idnits 2.17.1 draft-ietf-tram-stun-pmtud-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 3, 2018) is 2245 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5389 (Obsoleted by RFC 8489) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TRAM M. Petit-Huguenin 3 Internet-Draft Impedance Mismatch 4 Intended status: Standards Track G. Salgueiro 5 Expires: September 4, 2018 Cisco 6 March 3, 2018 8 Path MTU Discovery Using Session Traversal Utilities for NAT (STUN) 9 draft-ietf-tram-stun-pmtud-07 11 Abstract 13 This document describes a Session Traversal Utilities for NAT (STUN) 14 Usage for Path MTU Discovery (PMTUD) between a client and a server. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at https://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on September 4, 2018. 33 Copyright Notice 35 Copyright (c) 2018 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (https://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 51 2. Overview of Operations . . . . . . . . . . . . . . . . . . . 3 52 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 53 4. Probing Mechanisms . . . . . . . . . . . . . . . . . . . . . 5 54 4.1. Simple Probing Mechanism . . . . . . . . . . . . . . . . 6 55 4.1.1. Sending a Probe Request . . . . . . . . . . . . . . . 6 56 4.1.2. Receiving a Probe Request . . . . . . . . . . . . . . 6 57 4.1.3. Receiving a Probe Response . . . . . . . . . . . . . 7 58 4.2. Complete Probing Mechanism . . . . . . . . . . . . . . . 7 59 4.2.1. Sending the Probe Indications and Report Request . . 7 60 4.2.2. Receiving an ICMP Packet . . . . . . . . . . . . . . 8 61 4.2.3. Receiving a Probe Indication and Report Request . . . 8 62 4.2.4. Receiving a Report Response . . . . . . . . . . . . . 9 63 4.2.5. Using Checksums as Packet Identifiers . . . . . . . . 9 64 4.2.6. Using Sequence Numbers as Packet Identifiers . . . . 10 65 5. Probe Support Signaling Mechanisms . . . . . . . . . . . . . 10 66 5.1. Explicit Probe Support Signaling Mechanism . . . . . . . 11 67 5.2. Implicit Probe Support Signaling Mechanism . . . . . . . 11 68 6. STUN Attributes . . . . . . . . . . . . . . . . . . . . . . . 11 69 6.1. IDENTIFIERS . . . . . . . . . . . . . . . . . . . . . . . 11 70 6.2. PMTUD-SUPPORTED . . . . . . . . . . . . . . . . . . . . . 11 71 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 72 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 73 8.1. New STUN Methods . . . . . . . . . . . . . . . . . . . . 12 74 8.2. New STUN Attributes . . . . . . . . . . . . . . . . . . . 12 75 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 76 9.1. Normative References . . . . . . . . . . . . . . . . . . 12 77 9.2. Informative References . . . . . . . . . . . . . . . . . 13 78 Appendix A. Release Notes . . . . . . . . . . . . . . . . . . . 13 79 A.1. Modifications between draft-ietf-tram-stun-pmtud-07 and 80 draft-ietf-tram-stun-pmtud-06 . . . . . . . . . . . . . . 13 81 A.2. Modifications between draft-ietf-tram-stun-pmtud-06 and 82 draft-ietf-tram-stun-pmtud-05 . . . . . . . . . . . . . . 14 83 A.3. Modifications between draft-ietf-tram-stun-pmtud-05 and 84 draft-ietf-tram-stun-pmtud-04 . . . . . . . . . . . . . . 14 85 A.4. Modifications between draft-ietf-tram-stun-pmtud-04 and 86 draft-ietf-tram-stun-pmtud-03 . . . . . . . . . . . . . . 14 87 A.5. Modifications between draft-ietf-tram-stun-pmtud-03 and 88 draft-ietf-tram-stun-pmtud-02 . . . . . . . . . . . . . . 14 89 A.6. Modifications between draft-ietf-tram-stun-pmtud-02 and 90 draft-ietf-tram-stun-pmtud-01 . . . . . . . . . . . . . . 15 91 A.7. Modifications between draft-ietf-tram-stun-pmtud-01 and 92 draft-ietf-tram-stun-pmtud-00 . . . . . . . . . . . . . . 15 93 A.8. Modifications between draft-ietf-tram-stun-pmtud-00 and 94 draft-petithuguenin-tram-stun-pmtud-01 . . . . . . . . . 15 95 A.9. Modifications between draft-petithuguenin-tram-stun- 96 pmtud-01 and draft-petithuguenin-tram-stun-pmtud-00 . . . 15 97 A.10. Modifications between draft-petithuguenin-tram-stun- 98 pmtud-00 and draft-petithuguenin-behave-stun-pmtud-03 . . 15 99 A.11. Modifications between draft-petithuguenin-behave-stun- 100 pmtud-03 and draft-petithuguenin-behave-stun-pmtud-02 . . 16 101 A.12. Modifications between draft-petithuguenin-behave-stun- 102 pmtud-02 and draft-petithuguenin-behave-stun-pmtud-01 . . 16 103 A.13. Modifications between draft-petithuguenin-behave-stun- 104 pmtud-01 and draft-petithuguenin-behave-stun-pmtud-00 . . 16 105 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 16 106 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 108 1. Introduction 110 The Packetization Layer Path MTU Discovery (PMTUD) specification 111 [RFC4821] describes a method to discover the Path MTU but does not 112 describe a practical protocol to do so with UDP. 114 Not all UDP-based protocols implement the Path MTU discovery 115 mechanism described in [RFC4821]. These protocols can make use of 116 the probing mechanisms described in this document instead of 117 designing their own adhoc extension. These probing mechanisms are 118 implemented with Session Traversal Utilities for NAT (STUN), but 119 their usage is not limited to STUN-based protocols. 121 The STUN usage defined in this document for Path MTU Discovery 122 (PMTUD) between a client and a server permits proper operations of 123 UDP-based applications in the network. It also simplifies 124 troubleshooting and has multiple other applications across a wide 125 variety of technologies. 127 Complementary techniques can be used to discover additional network 128 characteristics, such as the network path (using the STUN Traceroute 129 mechanism described in [I-D.martinsen-tram-stuntrace]) and bandwidth 130 availability (using the mechanism described in 131 [I-D.martinsen-tram-turnbandwidthprobe]). 133 2. Overview of Operations 135 This section is meant to be informative only. It is not intended as 136 a replacement for [RFC4821]. 138 A UDP endpoint that uses this specification to discover the Path MTU 139 over UDP and knows that the endpoint it is communicating with also 140 supports this specification can choose to use either the Simple 141 Probing mechanism (as described in Section 4.1) or the Complete 142 Probing mechanism (as described in Section 4.2). The selection of 143 which Probing Mechanism to use is dependent on performance and 144 security and complexity trade-offs. 146 If the Simple Probing mechanism is chosen, then the Client initiates 147 Probe transactions, as shown in Figure 1, which increase in size 148 until transactions timeout, indicating that the Path MTU has been 149 exceeded. It then uses that information to update the Path MTU. 151 Client Server 152 | | 153 | Probe Request | 154 |---------------->| 155 | | 156 | Probe Response | 157 |<----------------| 158 | | 160 Figure 1: Simple Probing Example 162 If the Complete Probing mechanism (as described in Section 4.2) is 163 chosen, then the Client sends Probe Indications of various sizes 164 interleaved with UDP packets sent by the UDP protocol. The Client 165 then sends a Report Request for the ordered list of identifiers for 166 the UDP packets and Probe Indications received by the Server. The 167 Client then compares the list returned in the Report Response with 168 its own list of identifiers for the UDP packets and Probe Indications 169 it sent. The Client then uses that comparison to find which Probe 170 Indications were dropped by the network as a result of their size. 171 It then uses that information to update the Path MTU. 173 Client Server 174 | UDP Packet | 175 |------------------>| 176 | | 177 | UDP Packet | 178 |------------------>| 179 | | 180 | Probe Indication | 181 |------------------>| 182 | | 183 | UDP Packet | 184 |------------------>| 185 | | 186 | Probe Indication | 187 |------------------>| 188 | | 189 | Report Request | 190 |------------------>| 191 | Report Response | 192 |<------------------| 193 | | 195 Figure 2: Complete Probing Example 197 3. Terminology 199 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 200 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 201 document are to be interpreted as described in [RFC2119]. When these 202 words are not in ALL CAPS (such as "must" or "Must"), they have their 203 usual English meanings, and are not to be interpreted as RFC 2119 key 204 words. 206 4. Probing Mechanisms 208 The Probing mechanism is used to discover the Path MTU in one 209 direction only, from the client to the server. 211 Two Probing mechanisms are described, a Simple Probing mechanism and 212 a more complete mechanism that can converge quicker and find an 213 appropriate PMTU in the presence of congestion. Additionally, the 214 Simple Probing mechanism does not require authentication, whereas the 215 complete mechanism does. 217 Implementations supporting this specification MUST implement the 218 server side of both the Simple Probing mechanism (Section 4.1) and 219 the Complete Probing mechanism (Section 4.2). 221 Implementations supporting this specification MUST implement the 222 client side of the Complete Probing mechanism. They MAY implement 223 the client side of the Simple Probing mechanism. 225 4.1. Simple Probing Mechanism 227 The Simple Probing mechanism is implemented by sending a Probe 228 Request with a PADDING [RFC5780] attribute over UDP with the DF bit 229 set in the IP header. A router on the path to the server can reject 230 this request with an ICMP message or drop it. 232 4.1.1. Sending a Probe Request 234 A client forms a Probe Request by using the Probe Method and 235 following the rules in Section 7.1 of [RFC5389]. 237 The Probe transaction MUST be authenticated if the Simple Probing 238 mechanism is used in conjunction with the Implicit Probing Support 239 mechanism described in Section 5.2. If not, the Probe transaction 240 MAY be authenticated. 242 The client adds a PADDING [RFC5780] attribute with a length that, 243 when added to the IP and UDP headers and the other STUN components, 244 is equal to the Selected Probe Size, as defined in [RFC4821] 245 Section 7.3. The client MUST add the FINGERPRINT attribute so the 246 STUN messages are disambiguated from the other protocol packets. 248 Then the client sends the Probe Request to the server over UDP with 249 the DF bit set. For the purpose of this transaction, the Rc 250 parameter specified in Section 7.2.1 of [RFC5389] is set to 3. The 251 initial value for RTO stays at 500 ms. 253 A client MUST NOT send a probe if it does not have knowledge that the 254 server supports this specification. This is done either by external 255 signalling or by a mechanism specific to the UDP protocol to which 256 PMTUD capabilities are added or by one of the mechanisms specified in 257 Section 5. 259 4.1.2. Receiving a Probe Request 261 A server receiving a Probe Request MUST process it as specified in 262 [RFC5389]. 264 The server then creates a Probe Response. The server MUST add the 265 FINGERPRINT attribute so the STUN messages are disambiguated from the 266 other protocol packets. The server then sends the response to the 267 client. 269 4.1.3. Receiving a Probe Response 271 A client receiving a Probe Response MUST process it as specified in 272 [RFC5389]. If a response is received this is interpreted as a Probe 273 Success, as defined in [RFC4821] Section 7.6.1. If an ICMP packet 274 "Fragmentation needed" is received then this is interpreted as a 275 Probe Failure, as defined in [RFC4821] Section 7.6.2. If the Probe 276 transaction times out, then this is interpreted as a Probe 277 Inconclusive, as defined in [RFC4821] Section 7.6.4. 279 4.2. Complete Probing Mechanism 281 The Complete Probing mechanism is implemented by sending one or more 282 Probe Indications with a PADDING attribute over UDP with the DF bit 283 set in the IP header followed by a Report Request to the same server. 284 A router on the path to the server can reject this Indication with an 285 ICMP message or drop it. The server keeps a chronologically ordered 286 list of identifiers for all packets received (including retransmitted 287 packets) and sends this list back to the client in the Report 288 Response. The client analyzes this list to find which packets were 289 not received. Because UDP packets do not contain an identifier, the 290 Complete Probing mechanism needs a way to identify each packet 291 received. 293 Some application layer protocols may already have a way of 294 identifying each individual UDP packet, in which case these 295 identifiers SHOULD be used in the IDENTIFIERS attribute of the Report 296 Response. While there are other possible packet identification 297 schemes, this document describes two different ways to identify a 298 specific packet. 300 In the first packet identification mechanism, the server computes a 301 checksum over each packet received and sends back to the sender the 302 list of checksums ordered chronologically. The client compares this 303 list to its own list of checksums. 305 In the second packet identification mechanism, the client prepends 306 the UDP data with a header that provides a sequence number. The 307 server sends back the chronologically ordered list of sequence 308 numbers received that the client then compares with its own list. 310 4.2.1. Sending the Probe Indications and Report Request 312 A client forms a Probe Indication by using the Probe Method and 313 following the rules in [RFC5389] Section 7.1. The client adds to the 314 Probe Indication a PADDING attribute with a size that, when added to 315 the IP and UDP headers and the other STUN components, is equal to the 316 Selected Probe Size, as defined in [RFC4821] Section 7.3. If the 317 authentication mechanism permits it, then the Indication MUST be 318 authenticated. The client MUST add the FINGERPRINT attribute so the 319 STUN messages are disambiguated from the other protocol packets. 321 Then the client sends the Probe Indication to the server over UDP 322 with the DF bit set. 324 Then the client forms a Report Request by following the rules in 325 [RFC5389] Section 7.1. The Report transaction MUST be authenticated 326 to prevent amplification attacks. The client MUST add the 327 FINGERPRINT attribute so the STUN messages are disambiguated from the 328 other protocol packets. 330 Then the client waits half the RTO, if it is known, or 250 ms after 331 sending the last Probe Indication and then sends the Report Request 332 to the server over UDP. 334 4.2.2. Receiving an ICMP Packet 336 If an ICMP packet "Fragmentation needed" is received then this is 337 interpreted as a Probe Failure, as defined in [RFC4821] Section 7.5. 339 4.2.3. Receiving a Probe Indication and Report Request 341 A server supporting this specification will keep the identifiers of 342 all packets received in a chronologically ordered list. The packets 343 that are to be associated to a list are selected according to 344 Section 5.2 of [RFC4821]. The same identifier can appear multiple 345 times in the list because of retransmissions. The maximum size of 346 this list is calculated such that when the list is added to the 347 Report Response, the total size of the packet does not exceed the 348 unknown Path MTU, as defined in [RFC5389] Section 7.1. Older 349 identifiers are removed when new identifiers are added to a list that 350 is already full. 352 A server receiving a Report Request MUST process it as specified in 353 [RFC5389]. 355 The server creates a Report Response and adds an IDENTIFIERS 356 attribute that contains the chronologically ordered list of all 357 identifiers received so far. The server MUST add the FINGERPRINT 358 attribute. The server then sends the response to the client. 360 The exact content of the IDENTIFIERS attribute depends on what type 361 of identifiers have been chosen for the protocol. Each protocol 362 adding PMTUD capabilities as specified by this specification MUST 363 describe the format of the contents of the IDENTIFIERS attribute, 364 unless it is using one of the formats described in this 365 specification. See Section 6.1 for details about the IDENTIFIERS 366 attribute. 368 4.2.4. Receiving a Report Response 370 A client receiving a Report Response processes it as specified in 371 [RFC5389]. If the response IDENTIFIERS attribute contains the 372 identifier of the Probe Indication, then this is interpreted as a 373 Probe Success for this probe, as defined in [RFC4821] Section 7.5. 374 If the Probe Indication identifier cannot be found in the Report 375 Response, this is interpreted as a Probe Failure, as defined in 376 [RFC4821] Section 7.5. If the Probe Indication identifier cannot be 377 found in the Report Response but identifiers for other packets sent 378 before or after the Probe Indication can all be found, this is 379 interpreted as a Probe Failure as defined in [RFC4821] Section 7.5. 380 If the Report Transaction times out, this is interpreted as a Full- 381 Stop Timeout, as defined in [RFC4821] Section 3. 383 4.2.5. Using Checksums as Packet Identifiers 385 When using a checksum as a packet identifier, the client calculates 386 the checksum for each packet sent over UDP that is not a STUN Probe 387 Indication or Request and keeps this checksum in a chronologically 388 ordered list. The client also keeps the checksum of the STUN Probe 389 Indication or Request sent in that same chronologically ordered list. 390 The algorithm used to calculate the checksum is similar to the 391 algorithm used for the FINGERPRINT attribute (i.e., the CRC-32 of the 392 payload XOR'ed with the 32-bit value 0x5354554e). 394 For each STUN Probe Indication or Request, the server retrieves the 395 STUN FINGERPRINT value. For all other packets, the server calculates 396 the checksum as described above. It puts these FINGERPRINT and 397 checksum values in a chronologically ordered list that is sent back 398 in the Report Response. 400 The contents of the IDENTIFIERS attribute is a list of 4 byte 401 numbers, each using the same encoding that is used for the contents 402 of the FINGERPRINT attribute. 404 It could have been possible to use the checksum generated in the UDP 405 checksum for this, but this value is generally not accessible to 406 applications. Also, sometimes the checksum is not calculated or is 407 off-loaded to network hardware. 409 4.2.6. Using Sequence Numbers as Packet Identifiers 411 When using sequence numbers, a small header similar to the TURN 412 ChannelData header is added in front of all packets that are not a 413 STUN Probe Indication or Request. The sequence number is 414 monotonically incremented by one for each packet sent. The most 415 significant bit of the sequence number is always 0. The server 416 collects the sequence number of the packets sent, or the 4 first 417 bytes of the transaction ID if a STUN Probe Indication or Request is 418 sent. In that case, the most significant bit of the 4 first bytes is 419 set to 1. 421 0 1 2 3 422 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 423 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 424 | Channel Number | Length | 425 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 426 |0| Sequence number | 427 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 428 | | 429 / Application Data / 430 / / 431 | | 432 | +-------------------------------+ 433 | | 434 +-------------------------------+ 436 The Channel Number is always 0xFFFF. The header values are encoded 437 using network order. 439 The contents of the IDENTIFIERS attribute is a chronologically 440 ordered list of 4 byte numbers, each containing either a sequence 441 number, if the packet was not a STUN Probe Indication or Request, or 442 the 4 first bytes of the transaction ID, with the most significant 443 bit forced to 1, if the packet is a STUN Probe Indication or Request. 445 5. Probe Support Signaling Mechanisms 447 The PMTUD mechanism described in this document is intended to be used 448 by any UDP-based protocols that do not have built-in PMTUD 449 capabilities, irrespective of whether those UDP-based protocols are 450 STUN-based or not. So the manner in which a specific protocol 451 discovers that it is safe to send PMTUD probes is largely dependent 452 on the details of that specific protocol, with the exception of the 453 Implicit Mechanism described below, which applies to any protocol. 455 5.1. Explicit Probe Support Signaling Mechanism 457 Some of these mechanisms can use a separate signalling mechanism (for 458 instance, an SDP attribute in an Offer/Answer exchange [RFC3264]), or 459 an optional flag that can be set in the protocol that is augmented 460 with PMTUD capabilities. STUN Usages that can benefit from PMTUD 461 capabilities can signal in-band that they support probing by 462 inserting a PMTUD-SUPPORTED attribute in some STUN methods. The 463 decision of which methods support this attribute is left to each 464 specific STUN Usage. 466 UDP-based protocols that want to use any of these mechanisms, 467 including the PMTUD-SUPPORTED attribute, to signal PMTUD capabilities 468 MUST ensure that it cannot be used to launch an amplification attack. 469 For example, using authentication can ensure this. 471 5.2. Implicit Probe Support Signaling Mechanism 473 As a result of the fact that all endpoints implementing this 474 specification are both clients and servers, a Probe Request or 475 Indication received by an endpoint acting as a server implicitly 476 signals that this server can now act as a client and MAY send a Probe 477 Request or Indication to probe the Path MTU in the reverse direction 478 toward the former client, that will now be acting as a server. 480 The Probe Request or Indication that are used to implicitly signal 481 probing support in the reverse direction MUST be authenticated to 482 prevent amplification attacks. 484 6. STUN Attributes 486 6.1. IDENTIFIERS 488 The IDENTIFIERS attribute carries a chronologically ordered list of 489 UDP packet identifiers. 491 While Section 4.2.5 and Section 4.2.6 describe two possible methods 492 for acquiring and formatting the identifiers used for this purpose, 493 ultimately each protocol has to define how these identifiers are 494 acquired and formatted. Therefore, the contents of the IDENTIFIERS 495 attribute is opaque. 497 6.2. PMTUD-SUPPORTED 499 The PMTUD-SUPPORTED attribute indicates that its sender supports this 500 specification. This attribute has no value part and thus the 501 attribute length field is 0. 503 7. Security Considerations 505 The PMTUD mechanism described in this document does not introduce any 506 specific security considerations beyond those described in [RFC4821]. 508 The attacks described in Section 11 of [RFC4821] apply equally to the 509 mechanism described in this document. 511 The Simple Probing mechanism may be used without authentication 512 because this usage by itself cannot trigger an amplification attack 513 as the Probe Response is smaller than the Probe Request. An 514 unauthenticated Simple Probing mechanism cannot be used in 515 conjunction with the Implicit Probing Support Signaling mechanism in 516 order to prevent amplification attacks. 518 8. IANA Considerations 520 This specification defines two new STUN methods and two new STUN 521 attributes. IANA added these new protocol elements to the "STUN 522 Parameters Registry" created by [RFC5389]. 524 8.1. New STUN Methods 526 This section lists the codepoints for the new STUN methods defined in 527 this specification. See Sections Section 4.1 and Section 4.2 for the 528 semantics of these new methods. 530 0xXXX : Probe 532 0xXXX : Report 534 8.2. New STUN Attributes 536 This document defines the IDENTIFIERS STUN attribute, described in 537 Section 6.1. IANA has allocated the comprehension-required codepoint 538 0xXXXX for this attribute. 540 This document also defines the PMTUD-SUPPORTED STUN attribute, 541 described in Section 6.2. IANA has allocated the comprehension- 542 optional codepoint 0xXXXX for this attribute. 544 9. References 546 9.1. Normative References 548 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 549 Requirement Levels", BCP 14, RFC 2119, 550 DOI 10.17487/RFC2119, March 1997, 551 . 553 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 554 Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, 555 . 557 [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, 558 "Session Traversal Utilities for NAT (STUN)", RFC 5389, 559 DOI 10.17487/RFC5389, October 2008, 560 . 562 9.2. Informative References 564 [I-D.martinsen-tram-stuntrace] 565 Martinsen, P. and D. Wing, "STUN Traceroute", draft- 566 martinsen-tram-stuntrace-01 (work in progress), June 2015. 568 [I-D.martinsen-tram-turnbandwidthprobe] 569 Martinsen, P., Andersen, T., Salgueiro, G., and M. Petit- 570 Huguenin, "Traversal Using Relays around NAT (TURN) 571 Bandwidth Probe", draft-martinsen-tram- 572 turnbandwidthprobe-00 (work in progress), May 2015. 574 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 575 with Session Description Protocol (SDP)", RFC 3264, 576 DOI 10.17487/RFC3264, June 2002, 577 . 579 [RFC5780] MacDonald, D. and B. Lowekamp, "NAT Behavior Discovery 580 Using Session Traversal Utilities for NAT (STUN)", 581 RFC 5780, DOI 10.17487/RFC5780, May 2010, 582 . 584 Appendix A. Release Notes 586 This section must be removed before publication as an RFC. 588 A.1. Modifications between draft-ietf-tram-stun-pmtud-07 and draft- 589 ietf-tram-stun-pmtud-06 591 o Updates following Shepherd review. 593 A.2. Modifications between draft-ietf-tram-stun-pmtud-06 and draft- 594 ietf-tram-stun-pmtud-05 596 o Nits. 598 o Restore missing changelog for previous version. 600 A.3. Modifications between draft-ietf-tram-stun-pmtud-05 and draft- 601 ietf-tram-stun-pmtud-04 603 o Modifications following Brandon Williams review. 605 A.4. Modifications between draft-ietf-tram-stun-pmtud-04 and draft- 606 ietf-tram-stun-pmtud-03 608 o Modifications following Simon Perreault and Brandon Williams 609 reviews. 611 A.5. Modifications between draft-ietf-tram-stun-pmtud-03 and draft- 612 ietf-tram-stun-pmtud-02 614 o Add new Overview of Operations section with ladder diagrams. 616 o Authentication is mandatory for the Complete Probing mechanism, 617 optional for the Simple Probing mechanism. 619 o All the ICE specific text moves to a separate draft to be 620 discussed in the ICE WG. 622 o The TURN usage is removed because probing between a TURN server 623 and TURN client is not useful. 625 o Any usage of PMTUD-SUPPORTED or other signaling mechanisms 626 (formerly knows as discovery mechanisms) must now be 627 authenticated. 629 o Both probing mechanisms are MTI in the server, the complete 630 probing mechanism is MTI in the client. 632 o Make clear that stopping after 3 retransmission is done by 633 changing the STUN parameter. 635 o Define the format of the attributes. 637 o Make clear that the specification is for any UDP protocol that 638 does not already have PMTUD capabilities, not just STUN based 639 protocols. 641 o Change the default delay to send the Report Request to 250 ms 642 after the last Indication if the RTO is unknown. 644 o Each usage of this specification must the format of the 645 IDENTIFIERS attribute contents. 647 o Better define the implicit signaling mechanism. 649 o Extend the Security Consideration section. 651 o Tons of nits. 653 A.6. Modifications between draft-ietf-tram-stun-pmtud-02 and draft- 654 ietf-tram-stun-pmtud-01 656 o Cleaned up references. 658 A.7. Modifications between draft-ietf-tram-stun-pmtud-01 and draft- 659 ietf-tram-stun-pmtud-00 661 o Added Security Considerations Section. 663 o Added IANA Considerations Section. 665 A.8. Modifications between draft-ietf-tram-stun-pmtud-00 and draft- 666 petithuguenin-tram-stun-pmtud-01 668 o Adopted by WG - Text unchanged. 670 A.9. Modifications between draft-petithuguenin-tram-stun-pmtud-01 and 671 draft-petithuguenin-tram-stun-pmtud-00 673 o Moved some Introduction text to the Probing Mechanism section. 675 o Added cross-reference to the other two STUN troubleshooting 676 mechanism drafts. 678 o Updated references. 680 o Added Gonzalo Salgueiro as co-author. 682 A.10. Modifications between draft-petithuguenin-tram-stun-pmtud-00 and 683 draft-petithuguenin-behave-stun-pmtud-03 685 o General refresh for republication. 687 A.11. Modifications between draft-petithuguenin-behave-stun-pmtud-03 688 and draft-petithuguenin-behave-stun-pmtud-02 690 o Changed author address. 692 o Changed the IPR to trust200902. 694 A.12. Modifications between draft-petithuguenin-behave-stun-pmtud-02 695 and draft-petithuguenin-behave-stun-pmtud-01 697 o Defined checksum and sequential numbers as possible packet 698 identifiers. 700 o Updated the reference to RFC 5389 702 o The FINGERPRINT attribute is now mandatory. 704 o Changed the delay between Probe indication and Report request to 705 be RTO/2 or 50 milliseconds. 707 o Added ICMP packet processing. 709 o Added Full-Stop Timeout detection. 711 o Stated that Binding request with PMTUD-SUPPORTED does not start 712 the PMTUD process if already started. 714 A.13. Modifications between draft-petithuguenin-behave-stun-pmtud-01 715 and draft-petithuguenin-behave-stun-pmtud-00 717 o Removed the use of modified STUN transaction but shorten the 718 retransmission for the simple probing mechanism. 720 o Added a complete probing mechanism. 722 o Removed the PADDING-RECEIVED attribute. 724 o Added release notes. 726 Acknowledgements 728 Thanks to Eilon Yardeni, Geir Sandbakken, Paal-Erik Martinsen, 729 Tirumaleswar Reddy, Ram Mohan R, Simon Perreault, Brandon Williams, 730 and Tolga Asveren for their review comments, suggestions and 731 questions that helped to improve this document. 733 Special thanks to Dan Wing, who supported this document since its 734 first publication back in 2008. 736 Authors' Addresses 738 Marc Petit-Huguenin 739 Impedance Mismatch 741 Email: marc@petit-huguenin.org 743 Gonzalo Salgueiro 744 Cisco Systems, Inc. 745 7200-12 Kit Creek Road 746 Research Triangle Park, NC 27709 747 United States 749 Email: gsalguei@cisco.com