792, September 1981, . 1008 [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - 1009 Communication Layers", STD 3, RFC 1122, DOI 10.17487/ 1010 RFC1122, October 1989, . 1013 [RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers", 1014 RFC 1812, DOI 10.17487/RFC1812, June 1995, . 1017 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1018 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 1019 RFC2119, March 1997, . 1022 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1023 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, 1024 December 1998, . 1026 [RFC3828] Larzon, L-A., Degermark, M., Pink, S., Jonsson, L-E.Ed., 1027 and G. Fairhurst, Ed., "The Lightweight User Datagram 1028 Protocol (UDP-Lite)", RFC 3828, DOI 10.17487/RFC3828, July 1029 2004, . 1031 [RFC4820] Tuexen, M., Stewart, R. and P. Lei, "Padding Chunk and 1032 Parameter for the Stream Control Transmission Protocol 1033 (SCTP)", RFC 4820, DOI 10.17487/RFC4820, March 2007, 1034 . 1036 [RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", 1037 RFC 4960, DOI 10.17487/RFC4960, September 2007, . 1040 [RFC6951] Tuexen, M. and R. Stewart, "UDP Encapsulation of Stream 1041 Control Transmission Protocol (SCTP) Packets for End-Host 1042 to End-Host Communication", RFC 6951, DOI 10.17487/ 1043 RFC6951, May 2013, . 1046 [RFC8085] Eggert, L., Fairhurst, G. and G. Shepherd, "UDP Usage 1047 Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, 1048 March 2017, . 1050 [RFC8201] McCann, J., Deering, S., Mogul, J. and R. Hinden, Ed., 1051 "Path MTU Discovery for IP version 6", STD 87, RFC 8201, 1052 DOI 10.17487/RFC8201, July 2017, . 1055 9.2. Informative References 1057 [RFC1191] Mogul, J.C. and S.E. Deering, "Path MTU discovery", RFC 1058 1191, DOI 10.17487/RFC1191, November 1990, . 1061 [RFC2923] Lahey, K., "TCP Problems with Path MTU Discovery", RFC 1062 2923, DOI 10.17487/RFC2923, September 2000, . 1065 [RFC4340] Kohler, E., Handley, M. and S. Floyd, "Datagram Congestion 1066 Control Protocol (DCCP)", RFC 4340, DOI 10.17487/RFC4340, 1067 March 2006, . 1069 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 1070 Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, 1071 . 1073 [RFC4890] Davies, E. and J. Mohacsi, "Recommendations for Filtering 1074 ICMPv6 Messages in Firewalls", RFC 4890, DOI 10.17487/ 1075 RFC4890, May 2007, . 1078 Appendix A. Event-driven state changes 1080 This appendix contains an informative description of key events: 1082 Path Setup: When a new path is initiated, the state is set to 1083 PROBE_START. As soon as the path is confirmed, the state changes 1084 to PROBE_BASE and the probing mechanism for this path is started. 1085 A probe packet with the size of the BASE_PMTU is sent. 1087 Arrival of an Acknowledgment: Depending on the probing state, the 1088 reaction differs according to Figure 4, which is just a 1089 simplification of Figure 1 focusing on this event. 1091 +--------------+ +----------------+ 1092 | PROBE_START | --3------------------------------->| PROBE_DISABLED | 1093 +--------------+ --4-----------\ +----------------+ 1094 \ 1095 +--------------+ \ 1096 | PROBE_ERROR | --------------- \ 1097 +--------------+ \ \ 1098 \ \ 1099 +--------------+ \ \ +--------------+ 1100 | PROBE_BASE | --1---------- \ ------------> | PROBE_BASE | 1101 +--------------+ --2----- \ \ +--------------+ 1102 \ \ \ 1103 +--------------+ \ \ ------------> +--------------+ 1104 | PROBE_SEARCH | --2--- \ -----------------> | PROBE_SEARCH | 1105 +--------------+ --1---\----\---------------------> +--------------+ 1106 \ \ 1107 +--------------+ \ \ +--------------+ 1108 | PROBE_DONE | \ -------------------> | PROBE_DONE | 1109 +--------------+ -----------------------> +--------------+ 1111 Condition 1: The maximum PMTU size has not yet been reached. 1112 Condition 2: The maximum PMTU size has been reached. Conition 3: 1113 Probe Timer expires and PROBE_COUNT = MAX_PROBEs. Condition 4: 1114 PROBE_ACK received. 1116 Probing timeout: The PROBE_COUNT is initialised to zero each time the 1117 value of PROBED_SIZE is changed. The PROBE_TIMER is started each 1118 time a probe packet is sent. It is stopped when an acknowledgment 1119 arrives that confirms delivery of a probe packet. If the probe 1120 packet is not acknowledged before,the PROBE_TIMER expires, the 1121 PROBE_ERROR_COUNTER is incremented. When the PROBE_COUNT equals 1122 the value MAX_PROBES, the state is changed, otherwise a new probe 1123 packet of the same size (PROBED_SIZE) is resent. The state 1124 transitions are illustrated in Figure 5. This shows a 1125 simplification of Figure 1 with a focus only on this event. 1127 +--------------+ +----------------+ 1128 | PROBE_START |----------------------------------->| PROBE_DISABLED | 1129 +--------------+ +----------------+ 1131 +--------------+ +--------------+ 1132 | PROBE_ERROR | -----------------> | PROBE_ERROR | 1133 +--------------+ / +--------------+ 1134 / 1135 +--------------+ --2----------/ +--------------+ 1136 | PROBE_BASE | --1------------------------------> | PROBE_BASE | 1137 +--------------+ +--------------+ 1139 +--------------+ +--------------+ 1140 | PROBE_SEARCH | --1------------------------------> | PROBE_SEARCH | 1141 +--------------+ --2--------- +--------------+ 1142 \ 1143 +--------------+ \ +--------------+ 1144 | PROBE_DONE | -------------------> | PROBE_DONE | 1145 +--------------+ +--------------+ 1147 Condition 1: The maximum number of probe packets has not been 1148 reached. Condition 2: The maximum number of probe packets has been 1149 reached. 1151 PMTU raise timer timeout: The path through the network can change 1152 over time. It impossible to discover whether a path change has 1153 increased in the actual PMTU by exchanging packets less than or 1154 equal to the effective PMTU. This requires PLPMTUD to periodically 1155 send a probe packet to detect whether a larger PMTU is possible. 1156 This probe packet is generated by the PMTU_RAISE_TIMER. When the 1157 timer expires, probing is restarted with the BASE_PMTU and the 1158 state is changed to PROBE_BASE. 1160 Arrival of an ICMP message: The active probing of the path can be 1161 supported by the arrival of PTB messages sent by routers or 1162 middleboxes with a link MTU that is smaller than the probe packet 1163 size. If the PTB message includes the router link MTU, three 1164 cases can be distinguished: 1166 1. The indicated link MTU in the PTB message is between the 1167 already probed and effective MTU and the probe that triggered 1168 the PTB message. 1170 2. The indicated link MTU in the PTB message is smaller than the 1171 effective PMTU. 1173 3. The indicated link MTU in the PTB message is equal to the 1174 BASE_PMTU. 1176 In first case, the PROBE_BASE state transitions to the PROBE_ERROR 1177 state. In the PROBE_SEARCH state, a new probe packet is sent with 1178 the sized reported by the PTB message. Its result is handled 1179 according to the former events. 1181 The second case could be a result of a network re-configuration. 1182 If the reported link MTU in the PTB message is greater than the 1183 BASE_MTU, the probing starts again with a value of PROBE_BASE. 1184 Otherwise, the method enters the state PROBE_ERROR. 1186 In the third case, the maximum possible PMTU has been reached. 1187 This is probed again, because there could be a link further along 1188 the path with a still smaller MTU. 1190 Note: Not all routers include the link MTU size when they send a 1191 PTB message. If the PTB message does not indicate the link MTU, 1192 the probe is handled in the same way as condition 2 of Figure 5. 1194 Appendix B. Revision Notes 1196 Note to RFC-Editor: please remove this entire section prior to 1197 publication. 1199 Individual draft -00: 1201 o Comments and corrections are welcome directly to the authors or 1202 via the IETF TSVWG working group mailing list. 1204 o This update is proposed for WG comments. 1206 Individual draft -01: 1208 o Contains the first representation of the algorithm, showing the 1209 states and timers 1211 o This update is proposed for WG comments. 1213 Individual draft -02: 1215 o Contains updated representation of the algorithm, and textual 1216 corrections. 1218 o The text describing when to set the effective PMTU has not yet 1219 been verified by the authors 1221 o To determine security to off-path-attacks: We need to decide 1222 whether a received PTB message SHOULD/MUST be verified? The text 1223 on how to handle a PTB message indicating a link MTU larger than 1224 the probe has yet not been verified by the authors 1226 o No text currently describes how to handle inconsistent results 1227 from arbitrary re-routing along different parallel paths 1229 o This update is proposed for WG comments. 1231 Authors' Addresses 1233 Godred Fairhurst 1234 University of Aberdeen 1235 School of Engineering 1236 Fraser Noble Building 1237 Aberdeen, AB24 3U 1238 UK 1240 Email: gorry@erg.abdn.ac.uk 1242 Tom Jones 1243 University of Aberdeen 1244 School of Engineering 1245 Fraser Noble Building 1246 Aberdeen, AB24 3U 1247 UK 1249 Email: tom@erg.abdn.ac.uk 1251 Michael Tuexen 1252 Muenster University of Applied Sciences 1253 Stegerwaldstrasse 39 1254 Stein fart, 48565 1255 DE 1257 Email: tuexen@fh-muenster.de 1259 Irene Ruengeler 1260 Muenster University of Applied Sciences 1261 Stegerwaldstrasse 39 1262 Stein fart, 48565 1263 DE 1265 Email: i.ruengeler@fh-muenster.de