idnits 2.17.1 draft-ietf-tram-stun-pmtud-18.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 19, 2020) is 1340 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'ITU.V42.2002' is defined on line 765, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.V42.2002' -- Obsolete informational reference (is this intentional?): RFC 5766 (Obsoleted by RFC 8656) Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TRAM M. Petit-Huguenin 3 Internet-Draft Impedance Mismatch 4 Intended status: Standards Track G. Salgueiro 5 Expires: February 20, 2021 F. Garrido 6 Cisco 7 August 19, 2020 9 Packetization Layer Path MTU Discovery (PLMTUD) For UDP Transports Using 10 Session Traversal Utilities for NAT (STUN) 11 draft-ietf-tram-stun-pmtud-18 13 Abstract 15 The datagram exchanged between two Internet endpoints have to go 16 through a series of physical and virtual links that may have 17 different limits on the upper size of the datagram they can transmit 18 without fragmentation. Because fragmentation is considered harmful, 19 most transports and protocols are designed with a mechanism that 20 permits dynamic measurement of the maximum size of a datagram. This 21 mechanism is called Packetization Layer Path MTU Discovery (PLPMTUD). 22 But the UDP transport and some of the protocols that use UDP were 23 designed without that feature. The Session Traversal Utilities for 24 NAT (STUN) Usage described in this document permits retrofitting an 25 existing UDP-based protocol with such a feature. Similarly, a new 26 UDP-based protocol could simply reuse the mechanism described in this 27 document. 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at https://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on February 20, 2021. 46 Copyright Notice 48 Copyright (c) 2020 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents 53 (https://trustee.ietf.org/license-info) in effect on the date of 54 publication of this document. Please review these documents 55 carefully, as they describe your rights and restrictions with respect 56 to this document. Code Components extracted from this document must 57 include Simplified BSD License text as described in Section 4.e of 58 the Trust Legal Provisions and are provided without warranty as 59 described in the Simplified BSD License. 61 Table of Contents 63 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 64 2. Overview of Operations . . . . . . . . . . . . . . . . . . . 4 65 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 66 4. Probing Mechanisms . . . . . . . . . . . . . . . . . . . . . 6 67 4.1. Simple Probing Mechanism . . . . . . . . . . . . . . . . 7 68 4.1.1. Sending a Probe Request . . . . . . . . . . . . . . . 7 69 4.1.2. Receiving a Probe Request . . . . . . . . . . . . . . 8 70 4.1.3. Receiving a Probe Response . . . . . . . . . . . . . 8 71 4.2. Complete Probing Mechanism . . . . . . . . . . . . . . . 8 72 4.2.1. Sending a Probe Indications and Report Request . . . 9 73 4.2.2. Receiving an ICMP Packet . . . . . . . . . . . . . . 9 74 4.2.3. Receiving a Probe Indication and Report Request . . . 9 75 4.2.4. Receiving a Report Response . . . . . . . . . . . . . 10 76 4.2.5. Using Checksums as Packet Identifiers . . . . . . . . 10 77 4.2.6. Using Sequence Numbers as Packet Identifiers . . . . 11 78 5. Probe Support Signaling Mechanisms . . . . . . . . . . . . . 12 79 5.1. Explicit Probe Support Signaling Mechanism . . . . . . . 12 80 5.2. Implicit Probe Support Signaling Mechanism . . . . . . . 12 81 6. STUN Attributes . . . . . . . . . . . . . . . . . . . . . . . 13 82 6.1. IDENTIFIERS . . . . . . . . . . . . . . . . . . . . . . . 13 83 6.2. PMTUD-SUPPORTED . . . . . . . . . . . . . . . . . . . . . 13 84 6.3. PADDING . . . . . . . . . . . . . . . . . . . . . . . . . 13 85 7. DPLPMTUD Considerations . . . . . . . . . . . . . . . . . . . 14 86 7.1. Features Required to provide Datagram PLPMTUD . . . . . . 14 87 7.2. Application Support for DPLPMTUD with UDP . . . . . . . . 15 88 8. Security Considerations . . . . . . . . . . . . . . . . . . . 15 89 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 90 9.1. New STUN Methods . . . . . . . . . . . . . . . . . . . . 16 91 9.2. New STUN Attributes . . . . . . . . . . . . . . . . . . . 16 92 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 93 10.1. Normative References . . . . . . . . . . . . . . . . . . 17 94 10.2. Informative References . . . . . . . . . . . . . . . . . 17 95 Appendix A. Release Notes . . . . . . . . . . . . . . . . . . . 18 96 A.1. Modifications between draft-ietf-tram-stun-pmtud-18 and 97 draft-ietf-tram-stun-pmtud-17 . . . . . . . . . . . . . . 18 98 A.2. Modifications between draft-ietf-tram-stun-pmtud-17 and 99 draft-ietf-tram-stun-pmtud-16 . . . . . . . . . . . . . . 18 100 A.3. Modifications between draft-ietf-tram-stun-pmtud-16 and 101 draft-ietf-tram-stun-pmtud-15 . . . . . . . . . . . . . . 18 102 A.4. Modifications between draft-ietf-tram-stun-pmtud-15 and 103 draft-ietf-tram-stun-pmtud-14 . . . . . . . . . . . . . . 18 104 A.5. Modifications between draft-ietf-tram-stun-pmtud-14 and 105 draft-ietf-tram-stun-pmtud-13 . . . . . . . . . . . . . . 19 106 A.6. Modifications between draft-ietf-tram-stun-pmtud-13 and 107 draft-ietf-tram-stun-pmtud-12 . . . . . . . . . . . . . . 19 108 A.7. Modifications between draft-ietf-tram-stun-pmtud-12 and 109 draft-ietf-tram-stun-pmtud-11 . . . . . . . . . . . . . . 19 110 A.8. Modifications between draft-ietf-tram-stun-pmtud-11 and 111 draft-ietf-tram-stun-pmtud-10 . . . . . . . . . . . . . . 19 112 A.9. Modifications between draft-ietf-tram-stun-pmtud-10 and 113 draft-ietf-tram-stun-pmtud-09 . . . . . . . . . . . . . . 19 114 A.10. Modifications between draft-ietf-tram-stun-pmtud-09 and 115 draft-ietf-tram-stun-pmtud-08 . . . . . . . . . . . . . . 19 116 A.11. Modifications between draft-ietf-tram-stun-pmtud-08 and 117 draft-ietf-tram-stun-pmtud-07 . . . . . . . . . . . . . . 19 118 A.12. Modifications between draft-ietf-tram-stun-pmtud-07 and 119 draft-ietf-tram-stun-pmtud-06 . . . . . . . . . . . . . . 19 120 A.13. Modifications between draft-ietf-tram-stun-pmtud-06 and 121 draft-ietf-tram-stun-pmtud-05 . . . . . . . . . . . . . . 20 122 A.14. Modifications between draft-ietf-tram-stun-pmtud-05 and 123 draft-ietf-tram-stun-pmtud-04 . . . . . . . . . . . . . . 20 124 A.15. Modifications between draft-ietf-tram-stun-pmtud-04 and 125 draft-ietf-tram-stun-pmtud-03 . . . . . . . . . . . . . . 20 126 A.16. Modifications between draft-ietf-tram-stun-pmtud-03 and 127 draft-ietf-tram-stun-pmtud-02 . . . . . . . . . . . . . . 20 128 A.17. Modifications between draft-ietf-tram-stun-pmtud-02 and 129 draft-ietf-tram-stun-pmtud-01 . . . . . . . . . . . . . . 21 130 A.18. Modifications between draft-ietf-tram-stun-pmtud-01 and 131 draft-ietf-tram-stun-pmtud-00 . . . . . . . . . . . . . . 21 132 A.19. Modifications between draft-ietf-tram-stun-pmtud-00 and 133 draft-petithuguenin-tram-stun-pmtud-01 . . . . . . . . . 21 134 A.20. Modifications between draft-petithuguenin-tram-stun- 135 pmtud-01 and draft-petithuguenin-tram-stun-pmtud-00 . . . 21 136 A.21. Modifications between draft-petithuguenin-tram-stun- 137 pmtud-00 and draft-petithuguenin-behave-stun-pmtud-03 . . 21 138 A.22. Modifications between draft-petithuguenin-behave-stun- 139 pmtud-03 and draft-petithuguenin-behave-stun-pmtud-02 . . 22 140 A.23. Modifications between draft-petithuguenin-behave-stun- 141 pmtud-02 and draft-petithuguenin-behave-stun-pmtud-01 . . 22 143 A.24. Modifications between draft-petithuguenin-behave-stun- 144 pmtud-01 and draft-petithuguenin-behave-stun-pmtud-00 . . 22 145 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 22 146 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23 148 1. Introduction 150 The Packetization Layer Path MTU Discovery (PMTUD) specification 151 [RFC4821] describes a method to discover the Path MTU, but does not 152 describe a practical protocol to do so with UDP. Many application 153 layer protocols based on the transport layer protocol UDP do not 154 implement the Path MTU discovery mechanism described in [RFC4821]. 155 These application layer protocols can make use of the probing 156 mechanisms described in this document instead of designing their own 157 adhoc extension. These probing mechanisms are implemented with 158 Session Traversal Utilities for NAT (STUN), but their usage is not 159 limited to STUN-based protocols. 161 The STUN usage defined in this document for Packetization Layer Path 162 MTU Discovery (PLPMTUD) between a client and a server permits proper 163 measurement of the Path MTU for application layer protocols based on 164 the transport layer protocol UDP in the network. It also simplifies 165 troubleshooting and has multiple other applications across a wide 166 variety of technologies. 168 Complementary techniques can be used to discover additional network 169 characteristics, such as the network path (using the STUN Traceroute 170 mechanism described in [I-D.martinsen-tram-stuntrace]) and bandwidth 171 availability (using the mechanism described in 172 [I-D.martinsen-tram-turnbandwidthprobe]). In addition, 173 [I-D.ietf-tsvwg-datagram-plpmtud] provides a robust method for Path 174 MTU Discovery for a broader range of protocols and applications. 176 2. Overview of Operations 178 This section is meant to be informative only and is not intended as a 179 substitute for [RFC4821]. 181 A UDP endpoint that uses this specification to discover the Path MTU 182 over UDP and knows that the endpoint it is communicating with also 183 supports this specification can choose to use either the Simple 184 Probing mechanism (as described in Section 4.1) or the Complete 185 Probing mechanism (as described in Section 4.2). The selection of 186 which Probing Mechanism to use is dependent on performance and 187 security and complexity trade-offs. 189 If the Simple Probing mechanism is chosen, then the client initiates 190 Probe transactions, as shown in Figure 1, which decrease in size 191 until transactions succeed, indicating that the Path MTU has been 192 discovered. It then uses that information to update the Path MTU. 194 Client Server 195 | | 196 | Probe Request | 197 |---------------->| 198 | | 199 | Probe Response | 200 |<----------------| 201 | | 203 Figure 1: Simple Probing Example 205 If the Complete Probing mechanism (as described in Section 4.2) is 206 chosen, then the client sends Probe Indications of various sizes (as 207 specified in [RFC4821]) interleaved with UDP packets sent by the UDP 208 protocol. The client then sends a Report Request for the ordered 209 list of identifiers for the UDP packets and Probe Indications 210 received by the server. The client then compares the list returned 211 in the Report Response with its own list of identifiers for the UDP 212 packets and Probe Indications it sent. The client examines the 213 received reports to determine which probes were successful. When a 214 probe succeeds with a larger size than the current PMTU, the PMTU is 215 increased. When the probes indicate the current PMTU is not 216 supported the size is decreased. This mechanism acts to detect that 217 traffic is being back holed. 219 Because of the possibility of amplification attack, the Complete 220 Probing mechanism must be authenticated as specified in Section 5.1. 221 Particular care must be taken to prevent amplification when an 222 external mechanism is used to trigger the Complete Probing mechanism. 224 Client Server 225 | UDP Packet | 226 |------------------>| 227 | | 228 | UDP Packet | 229 |------------------>| 230 | | 231 | Probe Indication | 232 |------------------>| 233 | | 234 | UDP Packet | 235 |------------------>| 236 | | 237 | Probe Indication | 238 |------------------>| 239 | | 240 | Report Request | 241 |------------------>| 242 | Report Response | 243 |<------------------| 244 | | 246 Figure 2: Complete Probing Example 248 3. Terminology 250 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 251 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 252 "OPTIONAL" in this document are to be interpreted as described in BCP 253 14 [RFC2119][RFC8174] when, and only when, they appear in all 254 capitals, as shown here. 256 4. Probing Mechanisms 258 The Probing mechanism is used to discover the Path MTU in one 259 direction only: from the client to the server. Both endpoints MAY 260 behave as a client and a server to achieve bi-directional path 261 discovery. 263 Two Probing mechanisms are described: a Simple Probing mechanism and 264 a more complete mechanism that can converge more quickly and find an 265 appropriate Path MTU in the presence of congestion. Additionally, 266 the Simple Probing mechanism does not require authentication except 267 where used as an implicit signaling mechanism, whereas the complete 268 mechanism does. 270 Implementations supporting this specification MUST implement the 271 server side of both the Simple Probing mechanism (Section 4.1) and 272 the Complete Probing mechanism (Section 4.2). 274 Implementations supporting this specification MUST implement the 275 client side of the Complete Probing mechanism. They MAY implement 276 the client side of the Simple Probing mechanism. 278 4.1. Simple Probing Mechanism 280 The Simple Probing mechanism is implemented by sending a Probe 281 Request with a PADDING attribute over UDP with the DF bit set in the 282 IP header for IPv4 packets and IPv6 packets without the Fragment 283 Header included. 285 Note: Routers might be configured to clear the DF bit or ignore the 286 DF bit which can be difficult or impossible to detect if reassembly 287 occurs prior to receiving the packet. 289 4.1.1. Sending a Probe Request 291 A client forms a Probe Request by using the Probe Method and 292 following the rules in Section 6.1 of [I-D.ietf-tram-stunbis]. 294 The Probe transaction MUST be authenticated if the Simple Probing 295 mechanism is used in conjunction with the Implicit Probing Support 296 mechanism described in Section 5.2. If not, the Probe transaction 297 MAY be authenticated. 299 The client adds a PADDING attribute with a length that, when added to 300 the IP and UDP headers and the other STUN components, is equal to the 301 Selected Probe Size, as defined in [RFC4821] Section 7.3. The 302 PADDING bits MUST be set to zero. The client MUST add the 303 FINGERPRINT attribute so the STUN messages are disambiguated from the 304 other protocol packets as specified in Section 7 of 305 [I-D.ietf-tram-stunbis]. 307 Then the client sends the Probe Request to the server over UDP with 308 the DF bit set for IPv4 packets and IPv6 packets without the Fragment 309 Header included. For the purpose of this transaction, the Rc 310 parameter is set to 3 and the initial value for RTO stays at 500 ms 311 as specified in Section 6.2.1 of [I-D.ietf-tram-stunbis] 313 A client MUST NOT send a probe if it does not have knowledge that the 314 server supports this specification. This is done either by external 315 signalling or by a mechanism specific to the UDP protocol to which 316 PMTUD capabilities are added or by one of the mechanisms specified in 317 Section 5. 319 4.1.2. Receiving a Probe Request 321 A server receiving a Probe Request MUST process it as specified in 322 [I-D.ietf-tram-stunbis]. 324 The server then creates a Probe Response. The server MUST add the 325 FINGERPRINT attribute so the STUN messages are disambiguated from the 326 other protocol packets as specified in Section 7 of 327 [I-D.ietf-tram-stunbis]. The server then sends the response to the 328 client. 330 4.1.3. Receiving a Probe Response 332 A client receiving a Probe Response MUST process it as specified in 333 section 6.3.1 of [I-D.ietf-tram-stunbis] and MUST ignore the PADDING 334 attribute. If a response is received this is interpreted as a Probe 335 Success, as defined in [RFC4821] Section 7.6.1. If an ICMP packet 336 "Fragmentation needed" or "Packet Too Big" is received then this is 337 interpreted as a Probe Failure, as defined in [RFC4821] 338 Section 7.6.2. If the Probe transaction times out, then this is 339 interpreted as a Probe Inconclusive, as defined in [RFC4821] 340 Section 7.6.4. Validation MUST be performed on the ICMP packet as 341 specified in [I-D.ietf-tsvwg-datagram-plpmtud]. 343 4.2. Complete Probing Mechanism 345 The Complete Probing mechanism is implemented by sending one or more 346 Probe Indications with a PADDING attribute over UDP with the DF bit 347 set in the IP header for IPv4 packets and IPv6 packets without the 348 Fragment Header included followed by a Report Request to the same 349 server. A router on the path to the server can reject this 350 Indication with an ICMP message or drop it. The server keeps a 351 chronologically ordered list of identifiers for all packets received 352 (including retransmitted packets) and sends this list back to the 353 client in the Report Response. The client analyzes this list to find 354 which packets were not received. Because UDP packets do not contain 355 an identifier, the Complete Probing mechanism needs a way to identify 356 each packet received. 358 Some application layer protocols may already have a way of 359 identifying each individual UDP packet, in which case these 360 identifiers SHOULD be used in the IDENTIFIERS attribute of the Report 361 Response. While there are other possible packet identification 362 schemes, this document describes two different ways to identify a 363 specific packet when no application layer protocol-specific 364 identification mechanism is available. 366 In the first packet identification mechanism, the server computes a 367 checksum over each packet received and sends back to the sender the 368 list of checksums ordered chronologically. The client compares this 369 list to its own list of checksums. 371 In the second packet identification mechanism, the client prepends 372 the UDP data with a header that provides a sequence number. The 373 server sends back the chronologically ordered list of sequence 374 numbers received that the client then compares with its own list. 376 4.2.1. Sending a Probe Indications and Report Request 378 A client forms a Probe Indication by using the Probe Method and 379 following the rules in [I-D.ietf-tram-stunbis] Section 6.1. The 380 client adds to a Probe Indication a PADDING attribute with a size 381 that, when added to the IP and UDP headers and the other STUN 382 components, is equal to the Selected Probe Size, as defined in 383 [RFC4821] Section 7.3. The PADDING bits MUST be set to zero. If the 384 authentication mechanism permits it, then the Indication MUST be 385 authenticated. The client MUST add the FINGERPRINT attribute so the 386 STUN messages are disambiguated from the other protocol packets. 388 Then the client sends a Probe Indication to the server over UDP with 389 the DF bit set for IPv4 packets and IPv6 packets without the Fragment 390 Header included. 392 Then the client forms a Report Request by following the rules in 393 [I-D.ietf-tram-stunbis] Section 6.1. The Report transaction MUST be 394 authenticated to prevent amplification attacks. The client MUST add 395 the FINGERPRINT attribute so the STUN messages are disambiguated from 396 the other protocol packets. 398 Then the client waits half the RTO after sending the last Probe 399 Indication and then sends the Report Request to the server over UDP. 401 4.2.2. Receiving an ICMP Packet 403 If an ICMP packet "Fragmentation needed" or "Packet Too Big" is 404 received then this is interpreted as a Probe Failure, as defined in 405 [RFC4821] Section 7.5. Validation MUST be performed on the ICMP 406 packet as specified in [I-D.ietf-tsvwg-datagram-plpmtud]. 408 4.2.3. Receiving a Probe Indication and Report Request 410 A server supporting this specification will keep the identifiers of 411 all packets received in a chronologically ordered list. The packets 412 that are to be associated to a given flow's identifier are selected 413 according to Section 5.2 of [RFC4821]. The same identifier can 414 appear multiple times in the list because of retransmissions. The 415 maximum size of this list is calculated such that when the list is 416 added to the Report Response, the total size of the packet does not 417 exceed the unknown Path MTU, as defined in [I-D.ietf-tram-stunbis] 418 Section 6.1. Older identifiers are removed when new identifiers are 419 added to a list that is already full. 421 A server receiving a Report Request MUST process it as specified in 422 [I-D.ietf-tram-stunbis] and MUST ignore the PADDING attribute. 424 The server creates a Report Response and adds an IDENTIFIERS 425 attribute that contains the chronologically ordered list of all 426 identifiers received so far. The server MUST add the FINGERPRINT 427 attribute. The server then sends the response to the client. 429 The exact content of the IDENTIFIERS attribute depends on what type 430 of identifiers have been chosen for the protocol. Each protocol 431 adding PMTUD capabilities as specified by this specification MUST 432 describe the format of the contents of the IDENTIFIERS attribute, 433 unless it is using one of the formats described in this 434 specification. See Section 6.1 for details about the IDENTIFIERS 435 attribute. 437 4.2.4. Receiving a Report Response 439 A client receiving a Report Response processes it as specified in 440 [I-D.ietf-tram-stunbis]. If the response IDENTIFIERS attribute 441 contains the identifier of a Probe Indication, then this is 442 interpreted as a Probe Success for this probe, as defined in 443 [RFC4821] Section 7.5. If a Probe Indication identifier cannot be 444 found in the Report Response, this is interpreted as a Probe Failure, 445 as defined in [RFC4821] Section 7.5. If a Probe Indication 446 identifier cannot be found in the Report Response but identifiers for 447 other packets sent before or after the Probe Indication can all be 448 found, this is interpreted as a Probe Failure as defined in [RFC4821] 449 Section 7.5. If the Report Transaction times out, this is 450 interpreted as a Full-Stop Timeout, as defined in [RFC4821] 451 Section 3. 453 4.2.5. Using Checksums as Packet Identifiers 455 When using a checksum as a packet identifier, the client keeps a 456 chronologically ordered list of the packets it transmits, along with 457 an associated checksum value. For STUN Probe Indication or Request 458 packets, the associated checksum value is the FINGERPRINT value from 459 the packet; for other packets a checksum value is computed. The 460 value of the checksum is computed as the CRC-32 of the UDP payload, 461 as defined by the Length field of the UDP datagram [RFC4821], XOR'ed 462 with the 32-bit value 0x5354554e. The 32-bit CRC is the one defined 463 in ITU V.42 [[ITU.V42.2002], which has a generator polynomial of x^32 464 + x^26 + x^23 + x^22 + x^16 + x^12 + x^11 + x^10 + x^8 + x^7 + x^5 + 465 x^4 + x^2 + x + 1. 467 For each STUN Probe Indication or Request, the server retrieves the 468 STUN FINGERPRINT value. For all other packets, the server calculates 469 the checksum as described above. It puts these FINGERPRINT and 470 checksum values in a chronologically ordered list that is sent back 471 in the Report Response. 473 The contents of the IDENTIFIERS attribute is a list of 4 byte 474 numbers, each using the same encoding that is used for the contents 475 of the FINGERPRINT attribute. 477 4.2.6. Using Sequence Numbers as Packet Identifiers 479 When using sequence numbers, a small header similar to the TURN 480 ChannelData header, as defined in Section 11.4 of [RFC5766], is added 481 in front of all packets that are not a STUN Probe Indication or 482 Request. The initial sequence number MUST be randomized and is 483 monotonically incremented by one for each packet sent. The most 484 significant bit of the sequence number is always 0. The server 485 collects the sequence number of the packets sent, or the 4 first 486 bytes of the transaction ID if a STUN Probe Indication or Request is 487 sent. In that case, the most significant bit of the 4 first bytes is 488 set to 1. 490 0 1 2 3 491 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 492 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 493 | Channel Number | Length | 494 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 495 |0| Sequence number | 496 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 497 | | 498 / Application Data / 499 / / 500 | | 501 | +-------------------------------+ 502 | | 503 +-------------------------------+ 505 The Channel Number is always 0xFFFF. The Length field specifies the 506 length in bytes of the sequence number and application data fields. 507 The header values are encoded using network order. 509 The contents of the IDENTIFIERS attribute is a chronologically 510 ordered list of 4 byte numbers, each containing either a sequence 511 number, if the packet was not a STUN Probe Indication or Request, or 512 the 4 first bytes of the transaction ID, with the most significant 513 bit forced to 1, if the packet is a STUN Probe Indication or Request. 515 5. Probe Support Signaling Mechanisms 517 The PMTUD mechanism described in this document is intended to be used 518 by any UDP-based protocols that do not have built-in PMTUD 519 capabilities, irrespective of whether those UDP-based protocols are 520 STUN-based or not. So the manner in which a specific protocol 521 discovers that it is safe to send PMTUD probes is largely dependent 522 on the details of that specific protocol, with the exception of the 523 Implicit Mechanism described below, which applies to any protocol. 525 5.1. Explicit Probe Support Signaling Mechanism 527 Some of these mechanisms can use a separate signalling mechanism (for 528 instance, an SDP attribute in an Offer/Answer exchange [RFC3264]), or 529 an optional flag that can be set in the protocol that is augmented 530 with PMTUD capabilities. STUN Usages that can benefit from PMTUD 531 capabilities can signal in-band that they support probing by 532 inserting a PMTUD-SUPPORTED attribute in some STUN methods. The 533 decision of which methods support this attribute is left to each 534 specific STUN Usage. 536 UDP-based protocols that want to use any of these mechanisms, 537 including the PMTUD-SUPPORTED attribute, to signal PMTUD capabilities 538 MUST ensure that it cannot be used to launch an amplification attack. 540 An amplification attack can be prevented using techniques such as: 542 o Authentication, where the source of the packet and the destination 543 share a secret. 545 o 3 way handshake with some form of unpredictable cookie. 547 o Make sure that the total size of the traffic potentially generated 548 is lower than the size of the request that generated it. 550 5.2. Implicit Probe Support Signaling Mechanism 552 As a result of the fact that all endpoints implementing this 553 specification are both clients and servers, a Probe Request or 554 Indication received by an endpoint acting as a server implicitly 555 signals that this server can now act as a client and MAY send a Probe 556 Request or Indication to probe the Path MTU in the reverse direction 557 toward the former client, that will now be acting as a server. 559 The Probe Request or Indication that are used to implicitly signal 560 probing support in the reverse direction MUST be authenticated to 561 prevent amplification attacks. 563 6. STUN Attributes 565 6.1. IDENTIFIERS 567 The IDENTIFIERS attribute carries a chronologically ordered list of 568 UDP packet identifiers. 570 While Section 4.2.5 and Section 4.2.6 describe two possible methods 571 for acquiring and formatting the identifiers used for this purpose, 572 ultimately each protocol has to define how these identifiers are 573 acquired and formatted. Therefore, the contents of the IDENTIFIERS 574 attribute is opaque. 576 6.2. PMTUD-SUPPORTED 578 The PMTUD-SUPPORTED attribute indicates that its sender supports this 579 mechanism, as incorporated into the STUN usage or protocol being 580 used. This attribute has no value part and thus the attribute length 581 field is 0. 583 6.3. PADDING 585 The PADDING attribute allows for the entire message to be padded to 586 force the STUN message to be divided into IP fragments. The PADDING 587 bits MUST be set to zero. PADDING can be used in either Binding 588 Requests or Binding Responses. 590 PADDING MUST NOT be longer than the length that brings the total IP 591 datagram size to 64K, minus the IP and UDP headers and the other STUN 592 components. It SHOULD be equal in length to the MTU of the outgoing 593 interface, rounded up to an even multiple of four bytes and SHOULD 594 ensure a probe does not result in a packet larger than the MTU fo the 595 outgoing interface. STUN messages sent with PADDING are intended to 596 test the behavior of UDP fragmentation, therefore they are an 597 exception to the usual rule that STUN messages need to be less than 598 the PMTU for the path. 600 7. DPLPMTUD Considerations 602 This section specifies how the PMTUD mechanism described in this 603 document conforms to Sections 3 and 6.1 of 604 [I-D.ietf-tsvwg-datagram-plpmtud] and indicates where each 605 requirement is addressed. 607 7.1. Features Required to provide Datagram PLPMTUD 609 This section covers Section 3 of [I-D.ietf-tsvwg-datagram-plpmtud] 610 and refers back to sections in this document covering each of the 611 feature requirements. 613 1. Managing the PLMPTU: This requirement is fulfilled by the Simple 614 probing and Complete probing mechanisms as discussed in Section 2, 615 Section 4.1 and Section 4.2 of this document. 617 2. Probe packets: This requirement is fulfilled by including a 618 PADDING attribute which indicates that the DF bit is set in the IP 619 header for IPv4 packets and not including the Don't Fragment header 620 in IPv6 packets as discussed in Section 4.1 and Section 4.2 of this 621 document. 623 3. Reception feedback: This requirement fulfilled by the Probe 624 Response and Report Response in Section 2 of this document. 626 4. Probe loss recovery: This requirement is fulfilled by requiring 627 that the PADDING bits MUST be set to zero as discussed in 628 Section 4.1.1 and Section 4.2.1 of this document. No retransmission 629 is required as there is no user data is being transmitted in the 630 probe. 632 5. PMTU parameters: This requirement is fulfilled by setting the 633 Selected Probe Size as defined in [RFC4821] and discussed in 634 Section 4.1 and Section 4.2 of this document. 636 6. Processing PTB messages: This requirement is fulfilled by the 637 Probe Response and Report Response in Section 4.1.3 and Section 4.2.2 638 of this document. 640 7. Probing and congestion control: This requirement is fulfilled by 641 the Probe Request and Probe Indication discussed in Section 4.1.1 and 642 Section 4.2.1 of this document. It conforms to Section 6.2.1 of 643 [I-D.ietf-tram-stunbis]. 645 8. Probing and flow control: This requirement is out of scope and is 646 not discussed in this document. 648 9. Shared PLPMTU state: This requirement is out of scope and is not 649 discussed in this document. 651 Datagram reordering: This requirement is fulfilled by the Report 652 Response in Section 4.2 of this document. 654 Datagram delay and duplication: his requirement is fulfilled by the 655 Report Response in Section 4.2 of this document. 657 When to probe: This requirement is discussed in Section 2 of this 658 document. 660 7.2. Application Support for DPLPMTUD with UDP 662 This section covers Section 6.1 of [I-D.ietf-tsvwg-datagram-plpmtud] 663 and refers back to which sections in this document covering each of 664 the feature requirements. 666 6.1.1 Application Request: This requirement is fulfilled by the 667 Simple probing and Complete probing mechanisms as discussed in 668 Section 2, Section 4.1 and Section 4.2 of this document. 670 6.1.2 Application Response: This requirement is fulfilled by the 671 Simple probing and Complete probing mechanisms as discussed in 672 Section 4.1 and Section 4.2 of this document. 674 6.1.3 Sending Application Probe Packets: This requirement is 675 fulfilled by requiring that the PADDING bits MUST be set to zero as 676 discussed in Section 4.1.1 and Section 4.2.1 of this document. 678 6.1.4 Initial Connectivity: This requirement is fulfilled by the 679 Implicit and Explicit Probe Support Signaling mechanisms as discussed 680 Section 5 of this document. 682 6.1.5 Validating the Path: This requirement is fulfilled by the 683 Report Request and Report Response mechanisms as discussed in 684 Section 4.2 of this document. 686 6.1.6 Handling of PTB Messages: This requirement is fulfilled by the 687 Probe Response and Report Response in Section 4.1.3 and Section 4.2.2 688 of this document. 690 8. Security Considerations 692 The PMTUD mechanism described in this document, when used without the 693 signalling mechanism described in Section 5.1, does not introduce any 694 specific security considerations beyond those described in [RFC4821] 695 and [I-D.ietf-tsvwg-datagram-plpmtud]. 697 The attacks described in Section 11 of [RFC4821] apply equally to the 698 mechanism described in this document. 700 The amplification attacks introduced by the signalling mechanism 701 described in Section 5.1 can be prevented by using one of the 702 techniques described in that section. 704 The Simple Probing mechanism may be used without authentication 705 because this usage by itself cannot trigger an amplification attack 706 as the Probe Response is smaller than the Probe Request except when 707 used in conjunction with the Implicit Probing Support Signaling 708 mechanism. 710 9. IANA Considerations 712 This specification defines two new STUN methods and two new STUN 713 attributes. 715 9.1. New STUN Methods 717 IANA is requested to add the following methods to the STUN Method 718 Registry: 720 0xXXX : Probe 722 0xXXX : Report 724 See Sections Section 4.1 and Section 4.2 for the semantics of these 725 new methods. 727 9.2. New STUN Attributes 729 IANA is requested to add the following attributes to the STUN Method 730 Registry: 732 Comprehension-required range (0x0000-0x7FFF): 733 0xXXXX: IDENTIFIERS 735 Comprehension-optional range (0x8000-0xFFFF) 736 0xXXXX: PMTUD-SUPPORTED 738 0x0026: PADDING 740 The IDENTIFIERS STUN attribute is defined in Section 6.1, the PMTUD- 741 SUPPORTED STUN attribute is defined in Section 6.2; the PADDING STUN 742 attribute is defined in Section 6.3. 744 NOTE: TO BE DELETED BEFORE PUBLICATION. PLEASE NOTE THAT THE PADDING 745 ATTRIBUTE ENTRY IS REPLACING THE ENTRY MADE BY RFC5780 746 (EXPERIMENTAL). THE SAME VALUE AND NAME ARE USED BUT THE REFERENCE 747 SHOULD BE CHANGED TO THIS STANDARDS TRACK DOCUMENT. 749 10. References 751 10.1. Normative References 753 [I-D.ietf-tram-stunbis] 754 Petit-Huguenin, M., Salgueiro, G., Rosenberg, J., Wing, 755 D., Mahy, R., and P. Matthews, "Session Traversal 756 Utilities for NAT (STUN)", draft-ietf-tram-stunbis-21 757 (work in progress), March 2019. 759 [I-D.ietf-tsvwg-datagram-plpmtud] 760 Fairhurst, G., Jones, T., Tuexen, M., Ruengeler, I., and 761 T. Voelker, "Packetization Layer Path MTU Discovery for 762 Datagram Transports", draft-ietf-tsvwg-datagram-plpmtud-22 763 (work in progress), December 2019. 765 [ITU.V42.2002] 766 International Telecommunications Union, "Error-correcting 767 Procedures for DCEs Using Asynchronous-to-Synchronous 768 Conversion", ITU-T Recommendation V.42, 2002. 770 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 771 Requirement Levels", BCP 14, RFC 2119, 772 DOI 10.17487/RFC2119, March 1997, 773 . 775 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 776 Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, 777 . 779 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 780 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 781 May 2017, . 783 10.2. Informative References 785 [I-D.martinsen-tram-stuntrace] 786 Martinsen, P. and D. Wing, "STUN Traceroute", draft- 787 martinsen-tram-stuntrace-01 (work in progress), June 2015. 789 [I-D.martinsen-tram-turnbandwidthprobe] 790 Martinsen, P., Andersen, T., Salgueiro, G., and M. Petit- 791 Huguenin, "Traversal Using Relays around NAT (TURN) 792 Bandwidth Probe", draft-martinsen-tram- 793 turnbandwidthprobe-00 (work in progress), May 2015. 795 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 796 with Session Description Protocol (SDP)", RFC 3264, 797 DOI 10.17487/RFC3264, June 2002, 798 . 800 [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using 801 Relays around NAT (TURN): Relay Extensions to Session 802 Traversal Utilities for NAT (STUN)", RFC 5766, 803 DOI 10.17487/RFC5766, April 2010, 804 . 806 Appendix A. Release Notes 808 This section must be removed before publication as an RFC. 810 A.1. Modifications between draft-ietf-tram-stun-pmtud-18 and draft- 811 ietf-tram-stun-pmtud-17 813 o Modifications to address DISCUSS and COMMENT from IESG review. 814 updated section 7. 816 A.2. Modifications between draft-ietf-tram-stun-pmtud-17 and draft- 817 ietf-tram-stun-pmtud-16 819 o Modifications to address DISCUSS and COMMENT from IESG review. 820 Added section 7. 822 A.3. Modifications between draft-ietf-tram-stun-pmtud-16 and draft- 823 ietf-tram-stun-pmtud-15 825 o Modifications to address DISCUSS and COMMENT from IESG review 827 A.4. Modifications between draft-ietf-tram-stun-pmtud-15 and draft- 828 ietf-tram-stun-pmtud-14 830 o Modifications to address DISCUSS and COMMENT from IESG review 832 A.5. Modifications between draft-ietf-tram-stun-pmtud-14 and draft- 833 ietf-tram-stun-pmtud-13 835 o Modifications to address COMMENTS from IESG review 837 A.6. Modifications between draft-ietf-tram-stun-pmtud-13 and draft- 838 ietf-tram-stun-pmtud-12 840 o Modifications to address nits 842 A.7. Modifications between draft-ietf-tram-stun-pmtud-12 and draft- 843 ietf-tram-stun-pmtud-11 845 o Modifications following IESG review. Incorporated RFC5780 PADDING 846 attribute (Adam's Discuss) and added IPv6 language (Suresh's 847 Discuss). 849 A.8. Modifications between draft-ietf-tram-stun-pmtud-11 and draft- 850 ietf-tram-stun-pmtud-10 852 o Modifications following IESG review. 854 A.9. Modifications between draft-ietf-tram-stun-pmtud-10 and draft- 855 ietf-tram-stun-pmtud-09 857 o Modifications following reviews for gen-art (Roni Even) and secdir 858 (Carl Wallace). 860 A.10. Modifications between draft-ietf-tram-stun-pmtud-09 and draft- 861 ietf-tram-stun-pmtud-08 863 o Add 3 ways of preventing amplification attacks. 865 A.11. Modifications between draft-ietf-tram-stun-pmtud-08 and draft- 866 ietf-tram-stun-pmtud-07 868 o Updates following Spencer's review. 870 A.12. Modifications between draft-ietf-tram-stun-pmtud-07 and draft- 871 ietf-tram-stun-pmtud-06 873 o Updates following Shepherd review. 875 A.13. Modifications between draft-ietf-tram-stun-pmtud-06 and draft- 876 ietf-tram-stun-pmtud-05 878 o Nits. 880 o Restore missing changelog for previous version. 882 A.14. Modifications between draft-ietf-tram-stun-pmtud-05 and draft- 883 ietf-tram-stun-pmtud-04 885 o Modifications following Brandon Williams review. 887 A.15. Modifications between draft-ietf-tram-stun-pmtud-04 and draft- 888 ietf-tram-stun-pmtud-03 890 o Modifications following Simon Perreault and Brandon Williams 891 reviews. 893 A.16. Modifications between draft-ietf-tram-stun-pmtud-03 and draft- 894 ietf-tram-stun-pmtud-02 896 o Add new Overview of Operations section with ladder diagrams. 898 o Authentication is mandatory for the Complete Probing mechanism, 899 optional for the Simple Probing mechanism. 901 o All the ICE specific text moves to a separate draft to be 902 discussed in the ICE WG. 904 o The TURN usage is removed because probing between a TURN server 905 and TURN client is not useful. 907 o Any usage of PMTUD-SUPPORTED or other signaling mechanisms 908 (formerly knows as discovery mechanisms) must now be 909 authenticated. 911 o Both probing mechanisms are MTI in the server, the complete 912 probing mechanism is MTI in the client. 914 o Make clear that stopping after 3 retransmission is done by 915 changing the STUN parameter. 917 o Define the format of the attributes. 919 o Make clear that the specification is for any UDP protocol that 920 does not already have PMTUD capabilities, not just STUN based 921 protocols. 923 o Change the default delay to send the Report Request to 250 ms 924 after the last Indication if the RTO is unknown. 926 o Each usage of this specification must the format of the 927 IDENTIFIERS attribute contents. 929 o Better define the implicit signaling mechanism. 931 o Extend the Security Consideration section. 933 o Tons of nits. 935 A.17. Modifications between draft-ietf-tram-stun-pmtud-02 and draft- 936 ietf-tram-stun-pmtud-01 938 o Cleaned up references. 940 A.18. Modifications between draft-ietf-tram-stun-pmtud-01 and draft- 941 ietf-tram-stun-pmtud-00 943 o Added Security Considerations Section. 945 o Added IANA Considerations Section. 947 A.19. Modifications between draft-ietf-tram-stun-pmtud-00 and draft- 948 petithuguenin-tram-stun-pmtud-01 950 o Adopted by WG - Text unchanged. 952 A.20. Modifications between draft-petithuguenin-tram-stun-pmtud-01 and 953 draft-petithuguenin-tram-stun-pmtud-00 955 o Moved some Introduction text to the Probing Mechanism section. 957 o Added cross-reference to the other two STUN troubleshooting 958 mechanism drafts. 960 o Updated references. 962 o Added Gonzalo Salgueiro as co-author. 964 A.21. Modifications between draft-petithuguenin-tram-stun-pmtud-00 and 965 draft-petithuguenin-behave-stun-pmtud-03 967 o General refresh for republication. 969 A.22. Modifications between draft-petithuguenin-behave-stun-pmtud-03 970 and draft-petithuguenin-behave-stun-pmtud-02 972 o Changed author address. 974 o Changed the IPR to trust200902. 976 A.23. Modifications between draft-petithuguenin-behave-stun-pmtud-02 977 and draft-petithuguenin-behave-stun-pmtud-01 979 o Defined checksum and sequential numbers as possible packet 980 identifiers. 982 o Updated the reference to RFC 5389 984 o The FINGERPRINT attribute is now mandatory. 986 o Changed the delay between Probe indication and Report request to 987 be RTO/2 or 50 milliseconds. 989 o Added ICMP packet processing. 991 o Added Full-Stop Timeout detection. 993 o Stated that Binding request with PMTUD-SUPPORTED does not start 994 the PMTUD process if already started. 996 A.24. Modifications between draft-petithuguenin-behave-stun-pmtud-01 997 and draft-petithuguenin-behave-stun-pmtud-00 999 o Removed the use of modified STUN transaction but shorten the 1000 retransmission for the simple probing mechanism. 1002 o Added a complete probing mechanism. 1004 o Removed the PADDING-RECEIVED attribute. 1006 o Added release notes. 1008 Acknowledgements 1010 Thanks to Eilon Yardeni, Geir Sandbakken, Paal-Erik Martinsen, 1011 Tirumaleswar Reddy, Ram Mohan R, Simon Perreault, Brandon Williams, 1012 Tolga Asveren, Spencer Dawkins, Carl Wallace, and Roni Even for their 1013 review comments, suggestions and questions that helped to improve 1014 this document. 1016 Special thanks to Dan Wing, who supported this document since its 1017 first publication back in 2008. 1019 Authors' Addresses 1021 Marc Petit-Huguenin 1022 Impedance Mismatch 1024 Email: marc@petit-huguenin.org 1026 Gonzalo Salgueiro 1027 Cisco Systems, Inc. 1028 7200-12 Kit Creek Road 1029 Research Triangle Park, NC 27709 1030 United States 1032 Email: gsalguei@cisco.com 1034 Felipe Garrido 1035 Cisco Systems, Inc. 1036 7200-12 Kit Creek Road 1037 Research Triangle Park, NC 27709 1038 United States 1040 Email: fegarrid@cisco.com