idnits 2.17.1 draft-ietf-6man-rfc1981bis-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 187 has weird spacing: '...scovery proce...' == Line 722 has weird spacing: '...ent bit the...' == Line 724 has weird spacing: '...cussion sel...' == Line 727 has weird spacing: '...essages all...' == Line 730 has weird spacing: '... tables not...' == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (May 27, 2017) is 2488 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-6man-rfc2460bis' -- Obsolete informational reference (is this intentional?): RFC 1981 (Obsoleted by RFC 8201) -- Obsolete informational reference (is this intentional?): RFC 4960 (Obsoleted by RFC 9260) -- Obsolete informational reference (is this intentional?): RFC 6691 (Obsoleted by RFC 9293) Summary: 0 errors (**), 0 flaws (~~), 7 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. McCann 3 Internet-Draft Digital Equipment Corporation 4 Obsoletes: 1981 (if approved) S. Deering 5 Intended status: Standards Track Retired 6 Expires: November 28, 2017 J. Mogul 7 Digital Equipment Corporation 8 R. Hinden, Ed. 9 Check Point Software 10 May 27, 2017 12 Path MTU Discovery for IP version 6 13 draft-ietf-6man-rfc1981bis-08 15 Abstract 17 This document describes Path MTU Discovery for IP version 6. It is 18 largely derived from RFC 1191, which describes Path MTU Discovery for 19 IP version 4. It obsoletes RFC1981. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on November 28, 2017. 38 Copyright Notice 40 Copyright (c) 2017 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 This document may contain material from IETF Documents or IETF 54 Contributions published or made publicly available before November 55 10, 2008. The person(s) controlling the copyright in some of this 56 material may not have granted the IETF Trust the right to allow 57 modifications of such material outside the IETF Standards Process. 58 Without obtaining an adequate license from the person(s) controlling 59 the copyright in such materials, this document may not be modified 60 outside the IETF Standards Process, and derivative works of it may 61 not be created outside the IETF Standards Process, except to format 62 it for publication as an RFC or to translate it into languages other 63 than English. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 69 3. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 5 70 4. Protocol Requirements . . . . . . . . . . . . . . . . . . . . 6 71 5. Implementation Issues . . . . . . . . . . . . . . . . . . . . 7 72 5.1. Layering . . . . . . . . . . . . . . . . . . . . . . . . 7 73 5.2. Storing PMTU information . . . . . . . . . . . . . . . . 8 74 5.3. Purging stale PMTU information . . . . . . . . . . . . . 10 75 5.4. Packetization layer actions . . . . . . . . . . . . . . . 11 76 5.5. Issues for other transport protocols . . . . . . . . . . 12 77 5.6. Management interface . . . . . . . . . . . . . . . . . . 12 78 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 79 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 80 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 81 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 82 9.1. Normative References . . . . . . . . . . . . . . . . . . 14 83 9.2. Informative References . . . . . . . . . . . . . . . . . 14 84 Appendix A. Comparison to RFC 1191 . . . . . . . . . . . . . . . 15 85 Appendix B. Changes Since RFC 1981 . . . . . . . . . . . . . . . 16 86 B.1. Change History Since RFC1981 . . . . . . . . . . . . . . 17 87 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 89 1. Introduction 91 When one IPv6 node has a large amount of data to send to another 92 node, the data is transmitted in a series of IPv6 packets. These 93 packets can have a size less than or equal to the Path MTU (PMTU). 94 Alternatively, they can be larger packets that are fragmented into a 95 series of fragments each with a size less than or equal to the PMTU. 97 It is usually preferable that these packets be of the largest size 98 that can successfully traverse the path from the source node to the 99 destination node without the need for IPv6 fragmentation. This 100 packet size is referred to as the Path MTU, and it is equal to the 101 minimum link MTU of all the links in a path. This document defines a 102 standard mechanism for a node to discover the PMTU of an arbitrary 103 path. 105 IPv6 nodes should implement Path MTU Discovery in order to discover 106 and take advantage of paths with PMTU greater than the IPv6 minimum 107 link MTU [I-D.ietf-6man-rfc2460bis]. A minimal IPv6 implementation 108 (e.g., in a boot ROM) may choose to omit implementation of Path MTU 109 Discovery. 111 Nodes not implementing Path MTU Discovery must use the IPv6 minimum 112 link MTU defined in [I-D.ietf-6man-rfc2460bis] as the maximum packet 113 size. In most cases, this will result in the use of smaller packets 114 than necessary, because most paths have a PMTU greater than the IPv6 115 minimum link MTU. A node sending packets much smaller than the Path 116 MTU allows is wasting network resources and probably getting 117 suboptimal throughput. 119 Nodes implementing Path MTU Discovery and sending packets larger than 120 the IPv6 minimum link MTU are susceptible to problematic connectivity 121 if ICMPv6 [ICMPv6] messages are blocked or not transmitted. For 122 example, this will result in connections that complete the TCP three- 123 way handshake correctly but then hang when data is transferred. This 124 state is referred to as a black hole connection [RFC2923]. Path MTU 125 Discovery relies on ICMPv6 Packet Too Big (PTB) to determine the MTU 126 of the path. 128 An extension to Path MTU Discovery defined in this document can be 129 found in [RFC4821]. RFC4821 defines a method for Packetization Layer 130 Path MTU Discovery (PLPMTUD) designed for use over paths where 131 delivery of ICMPv6 messages to a host is not assured. 133 Note: This document is an update to [RFC1981] that was published 134 prior to [RFC2119] being published. Consequently although RFC1981 135 used the "should/must" style language in upper and lower case, this 136 document does not cite the RFC2119 definitions and only uses lower 137 case for these words. 139 2. Terminology 141 node a device that implements IPv6. 143 router a node that forwards IPv6 packets not explicitly 144 addressed to itself. 146 host any node that is not a router. 148 upper layer a protocol layer immediately above IPv6. 149 Examples are transport protocols such as TCP and 150 UDP, control protocols such as ICMPv6, routing 151 protocols such as OSPF, and internet or lower- 152 layer protocols being "tunneled" over (i.e., 153 encapsulated in) IPv6 such as IPX, AppleTalk, or 154 IPv6 itself. 156 link a communication facility or medium over which 157 nodes can communicate at the link layer, i.e., 158 the layer immediately below IPv6. Examples are 159 Ethernets (simple or bridged); PPP links; X.25, 160 Frame Relay, or ATM networks; and internet (or 161 higher) layer "tunnels", such as tunnels over 162 IPv4 or IPv6 itself. 164 interface a node's attachment to a link. 166 address an IPv6-layer identifier for an interface or a 167 set of interfaces. 169 packet an IPv6 header plus payload. The packet can have 170 a size less than or equal to the PMTU. 171 Alternatively, this can be a larger packet that 172 is fragmented into a series of fragments each 173 with a size less than or equal to the PMTU. 175 link MTU the maximum transmission unit, i.e., maximum 176 packet size in octets, that can be conveyed in 177 one piece over a link. 179 path the set of links traversed by a packet between a 180 source node and a destination node. 182 path MTU the minimum link MTU of all the links in a path 183 between a source node and a destination node. 185 PMTU path MTU 187 Path MTU Discovery process by which a node learns the PMTU of a path 189 EMTU_S Effective MTU for sending, used by upper layer 190 protocols to limit the size of IP packets they 191 queue for sending [RFC6691] [RFC1122]. 193 EMTU_R Effective MTU for receiving, the largest packet 194 that can be reassembled at the receiver 195 [RFC1122]. 197 flow a sequence of packets sent from a particular 198 source to a particular (unicast or multicast) 199 destination for which the source desires special 200 handling by the intervening routers. 202 flow id a combination of a source address and a non-zero 203 flow label. 205 3. Protocol Overview 207 This memo describes a technique to dynamically discover the PMTU of a 208 path. The basic idea is that a source node initially assumes that 209 the PMTU of a path is the (known) MTU of the first hop in the path. 210 If any of the packets sent on that path are too large to be forwarded 211 by some node along the path, that node will discard them and return 212 ICMPv6 Packet Too Big messages. Upon receipt of such a message, the 213 source node reduces its assumed PMTU for the path based on the MTU of 214 the constricting hop as reported in the Packet Too Big message. The 215 decreased PMTU causes the source to send smaller packets or change 216 EMTU_S to cause upper layer to reduce the size of IP packets it 217 sends. 219 The Path MTU Discovery process ends when the source node's estimate 220 of the PMTU is less than or equal to the actual PMTU. Note that 221 several iterations of the packet-sent/Packet-Too-Big-message-received 222 cycle may occur before the Path MTU Discovery process ends, as there 223 may be links with smaller MTUs further along the path. 225 Alternatively, the node may elect to end the discovery process by 226 ceasing to send packets larger than the IPv6 minimum link MTU. 228 The PMTU of a path may change over time, due to changes in the 229 routing topology. Reductions of the PMTU are detected by Packet Too 230 Big messages. To detect increases in a path's PMTU, a node 231 periodically increases its assumed PMTU. This will almost always 232 result in packets being discarded and Packet Too Big messages being 233 generated, because in most cases the PMTU of the path will not have 234 changed. Therefore, attempts to detect increases in a path's PMTU 235 should be done infrequently. 237 Path MTU Discovery supports multicast as well as unicast 238 destinations. In the case of a multicast destination, copies of a 239 packet may traverse many different paths to many different nodes. 240 Each path may have a different PMTU, and a single multicast packet 241 may result in multiple Packet Too Big messages, each reporting a 242 different next-hop MTU. The minimum PMTU value across the set of 243 paths in use determines the size of subsequent packets sent to the 244 multicast destination. 246 Note that Path MTU Discovery must be performed even in cases where a 247 node "thinks" a destination is attached to the same link as itself, 248 it might have a PMTU lower than the link MTU. In a situation such as 249 when a neighboring router acts as proxy [ND] for some destination, 250 the destination can appear to be directly connected but it is in fact 251 more than one hop away. 253 4. Protocol Requirements 255 As discussed in Section 1, IPv6 nodes are not required to implement 256 Path MTU Discovery. The requirements in this section apply only to 257 those implementations that include Path MTU Discovery. 259 Nodes should appropriately validate the payload of ICMPv6 PTB 260 messages to ensure these are received in response to transmitted 261 traffic (i.e., a reported error condition that corresponds to an IPv6 262 packet actually sent by the application) per [ICMPv6]. 264 If a node receives a Packet Too Big message reporting a next-hop MTU 265 that is less than the IPv6 minimum link MTU, it must discard it. A 266 node must not reduce its estimate of the Path MTU below the IPv6 267 minimum link MTU on receipt of an Packet Too Big message. 269 When a node receives a Packet Too Big message, it must reduce its 270 estimate of the PMTU for the relevant path, based on the value of the 271 MTU field in the message. The precise behavior of a node in this 272 circumstance is not specified, since different applications may have 273 different requirements, and since different implementation 274 architectures may favor different strategies. 276 After receiving a Packet Too Big message, a node must attempt to 277 avoid eliciting more such messages in the near future. The node must 278 reduce the size of the packets it is sending along the path. Using a 279 PMTU estimate larger than the IPv6 minimum link MTU may continue to 280 elicit Packet Too Big messages. Because each of these messages (and 281 the dropped packets they respond to) consume network resources, Nodes 282 using Path MTU Discovery must detect decreases in PMTU as fast as 283 possible. 285 Nodes may detect increases in PMTU, but because doing so requires 286 sending packets larger than the current estimated PMTU, and because 287 the likelihood is that the PMTU will not have increased, this must be 288 done at infrequent intervals. An attempt to detect an increase (by 289 sending a packet larger than the current estimate) must not be done 290 less than 5 minutes after a Packet Too Big message has been received 291 for the given path. The recommended setting for this timer is twice 292 its minimum value (10 minutes). 294 A node must not increase its estimate of the Path MTU in response to 295 the contents of a Packet Too Big message. A message purporting to 296 announce an increase in the Path MTU might be a stale packet that has 297 been floating around in the network, a false packet injected as part 298 of a denial-of-service attack, or the result of having multiple paths 299 to the destination, each with a different PMTU. 301 5. Implementation Issues 303 This section discusses a number of issues related to the 304 implementation of Path MTU Discovery. This is not a specification, 305 but rather a set of notes provided as an aid for implementers. 307 The issues include: 309 - What layer or layers implement Path MTU Discovery? 311 - How is the PMTU information cached? 313 - How is stale PMTU information removed? 315 - What must transport and higher layers do? 317 5.1. Layering 319 In the IP architecture, the choice of what size packet to send is 320 made by a protocol at a layer above IP. This memo refers to such a 321 protocol as a "packetization protocol". Packetization protocols are 322 usually transport protocols (for example, TCP) but can also be 323 higher-layer protocols (for example, protocols built on top of UDP). 325 Implementing Path MTU Discovery in the packetization layers 326 simplifies some of the inter-layer issues, but has several drawbacks: 327 the implementation may have to be redone for each packetization 328 protocol, it becomes hard to share PMTU information between different 329 packetization layers, and the connection-oriented state maintained by 330 some packetization layers may not easily extend to save PMTU 331 information for long periods. 333 It is therefore suggested that the IP layer store PMTU information 334 and that the ICMPv6 layer process received Packet Too Big messages. 335 The packetization layers may respond to changes in the PMTU by 336 changing the size of the messages they send. To support this 337 layering, packetization layers require a way to learn of changes in 338 the value of MMS_S, the "maximum send transport-message size" 339 [RFC1122]. 341 MMS_S is a transport message size calculated by subtracting the size 342 of the IPv6 header (including IPv6 extension headers) from the 343 largest IP packet that can be sent, EMTU_S. MMS_S is limited by a 344 combination of factors, including the PMTU, support for packet 345 fragmentation and reassembly, and the packet reassembly limit (see 346 [I-D.ietf-6man-rfc2460bis] section "Fragment Header"). When source 347 fragmentation is available, EMTU_S is set to EMTU_R, as indicated by 348 the receiver using an upper layer protocol or based on protocol 349 requirements (1500 octets for IPv6). When a message larger than PMTU 350 is to be transmitted, the source creates fragments, each limited by 351 PMTU. When source fragmentation is not desired, EMTU_S is set to 352 PMTU, and the upper layer protocol is expected to either perform its 353 own fragmentation and reassembly or otherwise limit the size of its 354 messages accordingly. 356 However, packetization layers are encouraged to avoid sending 357 messages that will require source fragmentation (for the case against 358 fragmentation, see [FRAG]). 360 5.2. Storing PMTU information 362 Ideally, a PMTU value should be associated with a specific path 363 traversed by packets exchanged between the source and destination 364 nodes. However, in most cases a node will not have enough 365 information to completely and accurately identify such a path. 366 Rather, a node must associate a PMTU value with some local 367 representation of a path. It is left to the implementation to select 368 the local representation of a path. For nodes with multiple 369 interfaces, Path MTU information should be maintained for each IPv6 370 link. 372 In the case of a multicast destination address, copies of a packet 373 may traverse many different paths to reach many different nodes. The 374 local representation of the "path" to a multicast destination must 375 represent a potentially large set of paths. 377 Minimally, an implementation could maintain a single PMTU value to be 378 used for all packets originated from the node. This PMTU value would 379 be the minimum PMTU learned across the set of all paths in use by the 380 node. This approach is likely to result in the use of smaller 381 packets than is necessary for many paths. In the case of multipath 382 routing (e.g., Equal Cost Multipath Routing (ECMP) ), a set of paths 383 can exist even for a single source and destination pair. 385 An implementation could use the destination address as the local 386 representation of a path. The PMTU value associated with a 387 destination would be the minimum PMTU learned across the set of all 388 paths in use to that destination. This approach will result in the 389 use of optimally sized packets on a per-destination basis. This 390 approach integrates nicely with the conceptual model of a host as 391 described in [ND]: a PMTU value could be stored with the 392 corresponding entry in the destination cache. 394 If flows [I-D.ietf-6man-rfc2460bis] are in use, an implementation 395 could use the flow id as the local representation of a path. Packets 396 sent to a particular destination but belonging to different flows may 397 use different paths, as with ECMP, in which the choice of path might 398 depending on the flow id. This approach might result in the use of 399 optimally sized packets on a per-flow basis, providing finer 400 granularity than PMTU values maintained on a per-destination basis. 402 For source routed packets (i.e. packets containing an IPv6 Routing 403 header [I-D.ietf-6man-rfc2460bis]), the source route may further 404 qualify the local representation of a path. 406 Initially, the PMTU value for a path is assumed to be the (known) MTU 407 of the first-hop link. 409 When a Packet Too Big message is received, the node determines which 410 path the message applies to based on the contents of the Packet Too 411 Big message. For example, if the destination address is used as the 412 local representation of a path, the destination address from the 413 original packet would be used to determine which path the message 414 applies to. 416 Note: if the original packet contained a Routing header, the 417 Routing header should be used to determine the location of the 418 destination address within the original packet. If Segments Left 419 is equal to zero, the destination address is in the Destination 420 Address field in the IPv6 header. If Segments Left is greater 421 than zero, the destination address is the last address 422 (Address[n]) in the Routing header. 424 The node then uses the value in the MTU field in the Packet Too Big 425 message as a tentative PMTU value or the IPv6 minimum link MTU if 426 that is larger, and compares the tentative PMTU to the existing PMTU. 427 If the tentative PMTU is less than the existing PMTU estimate, the 428 tentative PMTU replaces the existing PMTU as the PMTU value for the 429 path. 431 The packetization layers must be notified about decreases in the 432 PMTU. Any packetization layer instance (for example, a TCP 433 connection) that is actively using the path must be notified if the 434 PMTU estimate is decreased. 436 Note: even if the Packet Too Big message contains an Original 437 Packet Header that refers to a UDP packet, the TCP layer must be 438 notified if any of its connections use the given path. 440 Also, the instance that sent the packet that elicited the Packet Too 441 Big message should be notified that its packet has been dropped, even 442 if the PMTU estimate has not changed, so that it may retransmit the 443 dropped data. 445 Note: An implementation can avoid the use of an asynchronous 446 notification mechanism for PMTU decreases by postponing 447 notification until the next attempt to send a packet larger than 448 the PMTU estimate. In this approach, when an attempt is made to 449 SEND a packet that is larger than the PMTU estimate, the SEND 450 function should fail and return a suitable error indication. This 451 approach may be more suitable to a connectionless packetization 452 layer (such as one using UDP), which (in some implementations) may 453 be hard to "notify" from the ICMPv6 layer. In this case, the 454 normal timeout-based retransmission mechanisms would be used to 455 recover from the dropped packets. 457 It is important to understand that the notification of the 458 packetization layer instances using the path about the change in the 459 PMTU is distinct from the notification of a specific instance that a 460 packet has been dropped. The latter should be done as soon as 461 practical (i.e., asynchronously from the point of view of the 462 packetization layer instance), while the former may be delayed until 463 a packetization layer instance wants to create a packet. 465 5.3. Purging stale PMTU information 467 Internetwork topology is dynamic; routes change over time. While the 468 local representation of a path may remain constant, the actual 469 path(s) in use may change. Thus, PMTU information cached by a node 470 can become stale. 472 If the stale PMTU value is too large, this will be discovered almost 473 immediately once a large enough packet is sent on the path. No such 474 mechanism exists for realizing that a stale PMTU value is too small, 475 so an implementation should "age" cached values. When a PMTU value 476 has not been decreased for a while (on the order of 10 minutes), it 477 should probe to find if a larger PMTU is supported. 479 Note: an implementation should provide a means for changing the 480 timeout duration, including setting it to "infinity". For 481 example, nodes attached to a link with a large MTU which is then 482 attached to the rest of the Internet via a link with a small MTU 483 are never going to discover a new non-local PMTU, so they should 484 not have to put up with dropped packets every 10 minutes. 486 5.4. Packetization layer actions 488 A packetization layer (e.g., TCP) must use the PMTU for the path(s) 489 in use by a connection; it should not send segments that would result 490 in packets larger than the PMTU, except to probe during PMTU 491 discovery (this probe packet must not be fragmented to the PMTU). A 492 simple implementation could ask the IP layer for this value each time 493 it created a new segment, but this could be inefficient. An 494 implementation typically caches other values derived from the PMTU. 495 It may be simpler to receive asynchronous notification when the PMTU 496 changes, so that these variables may be also updated. 498 A TCP implementation must also store the Maximum Segment Size (MSS) 499 value received from its peer, which represents the EMTU_R, the 500 largest packet that can be reassembled by the receiver, and must not 501 send any segment larger than this MSS, regardless of the PMTU. 503 The value sent in the TCP MSS option is independent of the PMTU; it 504 is determined by the receiver reassembly limit EMTU_R. This MSS 505 option value is used by the other end of the connection, which may be 506 using an unrelated PMTU value. See [I-D.ietf-6man-rfc2460bis] 507 sections "Packet Size Issues" and "Maximum Upper-Layer Payload Size" 508 for information on selecting a value for the TCP MSS option. 510 Reception of a Packet Too Big message implies that a packet was 511 dropped by the node that sent the ICMPv6 message. A reliable upper 512 layer protocol will detect this loss by its own means, and recover it 513 by its normal retransmission methods. The retransmission could 514 result in delay, depending on the loss detection method used by the 515 upper layer protocol. If the Path MTU Discovery process requires 516 several steps to find the PMTU of the full path, this could finally 517 delay the retransmission by many round-trip times. 519 Alternatively, the retransmission could be done in immediate response 520 to a notification that the Path MTU was decreased, but only for the 521 specific connection specified by the Packet Too Big message, but only 522 based on the message and connection. The packet size used in the 523 retransmission should be no larger than the new PMTU. 525 Note: A packetization layer that determines a probe packet is 526 lost, needs to adapt the segment size of the retransmission. 527 Using the reported size in the last Packet Too Big message, 528 however, can lead to further losses as there might be smaller PMTU 529 limits at the routers further along the path. This would lead to 530 loss of all retransmitted segments and therefore cause unnecessary 531 congestion as well as additional packets to be sent each time a 532 new router announces a smaller MTU. Any packetization layer that 533 uses retransmission is therefore also responsible for congestion 534 control of its retransmissions [RFC8085]. 536 A loss caused by a PMTU probe indicated by the reception of a Packet 537 Too Big message must not be considered as a congestion notification 538 and hence the congestion window may not change. 540 5.5. Issues for other transport protocols 542 Some transport protocols are not allowed to repacketize when doing a 543 retransmission. That is, once an attempt is made to transmit a 544 segment of a certain size, the transport cannot split the contents of 545 the segment into smaller segments for retransmission. In such a 546 case, the original segment can be fragmented by the IP layer during 547 retransmission. Subsequent segments, when transmitted for the first 548 time, should be no larger than allowed by the Path MTU. 550 Path MTU Discovery for IPv4 [RFC1191] used NFS as an example of a 551 UDP-based application that benefits from PMTU discovery. Since then 552 [RFC7530], states the supported transport layer between NFS and IP 553 must be an IETF standardized transport protocol that is specified to 554 avoid network congestion; such transports include TCP, Stream Control 555 Transmission Protocol (SCTP) [RFC4960], and the Datagram Congestion 556 Control Protocol (DCCP) [RFC4340]. In this case, the transport is 557 responsible for ensuring that transmitted segments (except probes) 558 conform to the the Path MTU, including supporting PMTU discovery 559 probe transmissions as needed. 561 5.6. Management interface 563 It is suggested that an implementation provide a way for a system 564 utility program to: 566 - Specify that Path MTU Discovery not be done on a given path. 568 - Change the PMTU value associated with a given path. 570 The former can be accomplished by associating a flag with the path; 571 when a packet is sent on a path with this flag set, the IP layer does 572 not send packets larger than the IPv6 minimum link MTU. 574 These features might be used to work around an anomalous situation, 575 or by a routing protocol implementation that is able to obtain Path 576 MTU values. 578 The implementation should also provide a way to change the timeout 579 period for aging stale PMTU information. 581 6. Security Considerations 583 This Path MTU Discovery mechanism makes possible two denial-of- 584 service attacks, both based on a malicious party sending false Packet 585 Too Big messages to a node. 587 In the first attack, the false message indicates a PMTU much 588 smaller than reality. In response, the victim node should never 589 set its PMTU estimate below the IPv6 minimum link MTU. A sender 590 that falsely reduces to this MTU would observe suboptimal 591 performance. 593 In the second attack, the false message indicates a PMTU larger 594 than reality. If believed, this could cause temporary blockage as 595 the victim sends packets that will be dropped by some router. 596 Within one round-trip time, the node would discover its mistake 597 (receiving Packet Too Big messages from that router), but frequent 598 repetition of this attack could cause lots of packets to be 599 dropped. A node, however, must not raise its estimate of the PMTU 600 based on a Packet Too Big message, so should not be vulnerable to 601 this attack. 603 Both of these attacks can cause a black hole connection, that is, the 604 TCP three-way handshake completes correctly but the connection hangs 605 when data is transfered. 607 A malicious party could also cause problems if it could stop a victim 608 from receiving legitimate Packet Too Big messages, but in this case 609 there are simpler denial-of-service attacks available. 611 If ICMPv6 filtering prevents reception of ICMPv6 Packet Too Big 612 messages, the source will not learn the actual path MTU. 613 Packetization Layer Path MTU Discovery [RFC4821] does not rely upon 614 network support for ICMPv6 messages and is therefore considered more 615 robust than standard PMTUD. It is not susceptible to "black holed" 616 connections caused by filtering of ICMPv6 message. See [RFC4890] for 617 recommendations regarding filtering ICMPv6 messages. 619 7. Acknowledgements 621 We would like to acknowledge the authors of and contributors to 622 [RFC1191], from which the majority of this document was derived. We 623 would also like to acknowledge the members of the IPng working group 624 for their careful review and constructive criticisms. 626 We would also like to acknowledge the contributors to this update of 627 "Path MTU Discovery for IP version 6". This includes members of the 628 6MAN w.g., area directorate reviewers, the IESG, and especially to 629 Joe Touch and Gorry Fairhurst. 631 8. IANA Considerations 633 This document does not have any IANA actions 635 9. References 637 9.1. Normative References 639 [I-D.ietf-6man-rfc2460bis] 640 Deering, S. and R. Hinden, "Internet Protocol, Version 6 641 (IPv6) Specification", draft-ietf-6man-rfc2460bis-13 (work 642 in progress), May 2017. 644 [ICMPv6] Conta, A., Deering, S., and M. Gupta, Ed., "Internet 645 Control Message Protocol (ICMPv6) for the Internet 646 Protocol Version 6 (IPv6) Specification", RFC 4443, DOI 647 10.17487/RFC4443, March 2006, 648 . 650 9.2. Informative References 652 [FRAG] Kent, C. and J. Mogul, "Fragmentation Considered Harmful", 653 In Proc. SIGCOMM '87 Workshop on Frontiers in Computer 654 Communications Technology , August 1987. 656 [ND] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, 657 "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, 658 DOI 10.17487/RFC4861, September 2007, 659 . 661 [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - 662 Communication Layers", STD 3, RFC 1122, DOI 10.17487/ 663 RFC1122, October 1989, 664 . 666 [RFC1191] Mogul, J. and S. Deering, "Path MTU discovery", RFC 1191, 667 DOI 10.17487/RFC1191, November 1990, 668 . 670 [RFC1981] McCann, J., Deering, S., and J. Mogul, "Path MTU Discovery 671 for IP version 6", RFC 1981, DOI 10.17487/RFC1981, August 672 1996, . 674 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 675 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 676 RFC2119, March 1997, 677 . 679 [RFC2923] Lahey, K., "TCP Problems with Path MTU Discovery", RFC 680 2923, DOI 10.17487/RFC2923, September 2000, 681 . 683 [RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram 684 Congestion Control Protocol (DCCP)", RFC 4340, DOI 685 10.17487/RFC4340, March 2006, 686 . 688 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 689 Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, 690 . 692 [RFC4890] Davies, E. and J. Mohacsi, "Recommendations for Filtering 693 ICMPv6 Messages in Firewalls", RFC 4890, DOI 10.17487/ 694 RFC4890, May 2007, 695 . 697 [RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", 698 RFC 4960, DOI 10.17487/RFC4960, September 2007, 699 . 701 [RFC6691] Borman, D., "TCP Options and Maximum Segment Size (MSS)", 702 RFC 6691, DOI 10.17487/RFC6691, July 2012, 703 . 705 [RFC7530] Haynes, T., Ed. and D. Noveck, Ed., "Network File System 706 (NFS) Version 4 Protocol", RFC 7530, DOI 10.17487/RFC7530, 707 March 2015, . 709 [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage 710 Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, 711 March 2017, . 713 Appendix A. Comparison to RFC 1191 715 This document is based in large part on RFC 1191, which describes 716 Path MTU Discovery for IPv4. Certain portions of RFC 1191 were not 717 needed in this document: 719 router specification Packet Too Big messages and corresponding 720 router behavior are defined in [ICMPv6] 722 Don't Fragment bit there is no DF bit in IPv6 packets 724 TCP MSS discussion selecting a value to send in the TCP MSS option 725 is discussed in [I-D.ietf-6man-rfc2460bis] 727 old-style messages all Packet Too Big messages report the MTU of 728 the constricting link 730 MTU plateau tables not needed because there are no old-style 731 messages 733 Appendix B. Changes Since RFC 1981 735 This document is based on RFC1981 has the following changes from 736 RFC1981: 738 o Clarified Section 1 "Introduction" that the purpose of PMTUD is to 739 reduce the need for IPv6 fragmentation. 741 o Added text to Section 1 "Introduction" about the effects on PMTUD 742 when ICMPv6 messages are blocked. 744 o Added Note to Introduction that document that this document 745 doesn't cite RFC2119 and only uses lower case "should/must" 746 language. Changed all upper case "should/must" to lower case. 748 o Added a short summary to the Section 1 "Introduction" of 749 Packetization Layer Path MTU Discovery ((PLPMTUD) and a reference 750 to RFC4821 that defines it. 752 o Aligned text in Section 2 "Terminology" to match current 753 packetization layer terminology. 755 o Added clarification in Section 4 "Protocol Requirements" that 756 nodes should validate the payload of ICMP PTB message per RFC4443, 757 and that nodes should detect decreases in PMTU as fast as 758 possible. 760 o Remove Note from Section 4 "Protocol Requirements" about a Packet 761 Too Big message reporting a next-hop MTU that is less than the 762 IPv6 minimum link MTU because this was removed from 763 [I-D.ietf-6man-rfc2460bis]. 765 o Added clarification in Section 5.2 "Storing PMTU information" to 766 discard an ICMPv6 Packet Too Big message if it contains a MTU less 767 than the IPv6 minimum link MTU. 769 o Added clarification Section 5.2 "Storing PMTU information" that 770 nodes with multiple interface, Path MTU information should be 771 stored for each link. 773 o Removed text in Section 5.2 "Storing PMTU information" about the 774 RH0 routing header because it was deprecated by RFC5095. 776 o Removed text about obsolete security classification from 777 Section 5.2 "Storing PMTU information". 779 o Changed title of Section 5.4 to "Packetization Layer actions" and 780 changed to text in the first paragraph to to generalize this 781 section to cover all packetization layers, not just TCP. 783 o Clarified text in Section 5.4 "Packetization Layer actions" to use 784 normal packetization layer retransmission methods. 786 o Removed text in Section 5.4 "Packetization Layer actions" that 787 described 4.2 BSD because it is obsolete, and removed reference to 788 TP4. 790 o Updated text in Section 5.5 "Issues for other transport protocols" 791 about NFS including adding a current reference to NFS and removing 792 obsolete text. 794 o Added paragraph to Section 6 "Security Considerations" about black 795 hole connections if PTB messages are not received, and comparison 796 to PLPMTD. 798 o Updated Section 7 "Acknowledgements". 800 o Editorial Changes. 802 B.1. Change History Since RFC1981 804 NOTE TO RFC EDITOR: Please remove this subsection prior to RFC 805 Publication 807 This section describes change history made in each Internet Draft 808 that went into producing this version. The numbers identify the 809 Internet-Draft version in which the change was made. 811 Working Group Internet Drafts 812 08) Based on IESG comments, cleaned up text in Section 5.3 813 regarding suggested action when PMTU value has not been 814 decreased recently. 816 08) Revision of Note in Section 5.4 to make text clearer. 818 08) Updated Section 7 "Acknowledgements". 820 08) Editorial Changes. 822 07) Changes from the IESG Discuss comments from IESG reviews. 823 The changes include: 825 o Added Note to Introduction that document that this 826 document doesn't cite RFC2119 and only uses lower case 827 "should/must" language. Changed all upper case "should/ 828 must" to lower case. 830 o Added references for EMTU_S and EMTU_R. 832 o Added clarification to Section 4 "Protocol Requirements" 833 that nodes should detect decreases in PMTU as fast as 834 possible. 836 o Added clarification Section 5.2 "Storing PMTU information" 837 that nodes with multiple interface, Path MTU information 838 should be stored for each link. 840 o Removed text in Section 5.2 about Retransmission because 841 it was unneeded. 843 o Removed text in Section 5.3 about Retransmission because 844 it was unneeded. 846 o Rewrote text in Section 5.4 "Packetization Layer actions" 847 regarding reception to make it clearer. 849 o Rewrote the text at the end of Section 5.4 to remove 850 unnecessary details and clarify not change congestion 851 window. 853 o Added references in Section 5.5 for SCTP and added DCCP 854 (and reference) the list of examples. 856 o Added paragraph to Section 5.5 "Security Considerations" 857 about black hole connections if PTB messages are not 858 received, and comparison to PLPMTD. 860 07) Editorial changes. 862 06) Revised Appendix B "Changes since RFC1981" to have a summary 863 of changes since RFC1981 and a separate subsection with a 864 change history of each Internet Draft. This subsection will 865 be removed when the RFC is published. 867 06) Editorial changes based on comments received after publishing 868 the -05 draft. 870 05) Changes based on IETF last call reviews by Gorry Fairhurst, 871 Joe Touch, Susan Hares, Stewart Bryant, Rifaat Shekh-Yusef, 872 and Donald Eastlake. This includes includes: 874 o Clarify that the purpose of PMTUD is to reduce the need 875 for IPv6 Fragmentation. 877 o Added text to Introduction about effects on PMTUD when 878 ICMPv6 messages are blocked. 880 o Clarified in Section 4. that nodes should validate the 881 payload of ICMPv6 PTB messages per RFC4443. 883 o Removed text in Section 5.2 about the number of paths to a 884 destination. 886 o Changed title of Section 5.4 to "Packetization layer 887 actions". 889 o Clarified first paragraph in Section 5.4 to to cover all 890 packetization layers, not just TCP. 892 o Clarified text in Section 5.4 to use normal retransmission 893 methods. 895 o Add clarification to Note in Section 5.4 about 896 retransmissions. 898 o Removed text in Section 5.4 that described 4.2BSD as it is 899 now obsolete. 901 o Removed reference to TP4 in Section 5.5. 903 o Updated text in Section 5.5 about NFS including adding a 904 current reference to NFS and removing obsolete text. 906 o Revised text in Section 6 to clarify first attack 907 response. 909 o Added new text in Section 6 to clarify the effect of 910 ICMPv6 filtering on PMTUD. 912 o Aligned terminology for the packetization layer 913 terminology. 915 o Editorial changes. 917 04) Changes based on AD Evaluation including removing details 918 about RFC4821 algorithm in Section 1, remove text about 919 decrementing hop limit from Section 3, and removed text about 920 obsolete security classifications from Section 5.2. 922 04) Editorial changes and clarification in Section 5.2 based on 923 IP Directorate review by Donald Eastlake 925 03) Remove text in Section 5.3 regarding RH0 since it was 926 deprecated by RFC5095 928 02) Clarified in Section 3 that ICMPv6 Packet Too Big should be 929 sent even if the node doesn't decrement the hop limit 931 01) Revised the text about PLPMTUD to use the word "path". 933 01) Editorial changes. 935 00) Added text to discard an ICMPv6 Packet Too Big message 936 containing an MTU less than the IPv6 minimum link MTU. 938 00) Revision of text regarding RFC4821. 940 00) Added R. Hinden as Editor to facilitate ID submission. 942 00) Editorial changes. 944 Individual Internet Drafts 946 01) Remove Note about a Packet Too Big message reporting a next- 947 hop MTU that is less than the IPv6 minimum link MTU. This 948 was removed from [I-D.ietf-6man-rfc2460bis]. 950 01) Include a link to RFC4821 along with a short summary of what 951 it does. 953 01) Assigned references to informative and normative. 955 01) Editorial changes. 957 00) Establish a baseline from RFC1981. The only intended changes 958 are formatting (XML is slightly different from .nroff), 959 differences between an RFC and Internet Draft, fixing a few 960 ID Nits, updating references, and updates to the authors 961 information. There should not be any content changes to the 962 specification. 964 Authors' Addresses 966 Jack McCann 967 Digital Equipment Corporation 969 Stephen E. Deering 970 Retired 971 Vancouver, British Columbia 972 Canada 974 Jeffrey Mogul 975 Digital Equipment Corporation 977 Robert M. Hinden (editor) 978 Check Point Software 979 959 Skyway Road 980 San Carlos, CA 94070 981 USA 983 Email: bob.hinden@gmail.com