idnits 2.17.1 draft-ietf-tsvwg-datagram-plpmtud-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 3) being 60 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 11 instances of too long lines in the document, the longest one being 2 characters in excess of 72. -- The abstract seems to indicate that this document updates RFC8201, but the header doesn't have an 'Updates:' line to match this. -- The abstract seems to indicate that this document updates RFC4821, but the header doesn't have an 'Updates:' line to match this. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 22, 2018) is 2286 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-34) exists of draft-ietf-quic-transport-04 == Outdated reference: A later version (-32) exists of draft-ietf-tsvwg-udp-options-01 ** Obsolete normative reference: RFC 2460 (Obsoleted by RFC 8200) ** Obsolete normative reference: RFC 4960 (Obsoleted by RFC 9260) Summary: 3 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force G. Fairhurst 3 Internet-Draft T. Jones 4 Intended status: Standards Track University of Aberdeen 5 Expires: July 24, 2018 M. Tuexen 6 I. Ruengeler 7 Muenster University of Applied Sciences 8 January 22, 2018 10 Packetization Layer Path MTU Discovery for Datagram Transports 11 draft-ietf-tsvwg-datagram-plpmtud-00 13 Abstract 15 This document describes a robust method for Path MTU Discovery 16 (PMTUD) for datagram Packetization layers. The method allows a 17 Packetization layer (or a datagram application that uses it) to probe 18 an network path with progressively larger packets to determine a 19 maximum packet size. The document describes as an extension to RFC 20 1191 and RFC 8201, which specify ICMP-based Path MTU Discovery for 21 IPv4 and IPv6. This provides functionally for datagram transports 22 that is equivalent to the Packetization layer PMTUD specification for 23 TCP, specified in RFC4821. 25 When published, this specification updates RFC4821. 27 Status of this Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at http://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on July 24, 2018. 44 Copyright Notice 46 Copyright (c) 2018 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents (http://trustee.ietf.org/ 51 license-info) in effect on the date of publication of this document. 52 Please review these documents carefully, as they describe your rights 53 and restrictions with respect to this document. Code Components 54 extracted from this document must include Simplified BSD License text 55 as described in Section 4.e of the Trust Legal Provisions and are 56 provided without warranty as described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 61 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 62 3. Features required to provide Datagram PLPMTUD . . . . . . . . 6 63 3.1. PMTU Probe Packets . . . . . . . . . . . . . . . . . . . . 8 64 3.2. Validation of the current effective PMTU . . . . . . . . . 9 65 3.3. Reduction of the effective PMTU . . . . . . . . . . . . . 10 66 4. Datagram Packetization Layer PMTUD . . . . . . . . . . . . . . 10 67 4.1. Probing . . . . . . . . . . . . . . . . . . . . . . . . . 10 68 4.2. Selecting the Size of a Probe Message . . . . . . . . . . 11 69 4.3. Verification and use of PTB messages . . . . . . . . . . . 11 70 4.4. Timers . . . . . . . . . . . . . . . . . . . . . . . . . . 12 71 4.5. Constants . . . . . . . . . . . . . . . . . . . . . . . . 12 72 4.6. Variables . . . . . . . . . . . . . . . . . . . . . . . . 13 73 4.7. Selecting Probe Size . . . . . . . . . . . . . . . . . . . 13 74 4.8. State Machine . . . . . . . . . . . . . . . . . . . . . . 14 75 5. Specification of Protocol-Specific Methods . . . . . . . . . . 16 76 5.1. DPLPMTUD for UDP and UDP-Lite . . . . . . . . . . . . . . 16 77 5.1.1. UDP Options . . . . . . . . . . . . . . . . . . . . . 16 78 5.1.2. UDP Options required for PLPMTUD . . . . . . . . . . . 16 79 5.1.2.1. Echo Request Option . . . . . . . . . . . . . . . 16 80 5.1.2.2. Echo Response Option . . . . . . . . . . . . . . . 17 81 5.1.3. Sending UDP-Option Probe Packets . . . . . . . . . . . 17 82 5.1.4. Validating the Path with UDP Options . . . . . . . . . 17 83 5.1.5. Handling of PTB Messages by UDP . . . . . . . . . . . 17 84 5.2. DPLPMTUD for SCTP . . . . . . . . . . . . . . . . . . . . 17 85 5.2.1. SCTP/IP4 and SCTP/IPv6 . . . . . . . . . . . . . . . . 18 86 5.2.1.1. Sending SCTP Probe Packets . . . . . . . . . . . . 18 87 5.2.1.2. Validating the Path with SCTP . . . . . . . . . . 18 88 5.2.1.3. PTB Message Handling by SCTP . . . . . . . . . . . 18 89 5.2.2. DPLPMTUD for SCTP/UDP . . . . . . . . . . . . . . . . 19 90 5.2.2.1. Sending SCTP/UDP Probe Packets . . . . . . . . . . 19 91 5.2.2.2. Validating the Path with SCTP/UDP . . . . . . . . 19 92 5.2.2.3. Handling of PTB Messages by SCTP/UDP . . . . . . . 19 93 5.2.3. DPLPMTUD for SCTP/DTLS . . . . . . . . . . . . . . . . 19 94 5.2.3.1. Sending SCTP/DTLS Probe Packets . . . . . . . . . 19 95 5.2.3.2. Validating the Path with SCTP/DTLS . . . . . . . . 19 96 5.2.3.3. Handling of PTB Messages by SCTP/DTLS . . . . . . 19 97 5.3. Other IETF Transports . . . . . . . . . . . . . . . . . . 20 98 5.4. DPLPMTUD by Applications . . . . . . . . . . . . . . . . . 20 99 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 20 100 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 101 8. Security Considerations . . . . . . . . . . . . . . . . . . . 20 102 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 103 9.1. Normative References . . . . . . . . . . . . . . . . . . . 21 104 9.2. Informative References . . . . . . . . . . . . . . . . . . 22 105 Appendix A. Event-driven state changes . . . . . . . . . . . . . . 23 106 Appendix B. Revision Notes . . . . . . . . . . . . . . . . . . . . 25 107 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26 109 1. Introduction 111 The IETF has specified datagram transport using UDP, SCTP, and DCCP, 112 as well as protocols layered on top of these transports (e.g., SCTP/ 113 UDP, DCCP/UDP). 115 Classical Path Maximum Transmission Unit Discovery (PMTUD) can be 116 used with any transport that is able to process ICMP Packet Too Big 117 (PTB) messages (e.g., [RFC1191] and [RFC8201]). The term PTB message 118 is applied to both IPv4 ICMP Unreachable messages (type 3) that carry 119 the error Fragmentation Needed (Type 3, Code 4) and ICMPv6 packet too 120 big messages (Type 2). The sender adjusts the effective Path MTU 121 (PMTU), based on reception of ICMP PTB messages to decrease the PMTU 122 when a packet is sent with a size larger than the value reported as 123 the Link MTU in the PTB message, and a method that from time-to-time 124 increases the packet size in attempt to discover an increase in the 125 supported PMTU. 127 However, Classical PMTUD is subject to protocol failures. One 128 failure arises when traffic using a packet size larger than the 129 actual supported PMTU is black-holed (all datagrams sent with this 130 size are silently discarded). This could continue to happen when ICMP 131 PTB messages are not delivered back to the sender for some reason 132 [RFC2923]). For example, ICMP messages are increasingly filtered by 133 middleboxes (including firewalls) [RFC4890], and in some cases are 134 not correctly processed by tunnel endpoints. 136 Another failure could result if a system not on the network path 137 sends a PTB that attempts to force the sender to change the effective 138 PMTU [RFC8201]. A sender can protect itself from reacting to such 139 messages by utilising the quoted packet within the PTB message 140 payload to verify that the received PTB message was generated in 141 response to a packet that had actually been sent. However, there are 142 situations where a sender is unable to provide this verification 143 (e.g., when the PTB message does not include sufficient information, 144 often the case for IPv4; or where the information corresponds to an 145 encrypted packet). Most routers implement RFC792 [RFC0792], which 146 requires them to return only the first 64 bits of the IP payload of 147 the packet, whereas RFC1812 [RFC1812] requires routers to return the 148 full packet if possible. 150 Even when the PTB message includes sufficient bytes of the quoted 151 packet, the network layer could lack sufficient context to perform 152 verification, because this depends on information about the active 153 transport flows at an endpoint node (e.g., the socket/address pairs 154 being used, and other protocol header information). 156 The term Packetization Layer (PL) has been introduced to describe the 157 layer that is responsible for placing data blocks into the payload of 158 packets and selecting an appropriate maximum packet size. This 159 function is often performed by a transport protocol, but can also be 160 performed by other encapsulation methods working above the transport. 161 PTB verification is more straight forward at the PL or at a higher 162 layer. 164 In contrast to PMTUD, Packetization Layer Path MTU Discovery 165 (PLPMTUD) [RFC4821] does not rely upon reception and verification of 166 PTB messages. It is therefore more robust than Classical PMTUD. This 167 has become the recommended approach for implementing PMTU discovery 168 with TCP. It uses a general strategy where the PL searches for an 169 appropriate PMTU by sending probe packets along the network path with 170 a progressively larger packet size. If a probe packet is 171 successfully delivered (as determined by the PL), then the effective 172 Path MTU is raised to the size of the successful probe. 174 PLPMTUD introduces flexibility in the implementation of PMTU 175 discovery. At one extreme, it can be configured to only perform PTB 176 black hole detection and recovery to increase the robustness of 177 Classical PMTUD, or at the other extreme, all PTB processing can be 178 disabled and PLPMTUD can completely replace Classical PMTUD. PLPMTUD 179 can also include additional consistency checks without increasing the 180 risk of increased blackholing. 182 The UDP-Guidelines [RFC8085] state "an application SHOULD either use 183 the path MTU information provided by the IP layer or implement Path 184 MTU Discovery (PMTUD)", but does not provide a mechanism for 185 discovering the largest size of unfragmented datagram than can be 186 used on a path. PLPMTUD has not currently been specified for UDP, 187 while Section 10.2 of [RFC4821] recommends a PLPMTUD probing method 188 for SCTP that utilises heartbeat messages as probe packets, but does 189 not provide a complete specification. This document provides the 190 details to complete that specification. Similarly, the method 191 defined in this specification could be used with the Datagram 192 Congestion Control Protocol (DCCP) [RFC4340] requires implementations 193 to support Classical PMTUD and states that a DCCP sender "MUST 194 maintain the maximum packet size (MPS) allowed for each active DCCP 195 session". It also defines the current congestion control maximum 196 packet size (CCMPS) supported by a path. This recommends use of 197 PMTUD, and suggests use of control packets (DCCP-Sync) as path probe 198 packets, because they do not risk application data loss. 200 Section 4 of this document presents a set of algorithms for datagram 201 protocols to discover a maximum size for the effective PMTU across a 202 path. The methods described rely on features of the PL Section 3 and 203 apply to transport protocols over IPv4 and IPv6. It does not require 204 cooperation from the lower layers (except that they are consistent 205 about which packet sizes are acceptable). A method can utilise ICMP 206 PTB messages when received messages are made available to the PL. 208 Finally, Section 5 specifies the method for a set of transports, and 209 provides information to enables the implementation of PLPMTUD with 210 other datagram transports and applications that use datagram 211 transports. 213 2. Terminology 215 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 216 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 217 document are to be interpreted as described in [RFC2119]. 219 Other terminology is directly copied from [RFC4821], and the 220 definitions in [RFC1122]. 222 Black-Holed: When the sender is unaware that packets are not 223 delivered to the destination endpoint (e.g., when the sender 224 transmits packets of a particular size with a previously known 225 PMTU, but is unaware of a change to the path that resulted in a 226 smaller PMTU). 228 Classical Path MTU Discovery: Classical PMTUD is a process described 229 in [RFC1191] and [RFC8201], in which nodes rely on PTB messages to 230 learn the largest size of unfragmented datagram than can be used 231 across a path. 233 Datagram: A datagram is a transport-layer protocol data unit, 234 transmitted in the payload of an IP packet. 236 Effective PMTU: The current estimated value for PMTU that is used by 237 a Packetization Layer. 239 EMTU_S: The Effective MTU for sending (EMTU_S) is defined in 240 [RFC1122] as "the maximum IP datagram size that may be sent, for a 241 particular combination of IP source and destination addresses...". 243 EMTU_R: The Effective MTU for receiving (EMTU_R) is designated in 244 [RFC1122] as the largest datagram size that can be reassembled by 245 EMTU_R ("Effective MTU to receive"). 247 Link: A communication facility or medium over which nodes can 248 communicate at the link layer, i.e., a layer below the IP layer. 249 Examples are Ethernet LANs and Internet (or higher) layer and 250 tunnels. 252 Link MTU: The Maximum Transmission Unit (MTU) is the size in bytes of 253 the largest IP packet, including the IP header and payload, that 254 can be transmitted over a link. Note that this could more 255 properly be called the IP MTU, to be consistent with how other 256 standards organizations use the acronym MTU. This includes the IP 257 header, but excludes link layer headers and other framing that is 258 not part of IP or the IP payload. Other standards organizations 259 generally define link MTU to include the link layer headers. 261 MPS: The Maximum Packet Size (MPS), the largest size of application 262 data block that can be sent unfragmented across a path. In 263 PLPMTUD this quantity is derived from Effective PMTU by taking 264 into consideration the size of the application and lower protocol 265 layer headers, and can be limited by the application protocol. 267 Packet: An IP header plus the IP payload. 269 Packetization Layer (PL): The layer of the network stack that places 270 data into packets and performs transport protocol functions. 272 Path: The set of link and routers traversed by a packet between a 273 source node and a destination node. 275 Path MTU (PMTU): The minimum of the link MTU of all the links forming 276 a path between a source node and a destination node. 278 PLPMTUD: Packetization Layer Path MTU Discovery, the method described 279 in this document for datagram PLs, which is an extension to 280 Classical PMTU Discovery. 282 Probe packet: A datagram sent with a purposely chosen size (typically 283 larger than the current Effective PMTU or MPS) to detect if 284 messages of this size can be successfully sent along the end-to- 285 end path. 287 3. Features required to provide Datagram PLPMTUD 289 TCP PLPMTUD has been defined using standard TCP protocol mechanisms. 290 All of the requirements in [RFC4821] also apply to use of the 291 technique with a datagram PL. Unlike TCP, some datagram PLs require 292 additional mechanisms to implement PLPMTUD. 294 There are nine requirements for performing the datagram PLPMTUD 295 method described in this specification: 297 1. PMTU parameters: A PLPMTUD sender is REQUIRED to provide 298 information about the maximum size of packet that can be 299 transmitted by the sender on the local link (the Link MTU and MAY 300 utilize similar information about the receiver when this is 301 supplied (note this could be less than EMTU_R). Some applications 302 also have a maximum transport protocol data unit (PDU) size, in 303 which case there is no benefit from probing for a size larger 304 than this (unless a transport allows multiplexing multiple 305 applications PDUs into the same datagram). 307 2. Effective PMTU: A datagram application MUST be able to choose the 308 size of datagrams sent to the network, up to the effective PMTU, 309 or a smaller value (such as the MPS) derived from this. This 310 value is managed by the PMTUD method. The effective PMTU 311 (specified in Section 1 of [RFC1191]) is equivalent to the EMTU_S 312 (specified in [RFC1122]). 314 3. Probe packets: On request, a PLPMTUD sender is REQUIRED to be 315 able to transmit a packet larger than the current effective PMTU 316 (but always with a total size less than the link MTU). The method 317 can use this as a probe packet. In IPv4, a probe packet is 318 always sent with the Don't Fragment (DF) bit set and without 319 network layer endpoint fragmentation. In IPv6, a probe packet is 320 always sent without source fragmentation (as specified in section 321 5.4 of [RFC8201]). 323 4. Processing PTB messages: A PLPMTUD sender MAY optionally utilize 324 PTB messages received from the network layer to help identify 325 when a path does not support the current size of packet probe. 326 Any received PTB message SHOULD/MUST be verified before it is 327 used to update the PMTU discovery information [RFC8201]. This 328 verification confirms that the PTB message was sent in response 329 to a packet originating by the sender, and needs to be performed 330 before the PMTU discovery method reacts to the PTB message. When 331 the router link MTU is indicated in the PTB message this MAY be 332 used by datagram PLPMTUD to reduce the size of a probe, but MUST 333 NOT be used increase the effective PMTU ([RFC8201]). 335 5. Reception feedback: The destination PL endpoint is REQUIRED to 336 provide a feedback method that indicates when a probe packet has 337 been received by the destination endpoint. The local PL endpoint 338 at the sending node is REQUIRED to pass this feedback to the 339 sender-side PLPMTUD method. 341 6. Probing and congestion control: The isolated loss of a probe 342 packet SHOULD NOT be treated as an indication of congestion and 343 its loss does not directly trigger a congestion control reaction 344 [RFC4821]. 346 7. Probe loss recovery: If the data block carried by a probe message 347 needs to be sent reliably, the PL (or layers above) MUST arrange 348 retransmission/repair of any resulting loss. This method MUST be 349 robust in the case where probe packets are lost due to other 350 reasons (including link transmission error, congestion). The 351 PLPMTUD method treats isolated loss of a probe packet (with or 352 without an PTB message) as a potential indication of a PMTU limit 353 on the path. The PL MAY retransmit any data included in a lost 354 probe packet without adjusting its congestion window [RFC4821]. 356 8. Cached effective PMTU: The sender MUST cache the effective PMTU 357 value used by an instance of the PL between probes and needs also 358 to consider the disruption that could be incurred by an 359 unsuccessful probe - both upon the flow that incurs a probe loss, 360 and other flows that experience the effect of additional probe 361 traffic. 363 9. Shared effective PMTU state: The PMTU value could also be stored 364 with the corresponding entry in the destination cache and used by 365 other PL instances. The specification of PLPMTUD [RFC4821] 366 states: "If PLPMTUD updates the MTU for a particular path, all 367 Packetization Layer sessions that share the path representation 368 (as described in Section 5.2 of [RFC4821]) SHOULD be notified to 369 make use of the new MTU and make the required congestion control 370 adjustments". Such methods need to robust to the wide variety of 371 underlying network forwarding behaviours. Section 5.2 of 372 [RFC8201] provides guidance on the caching of PMTU information 373 and also the relation to IPv6 flow labels. 375 In addition the following design principles are stated: 377 o Suitable MPS: The PLPMTUD method SHOULD avoid forcing an 378 application to use an arbitrary small MPS (effective PMTU) for 379 transmission while the method is searching for the currently 380 supported PMTU. Datagram PLs do not necessarily support 381 fragmentation of PDUs larger than the PMTU. A reduced MPS can 382 adversely impact the performance of a datagram application. 384 o Path validation: The PLPMTUD method MUST be robust to path changes 385 that could have occurred since the path characteristics were last 386 confirmed. 388 o Datagram reordering: A method MUST be robust to the possibility 389 that a flow encounters reordering, or has the traffic (including 390 probe packets) is divided over more than one network path. 392 o When to probe: The PLPMTUD method SHOULD determine whether the 393 path capacity has increased since it last measured the path. This 394 determines when the path should again be probed. 396 3.1. PMTU Probe Packets 398 PMTU discovery relies upon the sender being able to generate probe 399 messages with a specific size. TCP is able to generate probe packets 400 by choosing to appropriately segment data being sent [RFC4821]. 402 In contrast, a datagram PL that needs to construct a probe packet has 403 to either request an application to send a data block that is larger 404 than that generated by an application, or to utilise padding 405 functions to extend a datagram beyond the size of the application 406 data block. Protocols that permit exchange of control messages 407 (without an application data block) could alternatively prefer to 408 generate a probe packet by extending a control message with padding 409 data. 411 When the method fails to validate the PMTU for the path, it may be 412 required to send a probe packet with a size less than the size of the 413 data block generated by an application. In this case, the PL could 414 provide a way to fragment a datagram at the PL, or could instead 415 utilise a control packet with padding. 417 A receiver needs to be able to distinguish an in-band data block from 418 any added padding. This is needed to ensure that any added padding 419 is not passed on to an application at the receiver. 421 This results in three possible ways that a sender can create a probe 422 packet: 424 Probing using appication data: A probe packet that contains a data 425 block supplied by an application that matches the size required 426 for the probe. This method requests the application to issue a 427 data block of the desired probe size. If the application/ 428 transport needs protection from the loss of an unsuccessful probe 429 packet, the application/transport needs then to perform transport- 430 layer retransmission/repair of the data block (e.g., by 431 retransmission after loss is detected or by duplicating the data 432 block in a datagram without the padding). 434 Probing using appication data and padding data: A probe packet that 435 contains a data block supplied by an application that is combined 436 with padding to inflate the length of the datagram to the size 437 required for the probe. If the application/transport needs 438 protection from the loss of this probe packet, the application/ 439 transport may perform transport-layer retransmission/repair of the 440 data block (e.g., by retransmission after loss is detected or by 441 duplicating the data block in a datagram without the padding 442 data). 444 Probing using padding data: A probe packet that contains only control 445 information together with any padding needed to inflate the packet 446 to the size required for the probe. Since these probe packets do 447 not carry an application-supplied data block,they do not typically 448 require retransmission, although they do still consume network 449 capacity and incur endpoint processing. 451 A datagram PLPMTUD MAY choose to use only one of these methods to 452 simplify the implementation. 454 3.2. Validation of the current effective PMTU 456 The PL needs a method to determine when probe packets have been 457 successfully received end-to-end across a network path. 459 Transport protocols can include end-to-end methods that detect and 460 report reception of specific datagrams that they send (e.g., DCCP and 461 SCTP provide keep-alive/heartbeat features). When supported, this 462 mechanism SHOULD also be used by PLPMTUD to acknowledge reception of 463 a probe packet. 465 A PL that does not acknowledge data reception (e.g., UDP and UDP- 466 Lite) is unable to detect when the packets it sends are discarded 467 because their size is greater than the actual PMTUD. These PLs need 468 to either rely on an application protocol to detect this, or make use 469 of an additional transport method such as UDP-Options [I-D.ietf- 470 tsvwg-udp-options]. In addition, they might need to send 471 reachability probes (e.g., periodically solicit a response from the 472 destination) to determine whether the current effective PMTU is still 473 supported by the network path. 475 Section Section 4 specifies this function for a set of IETF-specified 476 protocols. 478 3.3. Reduction of the effective PMTU 480 When the current effective PMTU is no longer supported by the network 481 path, the transport needs to detect this and reduce the effective 482 PMTU. 484 o A PL that sends a datagram larger than the actual PMTU that 485 includes no application data block, or one that does not attempt 486 to provide any retransmission, can send a new probe packet with an 487 updated probe size. 489 o A PL that wishes to resend the application data block, could then 490 need to re-fragment the data block to a smaller packet size that 491 is expected to traverse the end-to-end path. This could utilise 492 network-layer or PL fragmentation when these are available. A 493 fragmented datagram MUST NOT be used as a probe packet (see 494 [RFC8201]). 496 A method can additionally utilise PTB messages to detect when the 497 actual PMTU supported by a network path is less than the current size 498 of datagrams (or probe messages) that are being sent. 500 4. Datagram Packetization Layer PMTUD 502 This section specifies Datagram PLPMTUD. 504 The central idea of PLPMTU discovery is probing by a sender. Probe 505 packets of increasing size are sent to find out the maximum size of a 506 user message that is completely transferred across the network path 507 from the sender to the destination. 509 4.1. Probing 511 The PLPMTUD method utilises a timer to trigger the generation of 512 probe packets. The probe_timer is started each time a probe packet 513 is sent to the destination and is cancelled when receipt of the probe 514 packet is acknowledged. 516 The PROBE_COUNT is initialised to zero when a probe packet is first 517 sent with a particular size. Each time the probe_timer expires, the 518 PROBE_COUNT is incremented, and a probe packet of the same size is 519 retransmitted. The maximum number of retransmissions per probing 520 size is configured (MAX_PROBES). If the value of the PROBE_COUNT 521 reaches MAX_PROBES, probing will be stopped and the last successfully 522 probed PMTU is set as the effective PMTU. 524 Once probing is completed, the sender continues to use the effective 525 PMTU until either a PTB message is received or the PMTU_RAISE_TIMER 526 expires. If the PL is unable to verify reachability to the 527 destination endpoint after probing has completed, the method uses a 528 REACHABILITY_TIMER to periodically repeat a probe packet for the 529 current effective PMTU size, while the PMTU_RAISE_TIMER is running. 530 If the resulting probe packet is not acknowledged (i.e. the 531 PROBE_TIMER expires), the method re-starts probing for the PMTU. 533 4.2. Selecting the Size of a Probe Message 535 Path probing relies on generation of probe packets with a specific 536 size. This section decribes how the algorithm selects the size of 537 the next probe message. 539 XXX Details may be specified in later revisions of this document- the 540 next list is for information XXX 542 There are serveral things to consider, these include: 544 step granularity (i.e., it could be unecessary to probe for each 545 possible PMTU, and probes could be at a courser elvel - every 16B? 546 every 128B? ) 548 There are various algorithms that could be used to arrive at a set 549 of suitable probe sizes. Should the value be derived from a table 550 of probe sizes or via a search algorithm (e.g. a binary search), 551 or is a hybrid approach at different times to be preferred? 552 Should one method be specified?. 554 How much overhead is present in the probe packet? to map from a 555 probe payload to the size of the probe on the wire (does this 556 matter in selection of the probe size? 558 4.3. Verification and use of PTB messages 560 XXX A decision on SHOULD/MUST needs to be made on how to verify 561 messages XXX 563 This section describes processing for both IPv4 ICMP Unreachable 564 messages (type 3) and ICMPv6 packet too big messages. 566 A node that receives a PTB message from a router or middlebox, SHOULD 567 /MUST verify the PTB message. The node checks the protocol 568 information in the quoted payload to verify that the message 569 originated from the sending node. The node also checks that the 570 reported MTU size is less than the size used by packet probes. PTB 571 messages are discarded if they fail to pass these checks, or where 572 there is insufficient ICMP payload to perform these checks. The 573 checks are intended to provide protection from packets that originate 574 from a node that is not on the network path or a node that attempts 575 to report a larger MTU than the current probe size. 577 PTB messages that have been verified can be utilised by the DPLPMTUD 578 algorithm. A method that utilises these PTB messages can improve 579 performance compared to one that relies solely on probing. 581 XXX Specification needed of how to utilise the reported Link MTU size 582 to generate a probe, and how to account for encapuslations that may 583 be present at the point where the PTB message was generated. XXX 585 4.4. Timers 587 This method utilises three timers: 589 PROBE_TIMER: Configured to expire after a period longer than the 590 maximum time to receive an acknowledgment to a probe packet. This 591 value MUST be larger than 1 second, and SHOULD be larger than 15 592 seconds. Guidance on selection of the timer value are provide in 593 section 3.1.1 of the UDP Usage Guidelines [RFC8085]. 595 PMTU_RAISE_TIMER: Configured to the period a sender ought to continue 596 use the current effective PMTU, after which it re-commences 597 probing for a higher PMTU. This timer has a period of 600 secs, as 598 recommended by PLPMTUD [RFC4821]. 600 REACHABILITY_TIMER: Configured to the period a sender ought to wait 601 before confirming the current effective PMTU is still supported. 602 This is less than the PMTU_RAISE_TIMER. 604 An application that needs to employ keep-alive messages to deliver 605 useful service over UDP SHOULD NOT transmit them more frequently 606 than once every 15 seconds and SHOULD use longer intervals when 607 possible. DPLPMTUD ought to suspend reachability probes when no 608 application data has been sent since the previous probe packet. 609 Guidance on selection of the timer value are provide in section 610 3.1.1 of the UDP Usage Guidelines[RFC8085]. 612 An implementation could implement the various timers using a single 613 timer process. 615 4.5. Constants 617 The following constants are defined: 619 MAX_PROBES: The maximum value of the PROBE_ERROR_COUNTER. The default 620 value of MAX_PROBES is 10. 622 MIN_PMTU: The smallest allowed probe packet size. This value is 1280 623 bytes, as specified in [RFC2460]. For IPv4, the minimum value is 624 68 bytes. (An IPv4 routed is required to be able to forward a 625 datagram of 68 octets without further fragmentation. This is the 626 combined size of an IPv4 header and the minimum fragment size of 8 627 octets.) 629 BASE_PMTU: The BASE_PMTU is a considered a size that ought to work in 630 most cases. The size is equal to or larger than the minimum 631 permitted and smaller than the maximum allowed. In the case of 632 IPv6, this value is 1280 bytes [RFC2460]. When using IPv4, a size 633 of 1200 is RECOMMENDED. 635 MAX_PMTU: The MAX_PMTU is the largest size of PMTU that is probed. 636 This has to be less than or equal to the minimum of the local MTU 637 of the outgoing interface and the destination effective MTU for 638 receiving. An application or PL may reduce this when it knows 639 there is no need to send packets above a specific size. 641 4.6. Variables 643 This method utilises a set of variables: 645 effective PMTU: The effective PMTU is the maximum size of datagram 646 that the method has currently determined can be supported along 647 the entire path. 649 PROBED_SIZE: The PROBED_SIZE is the size of the current probe packet. 650 This is a tentative value for the effective PMTU, which is 651 awaiting confirmation by an acknowledgment. 653 PROBE_COUNT: This is a count of the number of unsuccessful probe 654 packets that have been sent with size PROBED_SIZE. The value is 655 initialised to zero when a particular size of PROBED_SIZE is first 656 attempted. 658 PTB_SIZE: The PTB_Size is value returned by a verified PTB message 659 indicating the local MTU size of a router along the path. 661 4.7. Selecting Probe Size 663 XXX There are serveral things to consider when selecting the size to 664 probe, some of which may be specified in later revisions of this 665 document XXX 667 Issues include: 669 step granularity (i.e., it could be unecessary to probe for each 670 possible PMTU, and probes could be at a courser elvel - every 16B? 671 every 128B? ) 672 There are various algorithms that could be used to arrive at a set 673 of suitable probe sizes. Should the value be derived from a table 674 of probe sizes or via a search algorithm, or is a hybrid approach 675 at different times to be preferred? Should one method be 676 specified?. 678 How much overhead is present in the probe packet? to map from a 679 probe payload to the size of the probe on the wire (does this 680 matter in selection of the probe size? 682 4.8. State Machine 684 A state machine for Datagram PLPMTUD is depicted in Figure 1. If 685 multihoming is supported, a state machine is needed for each active 686 path. 688 PROBE_TIMER expiry 689 (PROBE_COUNT = MAX_PROBES) 690 +-------------+ +--------------+ 691 =->| PROBE_START |--------------->|PROBE_DISABLED| 692 PROBE_TIMER expiry | +-------------+ +--------------+ 693 (PROBE_COUNT = | | | 694 MAX_PROBES) ------- | Connectivity confirmed 695 v 696 ----------- +------------+ -- PROBE_TIMER expiry 697 MAX_PMTU acked or | | PROBE_BASE | | (PROBE_COUNT < 698 PTB (>= BASE_PMTU)| -----> +------------+ <- MAX_PROBES) 699 ---------------- | /\ | | 700 | | | | | PTB 701 | PMTU_RAISE_TIMER| | | | (PTB_SIZE < BASE_PMTU) 702 | or reachability | | | | or 703 | (PROBE_COUNT | | | | PROBE_TIMER expiry 704 | = MAX_PROBES) | | | | (PROBE_COUNT = MAX_PROBES) 705 | ------------- | | \ 706 | | PTB | | \ 707 | | (< PROBED_SIZE)| | \ 708 | | | | ---------------- 709 | | | | | 710 | | | | Probe | 711 | | | | acked | 712 v | | v v 713 +------------+ +--------------+ Probe +-------------+ 714 | PROBE_DONE |<-------------- | PROBE_SEARCH |<-------| PROBE_ERROR | 715 +------------+ MAX_PMTU acked +--------------+ acked +-------------+ 716 /\ | or /\ | 717 | | PROBE_TIMER expiry | | 718 | |(PROBE_COUNT = MAX_PROBES) | | 719 | | | | 720 ------ -------- 721 Reachability probe acked PROBE_TIMER expiry 722 or PROBE_TIMER expiry (PROBE_COUNT < MAX_PROBES) 724 (PROBE_COUNT < MAX_PROBES) or 725 Probe acked 727 XXX State machine to be updated for PTB messages - to probe for PTB 728 size XXX 730 The following states are defined to reflect the probing process: 732 PROBE_START: The PROBE_START state is the initial state before 733 probing has started. PLPMTUD is not performed in this state. The 734 state transitions to PROBE_BASE, when a path has been confirmed, 735 i.e. when a sent packet has been acknowledged on this path. The 736 effective PMTU is set to the BASE_PMTU size. Probing ought to 737 start immediately after connection setup to prevent the loss of 738 user data. 740 PROBE_BASE: The PROBE_BASE state is the starting point for probing 741 with datagram PLPMTUD. It is used to confirm whether the BASE_PMTU 742 size is supported by the network path. On entry, the PROBED_SIZE 743 is set to the BASE_PMTU size and the PROBE_COUNT is set to zero. 744 A probe packet is sent, and the PROBE_TIMER is started. The state 745 is left when the PROBE_COUNT reaches MAX_PROBES; a PTB message is 746 verified, or a probe packet is acknowledged. 748 PROBE_SEARCH: The PROBE_SEARCH state is the main probing state. This 749 state is entered either when probing for the BASE_PMTU was 750 successful or when there is a successful reachability test in the 751 PROBE_ERROR state. On entry, the effective PMTU is set to the 752 last acknowledged PROBED_SIZE. 754 On the first probe packet for each probed size, the PROBE_COUNT is 755 set to zero. Each time a probe packet is acknowledged, the 756 effective PMTU is set to the PROBED_SIZE, and then the PROBED_SIZE 757 is increased. When a probe packet is not acknowledged within the 758 period of the PROBE_TIMER, the PROBE_COUNT is incremented and the 759 probe packet is retransmitted. The state is exited when the 760 PROBE_COUNT reaches MAX_PROBES; a PTB message is verified; or a 761 probe of size PMTU_MAX is acknowledged. 763 PROBE_ERROR: The PROBE_ERROR state represents the case where the 764 network path is not known to support an effective PMTU of at least 765 the BASE_PMTU size. It is entered when either a probe of size 766 BASE_PMTU has not been acknowledged or a verified PTB message 767 indicates a smaller link MTU than the BASE_PMTU. On entry, the 768 PROBE_COUNT is set to zero and the PROBED_SIZE is set to the 769 MIN_PMTU size, and the effective PMTU is reset to MIN_PMTU size. 770 In this state, a probe packet is sent, and the PROBE_TIMER is 771 started. The state transitions to the PROBE_SEARCH state when a 772 probe packet is acknowledged. 774 PROBE_DONE: The PROBE_DONE state indicates a successful end to a 775 probing phase. Datagram PLPMTUD remains in this state until 776 either the PMTU_RAISE_TIMER expires or a PTB message is verified. 778 When PLPMTUD uses an unacknowledged PL and is in the PROBE_DONE 779 state, a REACHABILITY_TIMER periodically resets the PROBE_COUNT 780 and schedules a probe packet with the size of the effective PMTU. 781 If the probe packet fails to be acknowledged after MAX_PROBES 782 attempts, the method enters the PROBE_BASE state. When used with 783 an acknowledged PL (e.g., SCTP), DPLPMTUD SHOULD NOT continue to 784 probe in this state. 786 PROBE_DISABLED: The PROBE_DISABLED state indicates that connectivity 787 could not be established. DPLPMTUD MUST NOT probe in this state. 789 Appendix Appendix A contains an informative description of key 790 events. 792 5. Specification of Protocol-Specific Methods 794 This section specifies protocol-specific details for datagram PLPMTUD 795 for IETF-specified transports. 797 5.1. DPLPMTUD for UDP and UDP-Lite 799 The current specifications of UDP [RFC0768] and UDP-LIte [RFC3828] do 800 not define a method in the RFC-series that supports PLPMTUD. In 801 particular, these transports do not provide the transport layer 802 features needed to implement datagram PLPMTUD, and any support for 803 Datagram PLPMTUD would therefore need to rely on higher-layer 804 protocol features [RFC8085]. 806 5.1.1. UDP Options 808 UDP-Options [I-D.ietf-tsvwg-udp-options] supply the additional 809 functionality required to implement datagram PLPMTUD. This enables 810 padding to be added to UDP datagrams and can be used to provide 811 feedback acknowledgement of received probe packets. 813 5.1.2. UDP Options required for PLPMTUD 815 This subsection proposes two new UDP-Options that add support for 816 requesting a datagram response be sent and to mark this datagram as a 817 response to a request. 819 XXX << Future versions of the spec may define a parameter in an 820 Option to indicate the EMTU_R to the peer.>> 822 5.1.2.1. Echo Request Option 824 The Echo Request Option allows a sending endpoint to solicit a 825 response from a destination endpoint. 827 The Echo Request carries a four byte token set by the sender. This 828 token can be set to a value that is likely to be known only to the 829 sender (and becomes known to nodes along the end-to-end path). The 830 sender can then check the value returned in the response to provide 831 additional protection from off-path insertion of data [RFC8085]. 833 +---------+--------+-----------------+ 834 | Kind=9 | Len=6 | Token | 835 +---------+--------+-----------------+ 836 1 byte 1 byte 4 bytes 838 5.1.2.2. Echo Response Option 840 The Echo Response Option is generated by the PL in response to 841 reception of a previously received Echo Request. The Token field 842 associates the response with the Token value carried in the most 843 recently-received Echo Request. The rate of generation of UDP 844 packets carrying an Echo Response Option MAY be rate-limited. 846 +---------+--------+-----------------+ 847 | Kind=10 | Len=6 | Token | 848 +---------+--------+-----------------+ 849 1 byte 1 byte 4 bytes 851 5.1.3. Sending UDP-Option Probe Packets 853 This method specifies a probe packet that does not carry an 854 application data block. The probe packet consists of a UDP datagram 855 header followed by a UDP Option containing the ECHOREQ option, which 856 is followed by NOP Options to pad the remainder of the datagram 857 payload to the probe size. NOP padding is used to control the length 858 of the probe packet. 860 A UDP Option carrying the ECHORES option is used to provide feedback 861 when a probe packet is received at the destination endpoint. 863 5.1.4. Validating the Path with UDP Options 865 Since UDP is an unacknowledged PL, a sender that does not have 866 higher-layer information confirming correct delivery of datagrams 867 SHOULD implement the REACHABILITY_TIMER to periodically send probe 868 packets while in the PROBE_DONE state. 870 5.1.5. Handling of PTB Messages by UDP 872 Normal ICMP verification MUST be performed as specified in Section 873 5.2 of [RFC8085]. This requires that the PL verifies each received 874 PTB messages to verify these are received in response to transmitted 875 traffic and that the reported LInk MTU is less than the current probe 876 size. A verified PTB message MAY be used as input to the PLPMTUD 877 algorithm. 879 5.2. DPLPMTUD for SCTP 881 Section 10.2 of [RFC4821] specifies a recommended PLPMTUD probing 882 method for SCTP. It recommends the use of the PAD chunk, defined in 883 [RFC4820] to be attached to a minimum length HEARTBEAT chunk to build 884 a probe packet. This enables probing without affecting the transfer 885 of user messages and without interfering with congestion control. 886 This is preferred to using DATA chunks (with padding as required) as 887 path probes. 889 XXX << Future versions of this specification might define a parameter 890 contained in the INIT and INIT ACK chunk to indicate the MTU to the 891 peer. However, multihoming makes this a bit complex, so it might not 892 be worth doing.>> 894 5.2.1. SCTP/IP4 and SCTP/IPv6 896 The base protocol is specified in [RFC4960]. 898 5.2.1.1. Sending SCTP Probe Packets 900 Probe packets consist of an SCTP common header followed by a 901 HEARTBEAT chunk and a PAD chunk. The PAD chunk is used to control 902 the length of the probe packet. The HEARTBEAT chunk is used to 903 trigger the sending of a HEARTBEAT ACK chunk. The reception of the 904 HEARTBEAT ACK chunk acknowledges reception of a successful probe. 906 The HEARTBEAT chunk carries a Heartbeat Information parameter which 907 should include, besides the information suggested in [RFC4960], the 908 probing size, which is the MTU size the complete datagram will add up 909 to. The size of the PAD chunk is therefore computed by reducing the 910 probing size by the IPv4 or IPv6 header size, the SCTP common header, 911 the HEARTBEAT request and the PAD chunk header. The payload of the 912 PAD chunk contains arbitrary data. 914 To avoid fragmentation of retransmitted data, probing starts right 915 after the handshake, before data is sent. Assuming normal behaviour 916 (i.e., the PMTU is smaller than or equal to the interface MTU), this 917 process will take a few round trip time periods depending on the 918 number of PMTU sizes probed. The Heartbeat timer can be used to 919 implement the PROBE_TIMER. 921 5.2.1.2. Validating the Path with SCTP 923 Since SCTP provides an acknowledged PL, a sender does MUST NOT 924 implement the REACHABILITY_TIMER while in the PROBE_DONE state. 926 5.2.1.3. PTB Message Handling by SCTP 928 Normal ICMP verification MUST be performed as specified in Appendix C 929 of [RFC4960]. This requires that the first 8 bytes of the SCTP 930 common header are quoted in the payload of the PTB message, which can 931 be the case for ICMPv4 and is normally the case for ICMPv6. 933 When a PTB message has been verified, the router Link MTU indicated 934 in the PTB message SHOULD be used with the PLPMTUD algorithm, 935 providing that the reported Link MTU is less than the current probe 936 size. 938 5.2.2. DPLPMTUD for SCTP/UDP 940 The UDP encapsulation of SCTP is specified in [RFC6951]. 942 5.2.2.1. Sending SCTP/UDP Probe Packets 944 Packet probing can be performed as specified in Section 5.2.1.1. The 945 maximum payload is reduced by 8 bytes, which has to be considered 946 when filling the PAD chunk. 948 5.2.2.2. Validating the Path with SCTP/UDP 950 Since SCTP provides an acknowledged PL, a sender does MUST NOT 951 implement the REACHABILITY_TIMER while in the PROBE_DONE state. 953 5.2.2.3. Handling of PTB Messages by SCTP/UDP 955 Normal ICMP verification MUST be performed for PTB messages as 956 specified in Appendix C of [RFC4960]. This requires that the first 8 957 bytes of the SCTP common header are contained in the PTB message, 958 which can be the case for ICMPv4 (but note the UDP header also 959 consumes a part of the quoted packet header) and is normally the case 960 for ICMPv6. When the verification is completed, the router Link MTU 961 size indicated in the PTB message SHOULD be used with the PLPMTUD 962 algorithm providing that the reported LInk MTU is less than the 963 current probe size. 965 5.2.3. DPLPMTUD for SCTP/DTLS 967 The Datagram Transport Layer Security (DTLS) encapsulation of SCTP is 968 specified in [I-D.ietf-tsvwg-sctp-dtls-encaps]. It is used for data 969 channels in WebRTC implementations. 971 5.2.3.1. Sending SCTP/DTLS Probe Packets 973 Packet probing can be done as specified in Section 5.2.1.1. 975 5.2.3.2. Validating the Path with SCTP/DTLS 977 Since SCTP provides an acknowledged PL, a sender does MUST NOT 978 implement the REACHABILITY_TIMER while in the PROBE_DONE state. 980 5.2.3.3. Handling of PTB Messages by SCTP/DTLS 981 It is not possible to perform normal ICMP verification as specified 982 in [RFC4960], since even if the ICMP message payload contains 983 sufficient information, the reflected SCTP common header would be 984 encrypted. Therefore it is not possible to process PTB messages at 985 the PL. 987 5.3. Other IETF Transports 989 Quick UDP Internet Connection (QUIC) is a UDP-based transport that 990 provides reception feedback [I-D.ietf-quic-transport]. 992 XXX << This section will be completed in a future revision of this ID 993 >> 995 5.4. DPLPMTUD by Applications 997 Applications that use the Datagram API (e.g., applications built 998 directly or indirectly on UDP) can implement DPLPMTUD. Some 999 primitives used by DPLPMTUD might not be available via this interface 1000 (e.g., the ability to access the PMTU cache, or interpret received 1001 ICMP PTB messages). 1003 In addition, it is important that PMTUD is not performed by multiple 1004 protocol layers. 1006 XXX << This section will be completed in a future revision of this ID 1007 >> 1009 6. Acknowledgements 1011 This work was partially funded by the European Union's Horizon 2020 1012 research and innovation programme under grant agreement No. 644334 1013 (NEAT). The views expressed are solely those of the author(s). 1015 7. IANA Considerations 1017 This memo includes no request to IANA. 1019 XXX << If new UDP Options are specified in this document, a request 1020 to IANA will be included here.>> 1022 If there are no requirements for IANA, the section will be removed 1023 during conversion into an RFC by the RFC Editor. 1025 8. Security Considerations 1027 The security considerations for the use of UDP and SCTP are provided 1028 in the references RFCs. Security guidance for applications using UDP 1029 is provided in the UDP-Guidelines [RFC8085]. 1031 PTB messages could potentially be used to cause a node to 1032 inappropriately reduce the effective PMTU. A node supporting PLPMTUD 1033 SHOULD/MUST appropriately verify the payload of PTB messages to 1034 ensure these are received in response to transmitted traffic (i.e., a 1035 reported error condition that corresponds to a datagram actually sent 1036 by the path layer. 1038 XXX Determine if parallel forwarding paths needs to be considered XXX 1040 A node performing PLPMTUD could experience conflicting information 1041 about the size of supported probe packets. This could occur when 1042 there are multiple paths are concurrently in use and these exhibit a 1043 different PMTU. If not considered, this could result in data being 1044 blackholed when the effective PMTU is larger than the smallest PMTU 1045 across the current paths. 1047 9. References 1049 9.1. Normative References 1051 [I-D.ietf-quic-transport] 1052 Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed 1053 and Secure Transport", Internet-Draft draft-ietf-quic- 1054 transport-04, June 2017. 1056 [I-D.ietf-tsvwg-sctp-dtls-encaps] 1057 Tuexen, M., Stewart, R., Jesup, R. and S. Loreto, "DTLS 1058 Encapsulation of SCTP Packets", Internet-Draft draft-ietf- 1059 tsvwg-sctp-dtls-encaps-09, January 2015. 1061 [I-D.ietf-tsvwg-udp-options] 1062 Touch, J., "Transport Options for UDP", Internet-Draft 1063 draft-ietf-tsvwg-udp-options-01, June 2017. 1065 [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, DOI 1066 10.17487/RFC0768, August 1980, . 1069 [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, 1070 RFC 792, DOI 10.17487/RFC0792, September 1981, . 1073 [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - 1074 Communication Layers", STD 3, RFC 1122, DOI 10.17487/ 1075 RFC1122, October 1989, . 1078 [RFC1812] Baker, F., Ed., "Requirements for IP Version 4 Routers", 1079 RFC 1812, DOI 10.17487/RFC1812, June 1995, . 1082 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1083 Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ 1084 RFC2119, March 1997, . 1087 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 1088 (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460, 1089 December 1998, . 1091 [RFC3828] Larzon, L-A., Degermark, M., Pink, S., Jonsson, L-E.Ed., 1092 and G. Fairhurst, Ed., "The Lightweight User Datagram 1093 Protocol (UDP-Lite)", RFC 3828, DOI 10.17487/RFC3828, July 1094 2004, . 1096 [RFC4820] Tuexen, M., Stewart, R. and P. Lei, "Padding Chunk and 1097 Parameter for the Stream Control Transmission Protocol 1098 (SCTP)", RFC 4820, DOI 10.17487/RFC4820, March 2007, 1099 . 1101 [RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", 1102 RFC 4960, DOI 10.17487/RFC4960, September 2007, . 1105 [RFC6951] Tuexen, M. and R. Stewart, "UDP Encapsulation of Stream 1106 Control Transmission Protocol (SCTP) Packets for End-Host 1107 to End-Host Communication", RFC 6951, DOI 10.17487/ 1108 RFC6951, May 2013, . 1111 [RFC8085] Eggert, L., Fairhurst, G. and G. Shepherd, "UDP Usage 1112 Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, 1113 March 2017, . 1115 [RFC8201] McCann, J., Deering, S., Mogul, J. and R. Hinden, Ed., 1116 "Path MTU Discovery for IP version 6", STD 87, RFC 8201, 1117 DOI 10.17487/RFC8201, July 2017, . 1120 9.2. Informative References 1122 [RFC1191] Mogul, J.C. and S.E. Deering, "Path MTU discovery", RFC 1123 1191, DOI 10.17487/RFC1191, November 1990, . 1126 [RFC2923] Lahey, K., "TCP Problems with Path MTU Discovery", RFC 1127 2923, DOI 10.17487/RFC2923, September 2000, . 1130 [RFC4340] Kohler, E., Handley, M. and S. Floyd, "Datagram Congestion 1131 Control Protocol (DCCP)", RFC 4340, DOI 10.17487/RFC4340, 1132 March 2006, . 1134 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 1135 Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, 1136 . 1138 [RFC4890] Davies, E. and J. Mohacsi, "Recommendations for Filtering 1139 ICMPv6 Messages in Firewalls", RFC 4890, DOI 10.17487/ 1140 RFC4890, May 2007, . 1143 Appendix A. Event-driven state changes 1145 This appendix contains an informative description of key events: 1147 Path Setup: When a new path is initiated, the state is set to 1148 PROBE_START. As soon as the path is confirmed, the state changes 1149 to PROBE_BASE and the probing mechanism for this path is started. 1150 A probe packet with the size of the BASE_PMTU is sent. 1152 Arrival of an Acknowledgment: Depending on the probing state, the 1153 reaction differs according to Figure 4, which is just a 1154 simplification of Figure 1 focusing on this event. 1156 +--------------+ +----------------+ 1157 | PROBE_START | --3------------------------------->| PROBE_DISABLED | 1158 +--------------+ --4-----------\ +----------------+ 1159 \ 1160 +--------------+ \ 1161 | PROBE_ERROR | --------------- \ 1162 +--------------+ \ \ 1163 \ \ 1164 +--------------+ \ \ +--------------+ 1165 | PROBE_BASE | --1---------- \ ------------> | PROBE_BASE | 1166 +--------------+ --2----- \ \ +--------------+ 1167 \ \ \ 1168 +--------------+ \ \ ------------> +--------------+ 1169 | PROBE_SEARCH | --2--- \ -----------------> | PROBE_SEARCH | 1170 +--------------+ --1---\----\---------------------> +--------------+ 1171 \ \ 1172 +--------------+ \ \ +--------------+ 1173 | PROBE_DONE | \ -------------------> | PROBE_DONE | 1174 +--------------+ -----------------------> +--------------+ 1176 Condition 1: The maximum PMTU size has not yet been reached. 1177 Condition 2: The maximum PMTU size has been reached. Conition 3: 1178 Probe Timer expires and PROBE_COUNT = MAX_PROBEs. Condition 4: 1179 PROBE_ACK received. 1181 Probing timeout: The PROBE_COUNT is initialised to zero each time the 1182 value of PROBED_SIZE is changed. The PROBE_TIMER is started each 1183 time a probe packet is sent. It is stopped when an acknowledgment 1184 arrives that confirms delivery of a probe packet. If the probe 1185 packet is not acknowledged before,the PROBE_TIMER expires, the 1186 PROBE_ERROR_COUNTER is incremented. When the PROBE_COUNT equals 1187 the value MAX_PROBES, the state is changed, otherwise a new probe 1188 packet of the same size (PROBED_SIZE) is resent. The state 1189 transitions are illustrated in Figure 5. This shows a 1190 simplification of Figure 1 with a focus only on this event. 1192 +--------------+ +----------------+ 1193 | PROBE_START |----------------------------------->| PROBE_DISABLED | 1194 +--------------+ +----------------+ 1196 +--------------+ +--------------+ 1197 | PROBE_ERROR | -----------------> | PROBE_ERROR | 1198 +--------------+ / +--------------+ 1199 / 1200 +--------------+ --2----------/ +--------------+ 1201 | PROBE_BASE | --1------------------------------> | PROBE_BASE | 1202 +--------------+ +--------------+ 1204 +--------------+ +--------------+ 1205 | PROBE_SEARCH | --1------------------------------> | PROBE_SEARCH | 1206 +--------------+ --2--------- +--------------+ 1207 \ 1208 +--------------+ \ +--------------+ 1209 | PROBE_DONE | -------------------> | PROBE_DONE | 1210 +--------------+ +--------------+ 1212 Condition 1: The maximum number of probe packets has not been 1213 reached. Condition 2: The maximum number of probe packets has been 1214 reached. 1216 PMTU raise timer timeout: The path through the network can change 1217 over time. It impossible to discover whether a path change has 1218 increased in the actual PMTU by exchanging packets less than or 1219 equal to the effective PMTU. This requires PLPMTUD to periodically 1220 send a probe packet to detect whether a larger PMTU is possible. 1221 This probe packet is generated by the PMTU_RAISE_TIMER. When the 1222 timer expires, probing is restarted with the BASE_PMTU and the 1223 state is changed to PROBE_BASE. 1225 Arrival of an ICMP message: The active probing of the path can be 1226 supported by the arrival of PTB messages sent by routers or 1227 middleboxes with a link MTU that is smaller than the probe packet 1228 size. If the PTB message includes the router link MTU, three 1229 cases can be distinguished: 1231 1. The indicated link MTU in the PTB message is between the 1232 already probed and effective MTU and the probe that triggered 1233 the PTB message. 1235 2. The indicated link MTU in the PTB message is smaller than the 1236 effective PMTU. 1238 3. The indicated link MTU in the PTB message is equal to the 1239 BASE_PMTU. 1241 In first case, the PROBE_BASE state transitions to the PROBE_ERROR 1242 state. In the PROBE_SEARCH state, a new probe packet is sent with 1243 the sized reported by the PTB message. Its result is handled 1244 according to the former events. 1246 The second case could be a result of a network re-configuration. 1247 If the reported link MTU in the PTB message is greater than the 1248 BASE_MTU, the probing starts again with a value of PROBE_BASE. 1249 Otherwise, the method enters the state PROBE_ERROR. 1251 In the third case, the maximum possible PMTU has been reached. 1252 This is probed again, because there could be a link further along 1253 the path with a still smaller MTU. 1255 Note: Not all routers include the link MTU size when they send a 1256 PTB message. If the PTB message does not indicate the link MTU, 1257 the probe is handled in the same way as condition 2 of Figure 5. 1259 Appendix B. Revision Notes 1261 Note to RFC-Editor: please remove this entire section prior to 1262 publication. 1264 Individual draft -00: 1266 o Comments and corrections are welcome directly to the authors or 1267 via the IETF TSVWG working group mailing list. 1269 o This update is proposed for WG comments. 1271 Individual draft -01: 1273 o Contains the first representation of the algorithm, showing the 1274 states and timers 1276 o This update is proposed for WG comments. 1278 Individual draft -02: 1280 o Contains updated representation of the algorithm, and textual 1281 corrections. 1283 o The text describing when to set the effective PMTU has not yet 1284 been verified by the authors 1286 o To determine security to off-path-attacks: We need to decide 1287 whether a received PTB message SHOULD/MUST be verified? The text 1288 on how to handle a PTB message indicating a link MTU larger than 1289 the probe has yet not been verified by the authors 1291 o No text currently describes how to handle inconsistent results 1292 from arbitrary re-routing along different parallel paths 1294 o This update is proposed for WG comments. 1296 Working Group draft -00: 1298 o This draft follows a successful adoption call for TSVWG 1300 o There is still work to complete, please comment on this draft. 1302 o Sections marked XXX indicate areas that are expected to change in 1303 the next revision. 1305 Authors' Addresses 1307 Godred Fairhurst 1308 University of Aberdeen 1309 School of Engineering 1310 Fraser Noble Building 1311 Aberdeen, AB24 3U 1312 UK 1314 Email: gorry@erg.abdn.ac.uk 1316 Tom Jones 1317 University of Aberdeen 1318 School of Engineering 1319 Fraser Noble Building 1320 Aberdeen, AB24 3U 1321 UK 1323 Email: tom@erg.abdn.ac.uk 1325 Michael Tuexen 1326 Muenster University of Applied Sciences 1327 Stegerwaldstrasse 39 1328 Stein fart, 48565 1329 DE 1331 Email: tuexen@fh-muenster.de 1332 Irene Ruengeler 1333 Muenster University of Applied Sciences 1334 Stegerwaldstrasse 39 1335 Stein fart, 48565 1336 DE 1338 Email: i.ruengeler@fh-muenster.de