idnits 2.17.1 draft-ietf-tram-stun-pmtud-16.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (March 2, 2020) is 1515 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'ITU.V42.2002' is defined on line 665, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.V42.2002' == Outdated reference: A later version (-22) exists of draft-ietf-tsvwg-datagram-plpmtud-12 -- Obsolete informational reference (is this intentional?): RFC 5766 (Obsoleted by RFC 8656) Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TRAM M. Petit-Huguenin 3 Internet-Draft Impedance Mismatch 4 Intended status: Standards Track G. Salgueiro 5 Expires: September 3, 2020 F. Garrido 6 Cisco 7 March 2, 2020 9 Packetization Layer Path MTU Discovery (PLMTUD) For UDP Transports Using 10 Session Traversal Utilities for NAT (STUN) 11 draft-ietf-tram-stun-pmtud-16 13 Abstract 15 The datagram exchanged between two Internet endpoints have to go 16 through a series of physical and virtual links that may have 17 different limits on the upper size of the datagram they can transmit 18 without fragmentation. Because fragmentation is considered harmful, 19 most transports and protocols are designed with a mechanism that 20 permits dynamic measurement of the maximum size of a datagram. This 21 mechanism is called Packetization Layer Path MTU Discovery (PLPMTUD). 22 But the UDP transport and some of the protocols that use UDP were 23 designed without that feature. The Session Traversal Utilities for 24 NAT (STUN) Usage described in this document permits retrofitting an 25 existing UDP-based protocol with such a feature. Similarly, a new 26 UDP-based protocol could simply reuse the mechanism described in this 27 document. 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at https://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on September 3, 2020. 46 Copyright Notice 48 Copyright (c) 2020 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (https://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 64 2. Overview of Operations . . . . . . . . . . . . . . . . . . . 4 65 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 66 4. Probing Mechanisms . . . . . . . . . . . . . . . . . . . . . 6 67 4.1. Simple Probing Mechanism . . . . . . . . . . . . . . . . 7 68 4.1.1. Sending a Probe Request . . . . . . . . . . . . . . . 7 69 4.1.2. Receiving a Probe Request . . . . . . . . . . . . . . 8 70 4.1.3. Receiving a Probe Response . . . . . . . . . . . . . 8 71 4.2. Complete Probing Mechanism . . . . . . . . . . . . . . . 8 72 4.2.1. Sending a Probe Indications and Report Request . . . 9 73 4.2.2. Receiving an ICMP Packet . . . . . . . . . . . . . . 9 74 4.2.3. Receiving a Probe Indication and Report Request . . . 9 75 4.2.4. Receiving a Report Response . . . . . . . . . . . . . 10 76 4.2.5. Using Checksums as Packet Identifiers . . . . . . . . 10 77 4.2.6. Using Sequence Numbers as Packet Identifiers . . . . 11 78 5. Probe Support Signaling Mechanisms . . . . . . . . . . . . . 12 79 5.1. Explicit Probe Support Signaling Mechanism . . . . . . . 12 80 5.2. Implicit Probe Support Signaling Mechanism . . . . . . . 13 81 6. STUN Attributes . . . . . . . . . . . . . . . . . . . . . . . 13 82 6.1. IDENTIFIERS . . . . . . . . . . . . . . . . . . . . . . . 13 83 6.2. PMTUD-SUPPORTED . . . . . . . . . . . . . . . . . . . . . 13 84 6.3. PADDING . . . . . . . . . . . . . . . . . . . . . . . . . 13 85 7. Security Considerations . . . . . . . . . . . . . . . . . . . 14 86 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 87 8.1. New STUN Methods . . . . . . . . . . . . . . . . . . . . 14 88 8.2. New STUN Attributes . . . . . . . . . . . . . . . . . . . 14 89 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 90 9.1. Normative References . . . . . . . . . . . . . . . . . . 15 91 9.2. Informative References . . . . . . . . . . . . . . . . . 16 92 Appendix A. Release Notes . . . . . . . . . . . . . . . . . . . 16 93 A.1. Modifications between draft-ietf-tram-stun-pmtud-16 and 94 draft-ietf-tram-stun-pmtud-15 . . . . . . . . . . . . . . 16 95 A.2. Modifications between draft-ietf-tram-stun-pmtud-15 and 96 draft-ietf-tram-stun-pmtud-14 . . . . . . . . . . . . . . 16 97 A.3. Modifications between draft-ietf-tram-stun-pmtud-14 and 98 draft-ietf-tram-stun-pmtud-13 . . . . . . . . . . . . . . 17 99 A.4. Modifications between draft-ietf-tram-stun-pmtud-13 and 100 draft-ietf-tram-stun-pmtud-12 . . . . . . . . . . . . . . 17 101 A.5. Modifications between draft-ietf-tram-stun-pmtud-12 and 102 draft-ietf-tram-stun-pmtud-11 . . . . . . . . . . . . . . 17 103 A.6. Modifications between draft-ietf-tram-stun-pmtud-11 and 104 draft-ietf-tram-stun-pmtud-10 . . . . . . . . . . . . . . 17 105 A.7. Modifications between draft-ietf-tram-stun-pmtud-10 and 106 draft-ietf-tram-stun-pmtud-09 . . . . . . . . . . . . . . 17 107 A.8. Modifications between draft-ietf-tram-stun-pmtud-09 and 108 draft-ietf-tram-stun-pmtud-08 . . . . . . . . . . . . . . 17 109 A.9. Modifications between draft-ietf-tram-stun-pmtud-08 and 110 draft-ietf-tram-stun-pmtud-07 . . . . . . . . . . . . . . 17 111 A.10. Modifications between draft-ietf-tram-stun-pmtud-07 and 112 draft-ietf-tram-stun-pmtud-06 . . . . . . . . . . . . . . 17 113 A.11. Modifications between draft-ietf-tram-stun-pmtud-06 and 114 draft-ietf-tram-stun-pmtud-05 . . . . . . . . . . . . . . 18 115 A.12. Modifications between draft-ietf-tram-stun-pmtud-05 and 116 draft-ietf-tram-stun-pmtud-04 . . . . . . . . . . . . . . 18 117 A.13. Modifications between draft-ietf-tram-stun-pmtud-04 and 118 draft-ietf-tram-stun-pmtud-03 . . . . . . . . . . . . . . 18 119 A.14. Modifications between draft-ietf-tram-stun-pmtud-03 and 120 draft-ietf-tram-stun-pmtud-02 . . . . . . . . . . . . . . 18 121 A.15. Modifications between draft-ietf-tram-stun-pmtud-02 and 122 draft-ietf-tram-stun-pmtud-01 . . . . . . . . . . . . . . 19 123 A.16. Modifications between draft-ietf-tram-stun-pmtud-01 and 124 draft-ietf-tram-stun-pmtud-00 . . . . . . . . . . . . . . 19 125 A.17. Modifications between draft-ietf-tram-stun-pmtud-00 and 126 draft-petithuguenin-tram-stun-pmtud-01 . . . . . . . . . 19 127 A.18. Modifications between draft-petithuguenin-tram-stun- 128 pmtud-01 and draft-petithuguenin-tram-stun-pmtud-00 . . . 19 129 A.19. Modifications between draft-petithuguenin-tram-stun- 130 pmtud-00 and draft-petithuguenin-behave-stun-pmtud-03 . . 19 131 A.20. Modifications between draft-petithuguenin-behave-stun- 132 pmtud-03 and draft-petithuguenin-behave-stun-pmtud-02 . . 20 133 A.21. Modifications between draft-petithuguenin-behave-stun- 134 pmtud-02 and draft-petithuguenin-behave-stun-pmtud-01 . . 20 135 A.22. Modifications between draft-petithuguenin-behave-stun- 136 pmtud-01 and draft-petithuguenin-behave-stun-pmtud-00 . . 20 137 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 20 138 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 140 1. Introduction 142 The Packetization Layer Path MTU Discovery (PMTUD) specification 143 [RFC4821] describes a method to discover the Path MTU, but does not 144 describe a practical protocol to do so with UDP. Many application 145 layer protocols based on the transport layer protocol UDP do not 146 implement the Path MTU discovery mechanism described in [RFC4821]. 147 These application layer protocols can make use of the probing 148 mechanisms described in this document instead of designing their own 149 adhoc extension. These probing mechanisms are implemented with 150 Session Traversal Utilities for NAT (STUN), but their usage is not 151 limited to STUN-based protocols. 153 The STUN usage defined in this document for Packetization Layer Path 154 MTU Discovery (PLPMTUD) between a client and a server permits proper 155 measurement of the Path MTU for application layer protocols based on 156 the transport layer protocol UDP in the network. It also simplifies 157 troubleshooting and has multiple other applications across a wide 158 variety of technologies. 160 Complementary techniques can be used to discover additional network 161 characteristics, such as the network path (using the STUN Traceroute 162 mechanism described in [I-D.martinsen-tram-stuntrace]) and bandwidth 163 availability (using the mechanism described in 164 [I-D.martinsen-tram-turnbandwidthprobe]). In addition, 165 [I-D.ietf-tsvwg-datagram-plpmtud] provides a robust method for Path 166 MTU Discovery for a broader range of protocols and applications. 168 2. Overview of Operations 170 This section is meant to be informative only and is not intended as a 171 substitute for [RFC4821]. 173 A UDP endpoint that uses this specification to discover the Path MTU 174 over UDP and knows that the endpoint it is communicating with also 175 supports this specification can choose to use either the Simple 176 Probing mechanism (as described in Section 4.1) or the Complete 177 Probing mechanism (as described in Section 4.2). The selection of 178 which Probing Mechanism to use is dependent on performance and 179 security and complexity trade-offs. 181 If the Simple Probing mechanism is chosen, then the client initiates 182 Probe transactions, as shown in Figure 1, which decrease in size 183 until transactions succeed, indicating that the Path MTU has been 184 discovered. It then uses that information to update the Path MTU. 186 Client Server 187 | | 188 | Probe Request | 189 |---------------->| 190 | | 191 | Probe Response | 192 |<----------------| 193 | | 195 Figure 1: Simple Probing Example 197 If the Complete Probing mechanism (as described in Section 4.2) is 198 chosen, then the client sends Probe Indications of various sizes (as 199 specified in [RFC4821]) interleaved with UDP packets sent by the UDP 200 protocol. The client then sends a Report Request for the ordered 201 list of identifiers for the UDP packets and Probe Indications 202 received by the server. The client then compares the list returned 203 in the Report Response with its own list of identifiers for the UDP 204 packets and Probe Indications it sent. The client examines the 205 received reports to determine which probes were successful. When a 206 probe succeeds with a larger size than the current PMTU, the PMTU is 207 increased. When the probes indicate the current PMTU is not 208 supported the size is decreased. This mechanism acts to detect that 209 traffic is being back holed. 211 Because of the possibility of amplification attack, the Complete 212 Probing mechanism must be authenticated as specified in Section 5.1. 213 Particular care must be taken to prevent amplification when an 214 external mechanism is used to trigger the Complete Probing mechanism. 216 Client Server 217 | UDP Packet | 218 |------------------>| 219 | | 220 | UDP Packet | 221 |------------------>| 222 | | 223 | Probe Indication | 224 |------------------>| 225 | | 226 | UDP Packet | 227 |------------------>| 228 | | 229 | Probe Indication | 230 |------------------>| 231 | | 232 | Report Request | 233 |------------------>| 234 | Report Response | 235 |<------------------| 236 | | 238 Figure 2: Complete Probing Example 240 3. Terminology 242 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 243 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 244 "OPTIONAL" in this document are to be interpreted as described in BCP 245 14 [RFC2119][RFC8174] when, and only when, they appear in all 246 capitals, as shown here. 248 4. Probing Mechanisms 250 The Probing mechanism is used to discover the Path MTU in one 251 direction only: from the client to the server. Both endpoints MAY 252 behave as a client and a server to achieve bi-directional path 253 discovery. 255 Two Probing mechanisms are described: a Simple Probing mechanism and 256 a more complete mechanism that can converge more quickly and find an 257 appropriate Path MTU in the presence of congestion. Additionally, 258 the Simple Probing mechanism does not require authentication except 259 where used as an implicit signaling mechanism, whereas the complete 260 mechanism does. 262 Implementations supporting this specification MUST implement the 263 server side of both the Simple Probing mechanism (Section 4.1) and 264 the Complete Probing mechanism (Section 4.2). 266 Implementations supporting this specification MUST implement the 267 client side of the Complete Probing mechanism. They MAY implement 268 the client side of the Simple Probing mechanism. 270 4.1. Simple Probing Mechanism 272 The Simple Probing mechanism is implemented by sending a Probe 273 Request with a PADDING attribute over UDP with the DF bit set in the 274 IP header for IPv4 packets and IPv6 packets without the Fragment 275 Header included. 277 Note: Routers can be configured to clear the DF bit or ignore the DF 278 bit which can be difficult or impossible to detect if reassembly 279 occurs prior to receiving the packet, rendering PLPMTUD inaccurate. 281 4.1.1. Sending a Probe Request 283 A client forms a Probe Request by using the Probe Method and 284 following the rules in Section 6.1 of [I-D.ietf-tram-stunbis]. 286 The Probe transaction MUST be authenticated if the Simple Probing 287 mechanism is used in conjunction with the Implicit Probing Support 288 mechanism described in Section 5.2. If not, the Probe transaction 289 MAY be authenticated. 291 The client adds a PADDING attribute with a length that, when added to 292 the IP and UDP headers and the other STUN components, is equal to the 293 Selected Probe Size, as defined in [RFC4821] Section 7.3. The 294 PADDING bits MUST be set to zero. The client MUST add the 295 FINGERPRINT attribute so the STUN messages are disambiguated from the 296 other protocol packets as specified in Section 7 of 297 [I-D.ietf-tram-stunbis]. 299 Then the client sends the Probe Request to the server over UDP with 300 the DF bit set for IPv4 packets and IPv6 packets without the Fragment 301 Header included. For the purpose of this transaction, the Rc 302 parameter is set to 3 and the initial value for RTO stays at 500 ms 303 as specified in Section 6.2.1 of [I-D.ietf-tram-stunbis] 305 A client MUST NOT send a probe if it does not have knowledge that the 306 server supports this specification. This is done either by external 307 signalling or by a mechanism specific to the UDP protocol to which 308 PMTUD capabilities are added or by one of the mechanisms specified in 309 Section 5. 311 4.1.2. Receiving a Probe Request 313 A server receiving a Probe Request MUST process it as specified in 314 [I-D.ietf-tram-stunbis]. 316 The server then creates a Probe Response. The server MUST add the 317 FINGERPRINT attribute so the STUN messages are disambiguated from the 318 other protocol packets as specified in Section 7 of 319 [I-D.ietf-tram-stunbis]. The server then sends the response to the 320 client. 322 4.1.3. Receiving a Probe Response 324 A client receiving a Probe Response MUST process it as specified in 325 section 6.3.1 of [I-D.ietf-tram-stunbis] and MUST ignore the PADDING 326 attribute. If a response is received this is interpreted as a Probe 327 Success, as defined in [RFC4821] Section 7.6.1. If an ICMP packet 328 "Fragmentation needed" or "Packet Too Big" is received then this is 329 interpreted as a Probe Failure, as defined in [RFC4821] 330 Section 7.6.2. If the Probe transaction times out, then this is 331 interpreted as a Probe Inconclusive, as defined in [RFC4821] 332 Section 7.6.4. Validation SHOULD be performed on the ICMP packet as 333 specified in [RFC8085]. 335 4.2. Complete Probing Mechanism 337 The Complete Probing mechanism is implemented by sending one or more 338 Probe Indications with a PADDING attribute over UDP with the DF bit 339 set in the IP header for IPv4 packets and IPv6 packets without the 340 Fragment Header included followed by a Report Request to the same 341 server. A router on the path to the server can reject this 342 Indication with an ICMP message or drop it. The server keeps a 343 chronologically ordered list of identifiers for all packets received 344 (including retransmitted packets) and sends this list back to the 345 client in the Report Response. The client analyzes this list to find 346 which packets were not received. Because UDP packets do not contain 347 an identifier, the Complete Probing mechanism needs a way to identify 348 each packet received. 350 Some application layer protocols may already have a way of 351 identifying each individual UDP packet, in which case these 352 identifiers SHOULD be used in the IDENTIFIERS attribute of the Report 353 Response. While there are other possible packet identification 354 schemes, this document describes two different ways to identify a 355 specific packet when no application layer protocol-specific 356 identification mechanism is available. 358 In the first packet identification mechanism, the server computes a 359 checksum over each packet received and sends back to the sender the 360 list of checksums ordered chronologically. The client compares this 361 list to its own list of checksums. 363 In the second packet identification mechanism, the client prepends 364 the UDP data with a header that provides a sequence number. The 365 server sends back the chronologically ordered list of sequence 366 numbers received that the client then compares with its own list. 368 4.2.1. Sending a Probe Indications and Report Request 370 A client forms a Probe Indication by using the Probe Method and 371 following the rules in [I-D.ietf-tram-stunbis] Section 6.1. The 372 client adds to a Probe Indication a PADDING attribute with a size 373 that, when added to the IP and UDP headers and the other STUN 374 components, is equal to the Selected Probe Size, as defined in 375 [RFC4821] Section 7.3. The PADDING bits MUST be set to zero. If the 376 authentication mechanism permits it, then the Indication MUST be 377 authenticated. The client MUST add the FINGERPRINT attribute so the 378 STUN messages are disambiguated from the other protocol packets. 380 Then the client sends a Probe Indication to the server over UDP with 381 the DF bit set for IPv4 packets and IPv6 packets without the Fragment 382 Header included. 384 Then the client forms a Report Request by following the rules in 385 [I-D.ietf-tram-stunbis] Section 6.1. The Report transaction MUST be 386 authenticated to prevent amplification attacks. The client MUST add 387 the FINGERPRINT attribute so the STUN messages are disambiguated from 388 the other protocol packets. 390 Then the client waits half the RTO after sending the last Probe 391 Indication and then sends the Report Request to the server over UDP. 393 4.2.2. Receiving an ICMP Packet 395 If an ICMP packet "Fragmentation needed" or "Packet Too Big" is 396 received then this is interpreted as a Probe Failure, as defined in 397 [RFC4821] Section 7.5. Validation SHOULD be performed on the ICMP 398 packet as specified in [RFC8085]. 400 4.2.3. Receiving a Probe Indication and Report Request 402 A server supporting this specification will keep the identifiers of 403 all packets received in a chronologically ordered list. The packets 404 that are to be associated to a given flow's identifier are selected 405 according to Section 5.2 of [RFC4821]. The same identifier can 406 appear multiple times in the list because of retransmissions. The 407 maximum size of this list is calculated such that when the list is 408 added to the Report Response, the total size of the packet does not 409 exceed the unknown Path MTU, as defined in [I-D.ietf-tram-stunbis] 410 Section 6.1. Older identifiers are removed when new identifiers are 411 added to a list that is already full. 413 A server receiving a Report Request MUST process it as specified in 414 [I-D.ietf-tram-stunbis] and MUST ignore the PADDING attribute. 416 The server creates a Report Response and adds an IDENTIFIERS 417 attribute that contains the chronologically ordered list of all 418 identifiers received so far. The server MUST add the FINGERPRINT 419 attribute. The server then sends the response to the client. 421 The exact content of the IDENTIFIERS attribute depends on what type 422 of identifiers have been chosen for the protocol. Each protocol 423 adding PMTUD capabilities as specified by this specification MUST 424 describe the format of the contents of the IDENTIFIERS attribute, 425 unless it is using one of the formats described in this 426 specification. See Section 6.1 for details about the IDENTIFIERS 427 attribute. 429 4.2.4. Receiving a Report Response 431 A client receiving a Report Response processes it as specified in 432 [I-D.ietf-tram-stunbis]. If the response IDENTIFIERS attribute 433 contains the identifier of a Probe Indication, then this is 434 interpreted as a Probe Success for this probe, as defined in 435 [RFC4821] Section 7.5. If a Probe Indication identifier cannot be 436 found in the Report Response, this is interpreted as a Probe Failure, 437 as defined in [RFC4821] Section 7.5. If a Probe Indication 438 identifier cannot be found in the Report Response but identifiers for 439 other packets sent before or after the Probe Indication can all be 440 found, this is interpreted as a Probe Failure as defined in [RFC4821] 441 Section 7.5. If the Report Transaction times out, this is 442 interpreted as a Full-Stop Timeout, as defined in [RFC4821] 443 Section 3. 445 4.2.5. Using Checksums as Packet Identifiers 447 When using a checksum as a packet identifier, the client keeps a 448 chronologically ordered list of the packets it transmits, along with 449 an associated checksum value. For STUN Probe Indication or Request 450 packets, the associated checksum value is the FINGERPRINT value from 451 the packet; for other packets a checksum value is computed. The 452 value of the checksum is computed as the CRC-32 of the UDP payload, 453 as defined by the Length field of the UDP datagram [RFC4821], XOR'ed 454 with the 32-bit value 0x5354554e. The 32-bit CRC is the one defined 455 in ITU V.42 [[ITU.V42.2002], which has a generator polynomial of x^32 456 + x^26 + x^23 + x^22 + x^16 + x^12 + x^11 + x^10 + x^8 + x^7 + x^5 + 457 x^4 + x^2 + x + 1. 459 For each STUN Probe Indication or Request, the server retrieves the 460 STUN FINGERPRINT value. For all other packets, the server calculates 461 the checksum as described above. It puts these FINGERPRINT and 462 checksum values in a chronologically ordered list that is sent back 463 in the Report Response. 465 The contents of the IDENTIFIERS attribute is a list of 4 byte 466 numbers, each using the same encoding that is used for the contents 467 of the FINGERPRINT attribute. 469 It could have been possible to use the checksum generated in the UDP 470 checksum for this, but this value is generally not accessible to 471 applications. Also, sometimes the checksum is not calculated or is 472 off-loaded to network hardware. 474 4.2.6. Using Sequence Numbers as Packet Identifiers 476 When using sequence numbers, a small header similar to the TURN 477 ChannelData header, as defined in Section 11.4 of [RFC5766], is added 478 in front of all packets that are not a STUN Probe Indication or 479 Request. The initial sequence number MUST be randomized and is 480 monotonically incremented by one for each packet sent. The most 481 significant bit of the sequence number is always 0. The server 482 collects the sequence number of the packets sent, or the 4 first 483 bytes of the transaction ID if a STUN Probe Indication or Request is 484 sent. In that case, the most significant bit of the 4 first bytes is 485 set to 1. 487 0 1 2 3 488 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 489 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 490 | Channel Number | Length | 491 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 492 |0| Sequence number | 493 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 494 | | 495 / Application Data / 496 / / 497 | | 498 | +-------------------------------+ 499 | | 500 +-------------------------------+ 501 The Channel Number is always 0xFFFF. The Length field specifies the 502 length in bytes of the sequence number and application data fields. 503 The header values are encoded using network order. 505 The contents of the IDENTIFIERS attribute is a chronologically 506 ordered list of 4 byte numbers, each containing either a sequence 507 number, if the packet was not a STUN Probe Indication or Request, or 508 the 4 first bytes of the transaction ID, with the most significant 509 bit forced to 1, if the packet is a STUN Probe Indication or Request. 511 5. Probe Support Signaling Mechanisms 513 The PMTUD mechanism described in this document is intended to be used 514 by any UDP-based protocols that do not have built-in PMTUD 515 capabilities, irrespective of whether those UDP-based protocols are 516 STUN-based or not. So the manner in which a specific protocol 517 discovers that it is safe to send PMTUD probes is largely dependent 518 on the details of that specific protocol, with the exception of the 519 Implicit Mechanism described below, which applies to any protocol. 521 5.1. Explicit Probe Support Signaling Mechanism 523 Some of these mechanisms can use a separate signalling mechanism (for 524 instance, an SDP attribute in an Offer/Answer exchange [RFC3264]), or 525 an optional flag that can be set in the protocol that is augmented 526 with PMTUD capabilities. STUN Usages that can benefit from PMTUD 527 capabilities can signal in-band that they support probing by 528 inserting a PMTUD-SUPPORTED attribute in some STUN methods. The 529 decision of which methods support this attribute is left to each 530 specific STUN Usage. 532 UDP-based protocols that want to use any of these mechanisms, 533 including the PMTUD-SUPPORTED attribute, to signal PMTUD capabilities 534 MUST ensure that it cannot be used to launch an amplification attack. 536 An amplification attack can be prevented using techniques such as: 538 o Authentication, where the source of the packet and the destination 539 share a secret. 541 o 3 way handshake with some form of unpredictable cookie. 543 o Make sure that the total size of the traffic potentially generated 544 is lower than the size of the request that generated it. 546 5.2. Implicit Probe Support Signaling Mechanism 548 As a result of the fact that all endpoints implementing this 549 specification are both clients and servers, a Probe Request or 550 Indication received by an endpoint acting as a server implicitly 551 signals that this server can now act as a client and MAY send a Probe 552 Request or Indication to probe the Path MTU in the reverse direction 553 toward the former client, that will now be acting as a server. 555 The Probe Request or Indication that are used to implicitly signal 556 probing support in the reverse direction MUST be authenticated to 557 prevent amplification attacks. 559 6. STUN Attributes 561 6.1. IDENTIFIERS 563 The IDENTIFIERS attribute carries a chronologically ordered list of 564 UDP packet identifiers. 566 While Section 4.2.5 and Section 4.2.6 describe two possible methods 567 for acquiring and formatting the identifiers used for this purpose, 568 ultimately each protocol has to define how these identifiers are 569 acquired and formatted. Therefore, the contents of the IDENTIFIERS 570 attribute is opaque. 572 6.2. PMTUD-SUPPORTED 574 The PMTUD-SUPPORTED attribute indicates that its sender supports this 575 mechanism, as incorporated into the STUN usage or protocol being 576 used. This attribute has no value part and thus the attribute length 577 field is 0. 579 6.3. PADDING 581 The PADDING attribute allows for the entire message to be padded to 582 force the STUN message to be divided into IP fragments. The PADDING 583 bits MUST be set to zero. PADDING can be used in either Binding 584 Requests or Binding Responses. 586 PADDING MUST NOT be longer than the length that brings the total IP 587 datagram size to 64K, minus the IP and UDP headers and the other STUN 588 components. It SHOULD be equal in length to the MTU of the outgoing 589 interface, rounded up to an even multiple of four bytes and SHOULD 590 ensure a probe does not result in a packet larger than the MTU fo the 591 outgoing interface. STUN messages sent with PADDING are intended to 592 test the behavior of UDP fragmentation, therefore they are an 593 exception to the usual rule that STUN messages need to be less than 594 the PMTU for the path. 596 7. Security Considerations 598 The PMTUD mechanism described in this document, when used without the 599 signalling mechanism described in Section 5.1, does not introduce any 600 specific security considerations beyond those described in [RFC4821] 601 and [I-D.ietf-tsvwg-datagram-plpmtud]. 603 The attacks described in Section 11 of [RFC4821] apply equally to the 604 mechanism described in this document. 606 The amplification attacks introduced by the signalling mechanism 607 described in Section 5.1 can be prevented by using one of the 608 techniques described in that section. 610 The Simple Probing mechanism may be used without authentication 611 because this usage by itself cannot trigger an amplification attack 612 as the Probe Response is smaller than the Probe Request except when 613 used in conjunction with the Implicit Probing Support Signaling 614 mechanism. 616 8. IANA Considerations 618 This specification defines two new STUN methods and two new STUN 619 attributes. 621 8.1. New STUN Methods 623 IANA is requested to add the following methods to the STUN Method 624 Registry: 626 0xXXX : Probe 628 0xXXX : Report 630 See Sections Section 4.1 and Section 4.2 for the semantics of these 631 new methods. 633 8.2. New STUN Attributes 635 IANA is requested to add the following attributes to the STUN Method 636 Registry: 638 Comprehension-required range (0x0000-0x7FFF): 639 0xXXXX: IDENTIFIERS 641 Comprehension-optional range (0x8000-0xFFFF) 642 0xXXXX: PMTUD-SUPPORTED 644 0x0026: PADDING 646 The IDENTIFIERS STUN attribute is defined in Section 6.1, the PMTUD- 647 SUPPORTED STUN attribute is defined in Section 6.2; the PADDING STUN 648 attribute is defined in Section 6.3. 650 NOTE: TO BE DELETED BEFORE PUBLICATION. PLEASE NOTE THAT THE PADDING 651 ATTRIBUTE ENTRY IS REPLACING THE ENTRY MADE BY RFC5780 652 (EXPERIMENTAL). THE SAME VALUE AND NAME ARE USED BUT THE REFERENCE 653 SHOULD BE CHANGED TO THIS STANDARDS TRACK DOCUMENT. 655 9. References 657 9.1. Normative References 659 [I-D.ietf-tram-stunbis] 660 Petit-Huguenin, M., Salgueiro, G., Rosenberg, J., Wing, 661 D., Mahy, R., and P. Matthews, "Session Traversal 662 Utilities for NAT (STUN)", draft-ietf-tram-stunbis-21 663 (work in progress), March 2019. 665 [ITU.V42.2002] 666 International Telecommunications Union, "Error-correcting 667 Procedures for DCEs Using Asynchronous-to-Synchronous 668 Conversion", ITU-T Recommendation V.42, 2002. 670 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 671 Requirement Levels", BCP 14, RFC 2119, 672 DOI 10.17487/RFC2119, March 1997, 673 . 675 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 676 Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, 677 . 679 [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage 680 Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, 681 March 2017, . 683 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 684 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 685 May 2017, . 687 9.2. Informative References 689 [I-D.ietf-tsvwg-datagram-plpmtud] 690 Fairhurst, G., Jones, T., Tuexen, M., Ruengeler, I., and 691 T. Voelker, "Packetization Layer Path MTU Discovery for 692 Datagram Transports", draft-ietf-tsvwg-datagram-plpmtud-12 693 (work in progress), December 2019. 695 [I-D.martinsen-tram-stuntrace] 696 Martinsen, P. and D. Wing, "STUN Traceroute", draft- 697 martinsen-tram-stuntrace-01 (work in progress), June 2015. 699 [I-D.martinsen-tram-turnbandwidthprobe] 700 Martinsen, P., Andersen, T., Salgueiro, G., and M. Petit- 701 Huguenin, "Traversal Using Relays around NAT (TURN) 702 Bandwidth Probe", draft-martinsen-tram- 703 turnbandwidthprobe-00 (work in progress), May 2015. 705 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 706 with Session Description Protocol (SDP)", RFC 3264, 707 DOI 10.17487/RFC3264, June 2002, 708 . 710 [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using 711 Relays around NAT (TURN): Relay Extensions to Session 712 Traversal Utilities for NAT (STUN)", RFC 5766, 713 DOI 10.17487/RFC5766, April 2010, 714 . 716 Appendix A. Release Notes 718 This section must be removed before publication as an RFC. 720 A.1. Modifications between draft-ietf-tram-stun-pmtud-16 and draft- 721 ietf-tram-stun-pmtud-15 723 o Modifications to address DISCUSS and COMMENT from IESG review 725 A.2. Modifications between draft-ietf-tram-stun-pmtud-15 and draft- 726 ietf-tram-stun-pmtud-14 728 o Modifications to address DISCUSS and COMMENT from IESG review 730 A.3. Modifications between draft-ietf-tram-stun-pmtud-14 and draft- 731 ietf-tram-stun-pmtud-13 733 o Modifications to address COMMENTS from IESG review 735 A.4. Modifications between draft-ietf-tram-stun-pmtud-13 and draft- 736 ietf-tram-stun-pmtud-12 738 o Modifications to address nits 740 A.5. Modifications between draft-ietf-tram-stun-pmtud-12 and draft- 741 ietf-tram-stun-pmtud-11 743 o Modifications following IESG review. Incorporated RFC5780 PADDING 744 attribute (Adam's Discuss) and added IPv6 language (Suresh's 745 Discuss). 747 A.6. Modifications between draft-ietf-tram-stun-pmtud-11 and draft- 748 ietf-tram-stun-pmtud-10 750 o Modifications following IESG review. 752 A.7. Modifications between draft-ietf-tram-stun-pmtud-10 and draft- 753 ietf-tram-stun-pmtud-09 755 o Modifications following reviews for gen-art (Roni Even) and secdir 756 (Carl Wallace). 758 A.8. Modifications between draft-ietf-tram-stun-pmtud-09 and draft- 759 ietf-tram-stun-pmtud-08 761 o Add 3 ways of preventing amplification attacks. 763 A.9. Modifications between draft-ietf-tram-stun-pmtud-08 and draft- 764 ietf-tram-stun-pmtud-07 766 o Updates following Spencer's review. 768 A.10. Modifications between draft-ietf-tram-stun-pmtud-07 and draft- 769 ietf-tram-stun-pmtud-06 771 o Updates following Shepherd review. 773 A.11. Modifications between draft-ietf-tram-stun-pmtud-06 and draft- 774 ietf-tram-stun-pmtud-05 776 o Nits. 778 o Restore missing changelog for previous version. 780 A.12. Modifications between draft-ietf-tram-stun-pmtud-05 and draft- 781 ietf-tram-stun-pmtud-04 783 o Modifications following Brandon Williams review. 785 A.13. Modifications between draft-ietf-tram-stun-pmtud-04 and draft- 786 ietf-tram-stun-pmtud-03 788 o Modifications following Simon Perreault and Brandon Williams 789 reviews. 791 A.14. Modifications between draft-ietf-tram-stun-pmtud-03 and draft- 792 ietf-tram-stun-pmtud-02 794 o Add new Overview of Operations section with ladder diagrams. 796 o Authentication is mandatory for the Complete Probing mechanism, 797 optional for the Simple Probing mechanism. 799 o All the ICE specific text moves to a separate draft to be 800 discussed in the ICE WG. 802 o The TURN usage is removed because probing between a TURN server 803 and TURN client is not useful. 805 o Any usage of PMTUD-SUPPORTED or other signaling mechanisms 806 (formerly knows as discovery mechanisms) must now be 807 authenticated. 809 o Both probing mechanisms are MTI in the server, the complete 810 probing mechanism is MTI in the client. 812 o Make clear that stopping after 3 retransmission is done by 813 changing the STUN parameter. 815 o Define the format of the attributes. 817 o Make clear that the specification is for any UDP protocol that 818 does not already have PMTUD capabilities, not just STUN based 819 protocols. 821 o Change the default delay to send the Report Request to 250 ms 822 after the last Indication if the RTO is unknown. 824 o Each usage of this specification must the format of the 825 IDENTIFIERS attribute contents. 827 o Better define the implicit signaling mechanism. 829 o Extend the Security Consideration section. 831 o Tons of nits. 833 A.15. Modifications between draft-ietf-tram-stun-pmtud-02 and draft- 834 ietf-tram-stun-pmtud-01 836 o Cleaned up references. 838 A.16. Modifications between draft-ietf-tram-stun-pmtud-01 and draft- 839 ietf-tram-stun-pmtud-00 841 o Added Security Considerations Section. 843 o Added IANA Considerations Section. 845 A.17. Modifications between draft-ietf-tram-stun-pmtud-00 and draft- 846 petithuguenin-tram-stun-pmtud-01 848 o Adopted by WG - Text unchanged. 850 A.18. Modifications between draft-petithuguenin-tram-stun-pmtud-01 and 851 draft-petithuguenin-tram-stun-pmtud-00 853 o Moved some Introduction text to the Probing Mechanism section. 855 o Added cross-reference to the other two STUN troubleshooting 856 mechanism drafts. 858 o Updated references. 860 o Added Gonzalo Salgueiro as co-author. 862 A.19. Modifications between draft-petithuguenin-tram-stun-pmtud-00 and 863 draft-petithuguenin-behave-stun-pmtud-03 865 o General refresh for republication. 867 A.20. Modifications between draft-petithuguenin-behave-stun-pmtud-03 868 and draft-petithuguenin-behave-stun-pmtud-02 870 o Changed author address. 872 o Changed the IPR to trust200902. 874 A.21. Modifications between draft-petithuguenin-behave-stun-pmtud-02 875 and draft-petithuguenin-behave-stun-pmtud-01 877 o Defined checksum and sequential numbers as possible packet 878 identifiers. 880 o Updated the reference to RFC 5389 882 o The FINGERPRINT attribute is now mandatory. 884 o Changed the delay between Probe indication and Report request to 885 be RTO/2 or 50 milliseconds. 887 o Added ICMP packet processing. 889 o Added Full-Stop Timeout detection. 891 o Stated that Binding request with PMTUD-SUPPORTED does not start 892 the PMTUD process if already started. 894 A.22. Modifications between draft-petithuguenin-behave-stun-pmtud-01 895 and draft-petithuguenin-behave-stun-pmtud-00 897 o Removed the use of modified STUN transaction but shorten the 898 retransmission for the simple probing mechanism. 900 o Added a complete probing mechanism. 902 o Removed the PADDING-RECEIVED attribute. 904 o Added release notes. 906 Acknowledgements 908 Thanks to Eilon Yardeni, Geir Sandbakken, Paal-Erik Martinsen, 909 Tirumaleswar Reddy, Ram Mohan R, Simon Perreault, Brandon Williams, 910 Tolga Asveren, Spencer Dawkins, Carl Wallace, and Roni Even for their 911 review comments, suggestions and questions that helped to improve 912 this document. 914 Special thanks to Dan Wing, who supported this document since its 915 first publication back in 2008. 917 Authors' Addresses 919 Marc Petit-Huguenin 920 Impedance Mismatch 922 Email: marc@petit-huguenin.org 924 Gonzalo Salgueiro 925 Cisco Systems, Inc. 926 7200-12 Kit Creek Road 927 Research Triangle Park, NC 27709 928 United States 930 Email: gsalguei@cisco.com 932 Felipe Garrido 933 Cisco Systems, Inc. 934 7200-12 Kit Creek Road 935 Research Triangle Park, NC 27709 936 United States 938 Email: fegarrid@cisco.com