idnits 2.17.1 draft-ietf-tram-stun-pmtud-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 4, 2019) is 1633 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.V42.2002' -- Obsolete informational reference (is this intentional?): RFC 5766 (Obsoleted by RFC 8656) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TRAM M. Petit-Huguenin 3 Internet-Draft Impedance Mismatch 4 Intended status: Standards Track G. Salgueiro 5 Expires: May 7, 2020 F. Garrido 6 Cisco 7 November 4, 2019 9 Path MTU Discovery Using Session Traversal Utilities for NAT (STUN) 10 draft-ietf-tram-stun-pmtud-14 12 Abstract 14 This document describes a Session Traversal Utilities for NAT (STUN) 15 Usage for Path MTU Discovery (PMTUD) between a client and a server. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at https://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on May 7, 2020. 34 Copyright Notice 36 Copyright (c) 2019 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (https://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 Table of Contents 51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 52 2. Overview of Operations . . . . . . . . . . . . . . . . . . . 4 53 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 54 4. Probing Mechanisms . . . . . . . . . . . . . . . . . . . . . 5 55 4.1. Simple Probing Mechanism . . . . . . . . . . . . . . . . 6 56 4.1.1. Sending a Probe Request . . . . . . . . . . . . . . . 6 57 4.1.2. Receiving a Probe Request . . . . . . . . . . . . . . 7 58 4.1.3. Receiving a Probe Response . . . . . . . . . . . . . 7 59 4.2. Complete Probing Mechanism . . . . . . . . . . . . . . . 7 60 4.2.1. Sending a Probe Indications and Report Request . . . 8 61 4.2.2. Receiving an ICMP Packet . . . . . . . . . . . . . . 8 62 4.2.3. Receiving a Probe Indication and Report Request . . . 8 63 4.2.4. Receiving a Report Response . . . . . . . . . . . . . 9 64 4.2.5. Using Checksums as Packet Identifiers . . . . . . . . 9 65 4.2.6. Using Sequence Numbers as Packet Identifiers . . . . 10 66 5. Probe Support Signaling Mechanisms . . . . . . . . . . . . . 11 67 5.1. Explicit Probe Support Signaling Mechanism . . . . . . . 11 68 5.2. Implicit Probe Support Signaling Mechanism . . . . . . . 11 69 6. STUN Attributes . . . . . . . . . . . . . . . . . . . . . . . 12 70 6.1. IDENTIFIERS . . . . . . . . . . . . . . . . . . . . . . . 12 71 6.2. PMTUD-SUPPORTED . . . . . . . . . . . . . . . . . . . . . 12 72 6.3. PADDING . . . . . . . . . . . . . . . . . . . . . . . . . 12 73 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 74 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 75 8.1. New STUN Methods . . . . . . . . . . . . . . . . . . . . 13 76 8.2. New STUN Attributes . . . . . . . . . . . . . . . . . . . 13 77 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 78 9.1. Normative References . . . . . . . . . . . . . . . . . . 14 79 9.2. Informative References . . . . . . . . . . . . . . . . . 14 80 Appendix A. Release Notes . . . . . . . . . . . . . . . . . . . 15 81 A.1. Modifications between draft-ietf-tram-stun-pmtud-14 and 82 draft-ietf-tram-stun-pmtud-13 . . . . . . . . . . . . . . 15 83 A.2. Modifications between draft-ietf-tram-stun-pmtud-13 and 84 draft-ietf-tram-stun-pmtud-12 . . . . . . . . . . . . . . 15 85 A.3. Modifications between draft-ietf-tram-stun-pmtud-12 and 86 draft-ietf-tram-stun-pmtud-11 . . . . . . . . . . . . . . 15 87 A.4. Modifications between draft-ietf-tram-stun-pmtud-11 and 88 draft-ietf-tram-stun-pmtud-10 . . . . . . . . . . . . . . 15 89 A.5. Modifications between draft-ietf-tram-stun-pmtud-10 and 90 draft-ietf-tram-stun-pmtud-09 . . . . . . . . . . . . . . 15 91 A.6. Modifications between draft-ietf-tram-stun-pmtud-09 and 92 draft-ietf-tram-stun-pmtud-08 . . . . . . . . . . . . . . 15 93 A.7. Modifications between draft-ietf-tram-stun-pmtud-08 and 94 draft-ietf-tram-stun-pmtud-07 . . . . . . . . . . . . . . 16 95 A.8. Modifications between draft-ietf-tram-stun-pmtud-07 and 96 draft-ietf-tram-stun-pmtud-06 . . . . . . . . . . . . . . 16 98 A.9. Modifications between draft-ietf-tram-stun-pmtud-06 and 99 draft-ietf-tram-stun-pmtud-05 . . . . . . . . . . . . . . 16 100 A.10. Modifications between draft-ietf-tram-stun-pmtud-05 and 101 draft-ietf-tram-stun-pmtud-04 . . . . . . . . . . . . . . 16 102 A.11. Modifications between draft-ietf-tram-stun-pmtud-04 and 103 draft-ietf-tram-stun-pmtud-03 . . . . . . . . . . . . . . 16 104 A.12. Modifications between draft-ietf-tram-stun-pmtud-03 and 105 draft-ietf-tram-stun-pmtud-02 . . . . . . . . . . . . . . 16 106 A.13. Modifications between draft-ietf-tram-stun-pmtud-02 and 107 draft-ietf-tram-stun-pmtud-01 . . . . . . . . . . . . . . 17 108 A.14. Modifications between draft-ietf-tram-stun-pmtud-01 and 109 draft-ietf-tram-stun-pmtud-00 . . . . . . . . . . . . . . 17 110 A.15. Modifications between draft-ietf-tram-stun-pmtud-00 and 111 draft-petithuguenin-tram-stun-pmtud-01 . . . . . . . . . 17 112 A.16. Modifications between draft-petithuguenin-tram-stun- 113 pmtud-01 and draft-petithuguenin-tram-stun-pmtud-00 . . . 17 114 A.17. Modifications between draft-petithuguenin-tram-stun- 115 pmtud-00 and draft-petithuguenin-behave-stun-pmtud-03 . . 18 116 A.18. Modifications between draft-petithuguenin-behave-stun- 117 pmtud-03 and draft-petithuguenin-behave-stun-pmtud-02 . . 18 118 A.19. Modifications between draft-petithuguenin-behave-stun- 119 pmtud-02 and draft-petithuguenin-behave-stun-pmtud-01 . . 18 120 A.20. Modifications between draft-petithuguenin-behave-stun- 121 pmtud-01 and draft-petithuguenin-behave-stun-pmtud-00 . . 18 122 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 19 123 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 125 1. Introduction 127 The Packetization Layer Path MTU Discovery (PMTUD) specification 128 [RFC4821] describes a method to discover the Path MTU but does not 129 describe a practical protocol to do so with UDP. 131 Many UDP-based protocols do not implement the Path MTU discovery 132 mechanism described in [RFC4821]. These protocols can make use of 133 the probing mechanisms described in this document instead of 134 designing their own adhoc extension. These probing mechanisms are 135 implemented with Session Traversal Utilities for NAT (STUN), but 136 their usage is not limited to STUN-based protocols. 138 The STUN usage defined in this document for Path MTU Discovery 139 (PMTUD) between a client and a server permits proper operations of 140 UDP-based applications in the network. It also simplifies 141 troubleshooting and has multiple other applications across a wide 142 variety of technologies. 144 Complementary techniques can be used to discover additional network 145 characteristics, such as the network path (using the STUN Traceroute 146 mechanism described in [I-D.martinsen-tram-stuntrace]) and bandwidth 147 availability (using the mechanism described in 148 [I-D.martinsen-tram-turnbandwidthprobe]). 150 2. Overview of Operations 152 This section is meant to be informative only and is not intended as a 153 substitute for [RFC4821]. 155 A UDP endpoint that uses this specification to discover the Path MTU 156 over UDP and knows that the endpoint it is communicating with also 157 supports this specification can choose to use either the Simple 158 Probing mechanism (as described in Section 4.1) or the Complete 159 Probing mechanism (as described in Section 4.2). The selection of 160 which Probing Mechanism to use is dependent on performance and 161 security and complexity trade-offs. 163 If the Simple Probing mechanism is chosen, then the Client initiates 164 Probe transactions, as shown in Figure 1, which decrease in size 165 until transactions succeed, indicating that the Path MTU has been 166 established. It then uses that information to update the Path MTU. 168 Client Server 169 | | 170 | Probe Request | 171 |---------------->| 172 | | 173 | Probe Response | 174 |<----------------| 175 | | 177 Figure 1: Simple Probing Example 179 If the Complete Probing mechanism (as described in Section 4.2) is 180 chosen, then the Client sends Probe Indications of various sizes (as 181 specified in [RFC4821]) interleaved with UDP packets sent by the UDP 182 protocol. The Client then sends a Report Request for the ordered 183 list of identifiers for the UDP packets and Probe Indications 184 received by the Server. The Client then compares the list returned 185 in the Report Response with its own list of identifiers for the UDP 186 packets and Probe Indications it sent. The Client then uses that 187 comparison to find which Probe Indications were dropped by the 188 network as a result of their size. It then uses that information to 189 update the Path MTU. 191 Because of the possibility of amplification attack, the Complete 192 Probing mechanism must be authenticated. Particular care must be 193 taken to prevent amplification when an external mechanism is used to 194 trigger the Complete Probing mechanism. 196 Client Server 197 | UDP Packet | 198 |------------------>| 199 | | 200 | UDP Packet | 201 |------------------>| 202 | | 203 | Probe Indication | 204 |------------------>| 205 | | 206 | UDP Packet | 207 |------------------>| 208 | | 209 | Probe Indication | 210 |------------------>| 211 | | 212 | Report Request | 213 |------------------>| 214 | Report Response | 215 |<------------------| 216 | | 218 Figure 2: Complete Probing Example 220 3. Terminology 222 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 223 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 224 "OPTIONAL" in this document are to be interpreted as described in BCP 225 14 [RFC2119][RFC8174] when, and only when, they appear in all 226 capitals, as shown here. 228 4. Probing Mechanisms 230 The Probing mechanism is used to discover the Path MTU in one 231 direction only: from the client to the server. Both endpoints MAY 232 behave as a client and a server to achieve bi-directional path 233 discovery. 235 Two Probing mechanisms are described: a Simple Probing mechanism and 236 a more complete mechanism that can converge more quickly and find an 237 appropriate Path MTU in the presence of congestion. Additionally, 238 the Simple Probing mechanism does not require authentication except 239 where used as an implicit signaling mechanism, whereas the complete 240 mechanism does. 242 Implementations supporting this specification MUST implement the 243 server side of both the Simple Probing mechanism (Section 4.1) and 244 the Complete Probing mechanism (Section 4.2). 246 Implementations supporting this specification MUST implement the 247 client side of the Complete Probing mechanism. They MAY implement 248 the client side of the Simple Probing mechanism. 250 4.1. Simple Probing Mechanism 252 The Simple Probing mechanism is implemented by sending a Probe 253 Request with a PADDING attribute over UDP with the DF bit set in the 254 IP header for IPv4 packets and IPv6 packets without the Fragment 255 Header included. A router on the path to the server can reject each 256 request with an ICMP message or drop it. 258 4.1.1. Sending a Probe Request 260 A client forms a Probe Request by using the Probe Method and 261 following the rules in Section 6.1 of [I-D.ietf-tram-stunbis]. 263 The Probe transaction MUST be authenticated if the Simple Probing 264 mechanism is used in conjunction with the Implicit Probing Support 265 mechanism described in Section 5.2. If not, the Probe transaction 266 MAY be authenticated. 268 The client adds a PADDING attribute with a length that, when added to 269 the IP and UDP headers and the other STUN components, is equal to the 270 Selected Probe Size, as defined in [RFC4821] Section 7.3. The 271 PADDING bits SHOULD be set to zero. The client MUST add the 272 FINGERPRINT attribute so the STUN messages are disambiguated from the 273 other protocol packets as specified in Section 7 of 274 [I-D.ietf-tram-stunbis]. 276 Then the client sends the Probe Request to the server over UDP with 277 the DF bit set for IPv4 packets and IPv6 packets without the Fragment 278 Header included. For the purpose of this transaction, the Rc 279 parameter specified in Section 6.2.1 of [I-D.ietf-tram-stunbis] is 280 set to 3. The initial value for RTO stays at 500 ms. 282 A client MUST NOT send a probe if it does not have knowledge that the 283 server supports this specification. This is done either by external 284 signalling or by a mechanism specific to the UDP protocol to which 285 PMTUD capabilities are added or by one of the mechanisms specified in 286 Section 5. 288 4.1.2. Receiving a Probe Request 290 A server receiving a Probe Request MUST process it as specified in 291 [I-D.ietf-tram-stunbis]. 293 The server then creates a Probe Response. The server MUST add the 294 FINGERPRINT attribute so the STUN messages are disambiguated from the 295 other protocol packets as specified in Section 7 of 296 [I-D.ietf-tram-stunbis]. The server then sends the response to the 297 client. 299 4.1.3. Receiving a Probe Response 301 A client receiving a Probe Response MUST process it as specified in 302 section 6.3.1 of [I-D.ietf-tram-stunbis] and MUST ignore the PADDING 303 attribute. If a response is received this is interpreted as a Probe 304 Success, as defined in [RFC4821] Section 7.6.1. If an ICMP packet 305 "Fragmentation needed" or "Packet Too Big" is received then this is 306 interpreted as a Probe Failure, as defined in [RFC4821] 307 Section 7.6.2. If the Probe transaction times out, then this is 308 interpreted as a Probe Inconclusive, as defined in [RFC4821] 309 Section 7.6.4. 311 4.2. Complete Probing Mechanism 313 The Complete Probing mechanism is implemented by sending one or more 314 Probe Indications with a PADDING attribute over UDP with the DF bit 315 set in the IP header for IPv4 packets and IPv6 packets without the 316 Fragment Header included followed by a Report Request to the same 317 server. A router on the path to the server can reject this 318 Indication with an ICMP message or drop it. The server keeps a 319 chronologically ordered list of identifiers for all packets received 320 (including retransmitted packets) and sends this list back to the 321 client in the Report Response. The client analyzes this list to find 322 which packets were not received. Because UDP packets do not contain 323 an identifier, the Complete Probing mechanism needs a way to identify 324 each packet received. 326 Some application layer protocols may already have a way of 327 identifying each individual UDP packet, in which case these 328 identifiers SHOULD be used in the IDENTIFIERS attribute of the Report 329 Response. While there are other possible packet identification 330 schemes, this document describes two different ways to identify a 331 specific packet when no application layer protocol-specific 332 identification mechanism is available. 334 In the first packet identification mechanism, the server computes a 335 checksum over each packet received and sends back to the sender the 336 list of checksums ordered chronologically. The client compares this 337 list to its own list of checksums. 339 In the second packet identification mechanism, the client prepends 340 the UDP data with a header that provides a sequence number. The 341 server sends back the chronologically ordered list of sequence 342 numbers received that the client then compares with its own list. 344 4.2.1. Sending a Probe Indications and Report Request 346 A client forms a Probe Indication by using the Probe Method and 347 following the rules in [I-D.ietf-tram-stunbis] Section 6.1. The 348 client adds to a Probe Indication a PADDING attribute with a size 349 that, when added to the IP and UDP headers and the other STUN 350 components, is equal to the Selected Probe Size, as defined in 351 [RFC4821] Section 7.3. The PADDING bits SHOULD be set to zero. If 352 the authentication mechanism permits it, then the Indication MUST be 353 authenticated. The client MUST add the FINGERPRINT attribute so the 354 STUN messages are disambiguated from the other protocol packets. 356 Then the client sends a Probe Indication to the server over UDP with 357 the DF bit set for IPv4 packets and IPv6 packets without the Fragment 358 Header included. 360 Then the client forms a Report Request by following the rules in 361 [I-D.ietf-tram-stunbis] Section 6.1. The Report transaction MUST be 362 authenticated to prevent amplification attacks. The client MUST add 363 the FINGERPRINT attribute so the STUN messages are disambiguated from 364 the other protocol packets. 366 Then the client waits half the RTO after sending the last Probe 367 Indication and then sends the Report Request to the server over UDP. 369 4.2.2. Receiving an ICMP Packet 371 If an ICMP packet "Fragmentation needed" or "Packet Too Big" is 372 received then this is interpreted as a Probe Failure, as defined in 373 [RFC4821] Section 7.5. 375 4.2.3. Receiving a Probe Indication and Report Request 377 A server supporting this specification will keep the identifiers of 378 all packets received in a chronologically ordered list. The packets 379 that are to be associated to a given flow's identifier are selected 380 according to Section 5.2 of [RFC4821]. The same identifier can 381 appear multiple times in the list because of retransmissions. The 382 maximum size of this list is calculated such that when the list is 383 added to the Report Response, the total size of the packet does not 384 exceed the unknown Path MTU, as defined in [I-D.ietf-tram-stunbis] 385 Section 6.1. Older identifiers are removed when new identifiers are 386 added to a list that is already full. 388 A server receiving a Report Request MUST process it as specified in 389 [I-D.ietf-tram-stunbis] and MUST ignore the PADDING attribute. 391 The server creates a Report Response and adds an IDENTIFIERS 392 attribute that contains the chronologically ordered list of all 393 identifiers received so far. The server MUST add the FINGERPRINT 394 attribute. The server then sends the response to the client. 396 The exact content of the IDENTIFIERS attribute depends on what type 397 of identifiers have been chosen for the protocol. Each protocol 398 adding PMTUD capabilities as specified by this specification MUST 399 describe the format of the contents of the IDENTIFIERS attribute, 400 unless it is using one of the formats described in this 401 specification. See Section 6.1 for details about the IDENTIFIERS 402 attribute. 404 4.2.4. Receiving a Report Response 406 A client receiving a Report Response processes it as specified in 407 [I-D.ietf-tram-stunbis]. If the response IDENTIFIERS attribute 408 contains the identifier of a Probe Indication, then this is 409 interpreted as a Probe Success for this probe, as defined in 410 [RFC4821] Section 7.5. If a Probe Indication identifier cannot be 411 found in the Report Response, this is interpreted as a Probe Failure, 412 as defined in [RFC4821] Section 7.5. If a Probe Indication 413 identifier cannot be found in the Report Response but identifiers for 414 other packets sent before or after the Probe Indication can all be 415 found, this is interpreted as a Probe Failure as defined in [RFC4821] 416 Section 7.5. If the Report Transaction times out, this is 417 interpreted as a Full-Stop Timeout, as defined in [RFC4821] 418 Section 3. 420 4.2.5. Using Checksums as Packet Identifiers 422 When using a checksum as a packet identifier, the client keeps a 423 chronologically ordered list of the packets it transmits, along with 424 an associated checksum value. For STUN Probe Indication or Request 425 packets, the associated checksum value is the FINGERPRINT value from 426 the packet; for other packets a checksum value is computed using a 427 similar algorithm to the FINGERPRINT calculation. (i.e., the CRC-32 428 calculated per the algorithm defined in [ITU.V42.2002], such as 429 subsequently been XOR'ed with 32-bit value 0x5354554e). 431 For each STUN Probe Indication or Request, the server retrieves the 432 STUN FINGERPRINT value. For all other packets, the server calculates 433 the checksum as described above. It puts these FINGERPRINT and 434 checksum values in a chronologically ordered list that is sent back 435 in the Report Response. 437 The contents of the IDENTIFIERS attribute is a list of 4 byte 438 numbers, each using the same encoding that is used for the contents 439 of the FINGERPRINT attribute. 441 It could have been possible to use the checksum generated in the UDP 442 checksum for this, but this value is generally not accessible to 443 applications. Also, sometimes the checksum is not calculated or is 444 off-loaded to network hardware. 446 4.2.6. Using Sequence Numbers as Packet Identifiers 448 When using sequence numbers, a small header similar to the TURN 449 ChannelData header, as defined in Section 11.4 of [RFC5766], is added 450 in front of all packets that are not a STUN Probe Indication or 451 Request. The sequence number is monotonically incremented by one for 452 each packet sent. The most significant bit of the sequence number is 453 always 0. The server collects the sequence number of the packets 454 sent, or the 4 first bytes of the transaction ID if a STUN Probe 455 Indication or Request is sent. In that case, the most significant 456 bit of the 4 first bytes is set to 1. 458 0 1 2 3 459 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 460 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 461 | Channel Number | Length | 462 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 463 |0| Sequence number | 464 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 465 | | 466 / Application Data / 467 / / 468 | | 469 | +-------------------------------+ 470 | | 471 +-------------------------------+ 473 The Channel Number is always 0xFFFF. The Length field specifies the 474 length in bytes of the sequence number and application data fields. 475 The header values are encoded using network order. 477 The contents of the IDENTIFIERS attribute is a chronologically 478 ordered list of 4 byte numbers, each containing either a sequence 479 number, if the packet was not a STUN Probe Indication or Request, or 480 the 4 first bytes of the transaction ID, with the most significant 481 bit forced to 1, if the packet is a STUN Probe Indication or Request. 483 5. Probe Support Signaling Mechanisms 485 The PMTUD mechanism described in this document is intended to be used 486 by any UDP-based protocols that do not have built-in PMTUD 487 capabilities, irrespective of whether those UDP-based protocols are 488 STUN-based or not. So the manner in which a specific protocol 489 discovers that it is safe to send PMTUD probes is largely dependent 490 on the details of that specific protocol, with the exception of the 491 Implicit Mechanism described below, which applies to any protocol. 493 5.1. Explicit Probe Support Signaling Mechanism 495 Some of these mechanisms can use a separate signalling mechanism (for 496 instance, an SDP attribute in an Offer/Answer exchange [RFC3264]), or 497 an optional flag that can be set in the protocol that is augmented 498 with PMTUD capabilities. STUN Usages that can benefit from PMTUD 499 capabilities can signal in-band that they support probing by 500 inserting a PMTUD-SUPPORTED attribute in some STUN methods. The 501 decision of which methods support this attribute is left to each 502 specific STUN Usage. 504 UDP-based protocols that want to use any of these mechanisms, 505 including the PMTUD-SUPPORTED attribute, to signal PMTUD capabilities 506 MUST ensure that it cannot be used to launch an amplification attack. 508 An amplification attack can be prevented using techniques such as: 510 o Authentication, where the source of the packet and the destination 511 share a secret. 513 o 3 way handshake with some form of unpredictable cookie. 515 o Make sure that the total size of the traffic potentially generated 516 is lower than the size of the request that generated it. 518 5.2. Implicit Probe Support Signaling Mechanism 520 As a result of the fact that all endpoints implementing this 521 specification are both clients and servers, a Probe Request or 522 Indication received by an endpoint acting as a server implicitly 523 signals that this server can now act as a client and MAY send a Probe 524 Request or Indication to probe the Path MTU in the reverse direction 525 toward the former client, that will now be acting as a server. 527 The Probe Request or Indication that are used to implicitly signal 528 probing support in the reverse direction MUST be authenticated to 529 prevent amplification attacks. 531 6. STUN Attributes 533 6.1. IDENTIFIERS 535 The IDENTIFIERS attribute carries a chronologically ordered list of 536 UDP packet identifiers. 538 While Section 4.2.5 and Section 4.2.6 describe two possible methods 539 for acquiring and formatting the identifiers used for this purpose, 540 ultimately each protocol has to define how these identifiers are 541 acquired and formatted. Therefore, the contents of the IDENTIFIERS 542 attribute is opaque. 544 6.2. PMTUD-SUPPORTED 546 The PMTUD-SUPPORTED attribute indicates that its sender supports this 547 mechanism, as incorporated into the STUN usage or protocol being 548 used. This attribute has no value part and thus the attribute length 549 field is 0. 551 6.3. PADDING 553 The PADDING attribute allows for the entire message to be padded to 554 force the STUN message to be divided into IP fragments. PADDING 555 consists entirely of a free-form string, the value of which does not 556 matter. PADDING can be used in either Binding Requests or Binding 557 Responses. 559 PADDING MUST NOT be longer than the length that brings the total IP 560 datagram size to 64K. It SHOULD be equal in length to the MTU of the 561 outgoing interface, rounded up to an even multiple of four bytes. 562 Because STUN messages with PADDING are intended to test the behavior 563 of UDP fragments, they are an exception to the usual rule that STUN 564 messages be less than the MTU of the path. 566 7. Security Considerations 568 The PMTUD mechanism described in this document, when used without the 569 signalling mechanism described in Section 5.1, does not introduce any 570 specific security considerations beyond those described in [RFC4821]. 572 The attacks described in Section 11 of [RFC4821] apply equally to the 573 mechanism described in this document. 575 The amplification attacks introduced by the signalling mechanism 576 described in Section 5.1 can be prevented by using one of the 577 techniques described in that section. 579 The Simple Probing mechanism may be used without authentication 580 because this usage by itself cannot trigger an amplification attack 581 as the Probe Response is smaller than the Probe Request except when 582 used in conjunction with the Implicit Probing Support Signaling 583 mechanism. 585 8. IANA Considerations 587 This specification defines two new STUN methods and two new STUN 588 attributes. 590 8.1. New STUN Methods 592 IANA is requested to add the following methods to the STUN Method 593 Registry: 595 0xXXX : Probe 597 0xXXX : Report 599 See Sections Section 4.1 and Section 4.2 for the semantics of these 600 new methods. 602 8.2. New STUN Attributes 604 IANA is requested to add the following attributes to the STUN Method 605 Registry: 607 Comprehension-required range (0x0000-0x7FFF): 608 0xXXXX: IDENTIFIERS 610 Comprehension-optional range (0x8000-0xFFFF) 611 0xXXXX: PMTUD-SUPPORTED 613 0x0026: PADDING 615 The IDENTIFIERS STUN attribute is defined in Section 6.1, the PMTUD- 616 SUPPORTED STUN attribute is defined in Section 6.2; the PADDING STUN 617 attribute is defined in Section 6.3. 619 NOTE: TO BE DELETED BEFORE PUBLICATION. PLEASE NOTE THAT THE PADDING 620 ATTRIBUTE ENTRY IS REPLACING THE ENTRY MADE BY RFC5780 621 (EXPERIMENTAL). THE SAME VALUE AND NAME ARE USED BUT THE REFERENCE 622 SHOULD BE CHANGED TO THIS STANDARDS TRACK DOCUMENT. 624 9. References 626 9.1. Normative References 628 [I-D.ietf-tram-stunbis] 629 Petit-Huguenin, M., Salgueiro, G., Rosenberg, J., Wing, 630 D., Mahy, R., and P. Matthews, "Session Traversal 631 Utilities for NAT (STUN)", draft-ietf-tram-stunbis-21 632 (work in progress), March 2019. 634 [ITU.V42.2002] 635 International Telecommunications Union, "Error-correcting 636 Procedures for DCEs Using Asynchronous-to-Synchronous 637 Conversion", ITU-T Recommendation V.42, 2002. 639 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 640 Requirement Levels", BCP 14, RFC 2119, 641 DOI 10.17487/RFC2119, March 1997, 642 . 644 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 645 Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, 646 . 648 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 649 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 650 May 2017, . 652 9.2. Informative References 654 [I-D.martinsen-tram-stuntrace] 655 Martinsen, P. and D. Wing, "STUN Traceroute", draft- 656 martinsen-tram-stuntrace-01 (work in progress), June 2015. 658 [I-D.martinsen-tram-turnbandwidthprobe] 659 Martinsen, P., Andersen, T., Salgueiro, G., and M. Petit- 660 Huguenin, "Traversal Using Relays around NAT (TURN) 661 Bandwidth Probe", draft-martinsen-tram- 662 turnbandwidthprobe-00 (work in progress), May 2015. 664 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 665 with Session Description Protocol (SDP)", RFC 3264, 666 DOI 10.17487/RFC3264, June 2002, 667 . 669 [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using 670 Relays around NAT (TURN): Relay Extensions to Session 671 Traversal Utilities for NAT (STUN)", RFC 5766, 672 DOI 10.17487/RFC5766, April 2010, 673 . 675 Appendix A. Release Notes 677 This section must be removed before publication as an RFC. 679 A.1. Modifications between draft-ietf-tram-stun-pmtud-14 and draft- 680 ietf-tram-stun-pmtud-13 682 o Modifications to address COMMENTS from IESG review 684 A.2. Modifications between draft-ietf-tram-stun-pmtud-13 and draft- 685 ietf-tram-stun-pmtud-12 687 o Modifications to address nits 689 A.3. Modifications between draft-ietf-tram-stun-pmtud-12 and draft- 690 ietf-tram-stun-pmtud-11 692 o Modifications following IESG review. Incorporated RFC5780 PADDING 693 attribute (Adam's Discuss) and added IPv6 language (Suresh's 694 Discuss). 696 A.4. Modifications between draft-ietf-tram-stun-pmtud-11 and draft- 697 ietf-tram-stun-pmtud-10 699 o Modifications following IESG review. 701 A.5. Modifications between draft-ietf-tram-stun-pmtud-10 and draft- 702 ietf-tram-stun-pmtud-09 704 o Modifications following reviews for gen-art (Roni Even) and secdir 705 (Carl Wallace). 707 A.6. Modifications between draft-ietf-tram-stun-pmtud-09 and draft- 708 ietf-tram-stun-pmtud-08 710 o Add 3 ways of preventing amplification attacks. 712 A.7. Modifications between draft-ietf-tram-stun-pmtud-08 and draft- 713 ietf-tram-stun-pmtud-07 715 o Updates following Spencer's review. 717 A.8. Modifications between draft-ietf-tram-stun-pmtud-07 and draft- 718 ietf-tram-stun-pmtud-06 720 o Updates following Shepherd review. 722 A.9. Modifications between draft-ietf-tram-stun-pmtud-06 and draft- 723 ietf-tram-stun-pmtud-05 725 o Nits. 727 o Restore missing changelog for previous version. 729 A.10. Modifications between draft-ietf-tram-stun-pmtud-05 and draft- 730 ietf-tram-stun-pmtud-04 732 o Modifications following Brandon Williams review. 734 A.11. Modifications between draft-ietf-tram-stun-pmtud-04 and draft- 735 ietf-tram-stun-pmtud-03 737 o Modifications following Simon Perreault and Brandon Williams 738 reviews. 740 A.12. Modifications between draft-ietf-tram-stun-pmtud-03 and draft- 741 ietf-tram-stun-pmtud-02 743 o Add new Overview of Operations section with ladder diagrams. 745 o Authentication is mandatory for the Complete Probing mechanism, 746 optional for the Simple Probing mechanism. 748 o All the ICE specific text moves to a separate draft to be 749 discussed in the ICE WG. 751 o The TURN usage is removed because probing between a TURN server 752 and TURN client is not useful. 754 o Any usage of PMTUD-SUPPORTED or other signaling mechanisms 755 (formerly knows as discovery mechanisms) must now be 756 authenticated. 758 o Both probing mechanisms are MTI in the server, the complete 759 probing mechanism is MTI in the client. 761 o Make clear that stopping after 3 retransmission is done by 762 changing the STUN parameter. 764 o Define the format of the attributes. 766 o Make clear that the specification is for any UDP protocol that 767 does not already have PMTUD capabilities, not just STUN based 768 protocols. 770 o Change the default delay to send the Report Request to 250 ms 771 after the last Indication if the RTO is unknown. 773 o Each usage of this specification must the format of the 774 IDENTIFIERS attribute contents. 776 o Better define the implicit signaling mechanism. 778 o Extend the Security Consideration section. 780 o Tons of nits. 782 A.13. Modifications between draft-ietf-tram-stun-pmtud-02 and draft- 783 ietf-tram-stun-pmtud-01 785 o Cleaned up references. 787 A.14. Modifications between draft-ietf-tram-stun-pmtud-01 and draft- 788 ietf-tram-stun-pmtud-00 790 o Added Security Considerations Section. 792 o Added IANA Considerations Section. 794 A.15. Modifications between draft-ietf-tram-stun-pmtud-00 and draft- 795 petithuguenin-tram-stun-pmtud-01 797 o Adopted by WG - Text unchanged. 799 A.16. Modifications between draft-petithuguenin-tram-stun-pmtud-01 and 800 draft-petithuguenin-tram-stun-pmtud-00 802 o Moved some Introduction text to the Probing Mechanism section. 804 o Added cross-reference to the other two STUN troubleshooting 805 mechanism drafts. 807 o Updated references. 809 o Added Gonzalo Salgueiro as co-author. 811 A.17. Modifications between draft-petithuguenin-tram-stun-pmtud-00 and 812 draft-petithuguenin-behave-stun-pmtud-03 814 o General refresh for republication. 816 A.18. Modifications between draft-petithuguenin-behave-stun-pmtud-03 817 and draft-petithuguenin-behave-stun-pmtud-02 819 o Changed author address. 821 o Changed the IPR to trust200902. 823 A.19. Modifications between draft-petithuguenin-behave-stun-pmtud-02 824 and draft-petithuguenin-behave-stun-pmtud-01 826 o Defined checksum and sequential numbers as possible packet 827 identifiers. 829 o Updated the reference to RFC 5389 831 o The FINGERPRINT attribute is now mandatory. 833 o Changed the delay between Probe indication and Report request to 834 be RTO/2 or 50 milliseconds. 836 o Added ICMP packet processing. 838 o Added Full-Stop Timeout detection. 840 o Stated that Binding request with PMTUD-SUPPORTED does not start 841 the PMTUD process if already started. 843 A.20. Modifications between draft-petithuguenin-behave-stun-pmtud-01 844 and draft-petithuguenin-behave-stun-pmtud-00 846 o Removed the use of modified STUN transaction but shorten the 847 retransmission for the simple probing mechanism. 849 o Added a complete probing mechanism. 851 o Removed the PADDING-RECEIVED attribute. 853 o Added release notes. 855 Acknowledgements 857 Thanks to Eilon Yardeni, Geir Sandbakken, Paal-Erik Martinsen, 858 Tirumaleswar Reddy, Ram Mohan R, Simon Perreault, Brandon Williams, 859 Tolga Asveren, Spencer Dawkins, Carl Wallace, and Roni Even for their 860 review comments, suggestions and questions that helped to improve 861 this document. 863 Special thanks to Dan Wing, who supported this document since its 864 first publication back in 2008. 866 Authors' Addresses 868 Marc Petit-Huguenin 869 Impedance Mismatch 871 Email: marc@petit-huguenin.org 873 Gonzalo Salgueiro 874 Cisco Systems, Inc. 875 7200-12 Kit Creek Road 876 Research Triangle Park, NC 27709 877 United States 879 Email: gsalguei@cisco.com 881 Felipe Garrido 882 Cisco Systems, Inc. 883 7200-12 Kit Creek Road 884 Research Triangle Park, NC 27709 885 United States 887 Email: fegarrid@cisco.com