idnits 2.17.1 draft-petithuguenin-behave-stun-pmtud-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 15. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 418. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 429. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 436. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 442. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 3, 2008) is 5651 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 5389 (Obsoleted by RFC 8489) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) == Outdated reference: A later version (-08) exists of draft-ietf-behave-nat-behavior-discovery-05 Summary: 2 errors (**), 0 flaws (~~), 2 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Petit-Huguenin 3 Internet-Draft 8x8, Inc. 4 Intended status: Standards Track November 3, 2008 5 Expires: May 7, 2009 7 Path MTU Discovery Using Session Traversal Utilities for NAT (STUN) 8 draft-petithuguenin-behave-stun-pmtud-02 10 Status of this Memo 12 By submitting this Internet-Draft, each author represents that any 13 applicable patent or other IPR claims of which he or she is aware 14 have been or will be disclosed, and any of which he or she becomes 15 aware will be disclosed, in accordance with Section 6 of BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that 19 other groups may also distribute working documents as Internet- 20 Drafts. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 The list of current Internet-Drafts can be accessed at 28 http://www.ietf.org/ietf/1id-abstracts.txt. 30 The list of Internet-Draft Shadow Directories can be accessed at 31 http://www.ietf.org/shadow.html. 33 This Internet-Draft will expire on May 7, 2009. 35 Abstract 37 This document describes a Session Traversal Utilities for NAT (STUN) 38 usages for discovering the path MTU between a client and a server. 40 Table of Contents 42 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 43 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 44 3. Probing Mechanisms . . . . . . . . . . . . . . . . . . . . . . 4 45 4. Simple Probing Mechanism . . . . . . . . . . . . . . . . . . . 4 46 4.1. Sending a Probe Request . . . . . . . . . . . . . . . . . 4 47 4.2. Receiving a Probe Request . . . . . . . . . . . . . . . . 4 48 4.3. Receiving a Probe Response . . . . . . . . . . . . . . . . 4 49 5. Complete Probing Mechanism . . . . . . . . . . . . . . . . . . 5 50 5.1. Sending the Probe Indications and Report Request . . . . . 5 51 5.2. Receiving an ICMP packet . . . . . . . . . . . . . . . . . 5 52 5.3. Receiving a Probe Indication and Report Request . . . . . 5 53 5.4. Receiving a Report Response . . . . . . . . . . . . . . . 6 54 5.5. Using Checksum as Packet Identifiers . . . . . . . . . . . 6 55 5.6. Using Sequential Numbers as Packet Identifiers . . . . . . 6 56 6. Probe Support Discovery Mechanisms . . . . . . . . . . . . . . 7 57 6.1. Implicit Mechanism . . . . . . . . . . . . . . . . . . . . 7 58 6.2. Probe Support Discovery with TURN . . . . . . . . . . . . 7 59 6.3. Probe Support Discovery with ICE . . . . . . . . . . . . . 7 60 7. New STUN Method . . . . . . . . . . . . . . . . . . . . . . . 7 61 8. New STUN Attributes . . . . . . . . . . . . . . . . . . . . . 7 62 8.1. IDENTIFIERS . . . . . . . . . . . . . . . . . . . . . . . 8 63 8.2. PMTUD-SUPPORTED . . . . . . . . . . . . . . . . . . . . . 8 64 9. Security Considerations . . . . . . . . . . . . . . . . . . . 8 65 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 66 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8 67 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 68 12.1. Normative References . . . . . . . . . . . . . . . . . . . 8 69 12.2. Informative References . . . . . . . . . . . . . . . . . . 9 70 Appendix A. Release notes . . . . . . . . . . . . . . . . . . . . 9 71 A.1. Modifications between -02 and -01 . . . . . . . . . . . . 9 72 A.2. Modifications between -01 and -00 . . . . . . . . . . . . 9 73 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 9 74 Intellectual Property and Copyright Statements . . . . . . . . . . 11 76 1. Introduction 78 The Packetization Layer Path MTU Discovery specification [RFC4821] 79 describes a method to discover the path MTU but does not describe a 80 practical protocol to do so with UDP. 82 This document only describe how probing mechanisms are implemented 83 with STUN. The algorithm to find the path MTU is described in 84 [RFC4821]. 86 Two probing mechanisms are described, a simple probing mechanism and 87 a more complete mechanism that can converge quicker. 89 The simple probing mechanism is implemented by sending a Probe 90 Request with a PADDING [I-D.ietf-behave-nat-behavior-discovery] 91 attribute and the DF bit set over UDP. A router on the path to the 92 server can reject this request with an ICMP message or drop it. The 93 client SHOULD cease retransmissions after 3 missing responses. 95 The complete probing mechanism is implemented by sending one or more 96 Probe Indication with a PADDING attribute and the DF bit set over UDP 97 then a Report Request to the same server. A router on the path to 98 the server can reject this indication with an ICMP message or drop 99 it. The server keeps a time ordered list of identifiers of all 100 packets received (including retransmitted packets) and sends this 101 list back to the client in the Report Response. The client analyzes 102 this list to find which packets were not received. Because UDP 103 packets does not contain an identifier, the complete probing 104 mechanism needs a way to identify each packet received. As example, 105 this document describes two different ways to identify a specific 106 packet. 108 In the first packet identifier mechanism, the server computes a 109 checksum over each packet received and sends back to the sender the 110 ordered list of checksums. The client compares this list to its own 111 list of checksums. 113 In the second packet identifier mechanism, the client adds a 114 sequential number in front of each UDP packet sent. The server sends 115 back the ordered list of sequential numbers received that the client 116 compares to its own list 118 2. Terminology 120 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 121 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 122 document are to be interpreted as described in [RFC2119]. 124 3. Probing Mechanisms 126 A client MUST NOT send a probe if it does not have knowledge that the 127 server supports this specification. This is done by an external 128 mechanism specific to each UDP protocol. Section 6 describes some of 129 this mechanisms. 131 The probe mechanism is used to discover the path MTU in one direction 132 only, from the client to the server. 134 4. Simple Probing Mechanism 136 4.1. Sending a Probe Request 138 A client forms a Probe Request by following the rules in Section 7.1 139 of [RFC5389]. No authentication method is used. The client adds a 140 PADDING [I-D.ietf-behave-nat-behavior-discovery] attribute with a 141 length that, when added to the IP and UDP headers and the other STUN 142 components, is equal to the Selected Probe Size, as defined in 143 [RFC4821] section 7.3. The client MUST add the FINGERPRINT 144 attribute. 146 Then the client sends the Probe Request to the server over UDP with 147 the DF bit set. The client SHOULD stop retransmitting after 3 148 missing responses. 150 4.2. Receiving a Probe Request 152 A server receiving a Probe Request MUST process it as specified in 153 [RFC5389]. The server MUST NOT challenge the client. 155 The server then creates a Probe Response. The server MUST add the 156 FINGERPRINT attribute. The server then sends the response to the 157 client. 159 4.3. Receiving a Probe Response 161 A client receiving a Probe Response MUST process it as specified in 162 [RFC5389]. If a response is received this is interpreted as a Probe 163 Success as defined in [RFC4821] section 7.6.1. If an ICMP packet 164 "Fragmentation needed" is received then this is interpreted as a 165 Probe Failure as defined in [RFC4821] section 7.6.2. If the Probe 166 transactions fails in timeout, then this is interpreted as a Probe 167 Inconclusive as defined in [RFC4821] section 7.6.4. 169 5. Complete Probing Mechanism 171 5.1. Sending the Probe Indications and Report Request 173 A client forms a Probe Indication by following the rules in [RFC5389] 174 section 7.1. The client adds to the Probe Indication a PADDING 175 attribute with a size that, when added to the IP and UDP headers and 176 the other STUN components, is equal to the Selected Probe Size, as 177 defined in [RFC4821] section 7.3. The client MUST add the 178 FINGERPRINT attribute. 180 Then the client sends the Probe Indication to the server over UDP 181 with the DF bit set. 183 Then the client forms a Report Request by following the rules in 184 [RFC5389] section 7.1. No authentication method is used. The client 185 MUST add the FINGERPRINT attribute. 187 Then the client waits half the RTO if it is known or 50 milliseconds 188 after sending the Probe Indication and sends the Report Request to 189 the server over UDP. 191 5.2. Receiving an ICMP packet 193 If an ICMP packet "Fragmentation needed" is received then this is 194 interpreted as a Probe Failure as defined in [RFC4821] section 7.5. 196 5.3. Receiving a Probe Indication and Report Request 198 A server supporting this specification and knowing that the client 199 also supports it will keep the identifiers of all packets received in 200 a list ordered by receiving time. The same identifier can appear 201 multiple times in the list because of retransmission. The maximum 202 size of this list is calculated so that when the list is added to the 203 Report Response, the total size of the packet does not exceed the 204 unknown path MTU as defined in [RFC5389] section 7.1. Older 205 identifiers are removed when new identifiers are added to a list 206 already full. 208 A server receiving a Report Request MUST process it as specified in 209 [RFC5389]. The server MUST NOT challenge the client. 211 The server creates a Report Response and adds an IDENTIFIERS 212 attribute that contains the list of all identifiers received so far. 213 The server MUST add the FINGERPRINT attribute. The server then sends 214 the response to the client. 216 5.4. Receiving a Report Response 218 A client receiving a Report Response processes it as specified in 219 [RFC5389]. If the response IDENTIFIERS attribute contains the 220 identifier of the Probe Indication, then this is interpreted as a 221 Probe Success for this probe as defined in [RFC4821] Section 7.5. If 222 the Probe Indication identifier cannot be found in the Report 223 Response, this is interpreted as a Probe Failure as defined in 224 [RFC4821] Section 7.5. If the Probe Indication identifier cannot be 225 found in the Report Response but other packets identifier sent before 226 or after the Probe Indication cannot also be found, this is 227 interpreted as a Probe Inconclusive as defined in [RFC4821] Section 228 7.5. If the Report Transaction fails in timeout, this is interpreted 229 as a Full-Stop Timeout as defined in [RFC4821] Section 3. 231 5.5. Using Checksum as Packet Identifiers 233 When using checksum as packet identifiers, the client calculate the 234 checksum for each packets sent over UDP and keep this checksum in an 235 ordered list. The server does the same thing and send back this list 236 in the Report Response. 238 It could have been possible to use the checksum generated in the UDP 239 checksum for this, but this value is generally not accessible to 240 applications. Also sometimes the checksum is not calculated or off- 241 loaded to the network card. 243 5.6. Using Sequential Numbers as Packet Identifiers 245 When using sequential numbers, a small header similar to the TURN 246 ChannelData header is added in front of all non-STUN packets. The 247 sequential number is incremented for each packet sent. The server 248 collects the sequence number of the packets sent. 250 0 1 2 3 251 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 252 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 253 | Channel Number | Length | 254 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 255 | Sequence number | 256 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 257 | | 258 / Application Data / 259 / / 260 | | 261 | +-------------------------------+ 262 | | 263 +-------------------------------+ 264 The Channel Number is always 0xFFFF. 266 6. Probe Support Discovery Mechanisms 268 6.1. Implicit Mechanism 270 An endpoint acting as a client for the STUN usage described in this 271 specification MUST also act as a server for this STUN usage. This 272 means that a server receiving a probe can assumes that it can acts as 273 a client to discover the path MTU to the IP address and port from 274 which it received the probe. 276 6.2. Probe Support Discovery with TURN 278 A TURN client supporting this STUN usage will add a PMTUD-SUPPORTED 279 attribute to the Allocate Request sent to the TURN server. The TURN 280 server can immediately start to send probes to the TURN client on 281 reception of an Allocation Request with a PMTUD-SUPPORTED attribute. 282 The TURN client will then use the Implicit Mechanism described above 283 to send probes. 285 6.3. Probe Support Discovery with ICE 287 An ICE [I-D.ietf-mmusic-ice] client supporting this STUN usage will 288 add a PMTUD-SUPPORTED attribute to the Binding Request sent during a 289 connectivity check. The ICE server can immediately start to send 290 probes to the ICE client on reception of a Binding Request with a 291 PMTUD-SUPPORTED attributed. Local candidates receiving Binding 292 Request with the PMTUD-SUPPORTED flag must not start PMTUD with the 293 remote candidate if already done so. The ICE client will then use 294 the Implicit Mechanism described above to send probes. 296 7. New STUN Method 298 This specification defines the following new STUN methods: 300 0x801 : Probe 301 0x802 : Report 303 8. New STUN Attributes 305 This specification defines the following new STUN attributes: 307 0x4001 : IDENTIFIERS 308 0xC001 : PMTUD-SUPPORTED 310 8.1. IDENTIFIERS 312 The IDENTIFIERS attribute is used in Report Response. It contains a 313 list of UDP packet identifiers. 315 8.2. PMTUD-SUPPORTED 317 The PMTUD-SUPPORTED attribute is used in STUN usages and extensions 318 to signal the support of this specification. This attribute has no 319 content. 321 9. Security Considerations 323 TBD 325 10. IANA Considerations 327 TBD 329 11. Acknowledgements 331 Thanks to Dan Wing and Eilon Yardeni for their comments, suggestions 332 and questions that helped to improve this document. 334 This document was written with the xml2rfc tool described in 335 [RFC2629]. 337 12. References 339 12.1. Normative References 341 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 342 Requirement Levels", BCP 14, RFC 2119, March 1997. 344 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 345 Discovery", RFC 4821, March 2007. 347 [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, 348 "Session Traversal Utilities for NAT (STUN)", RFC 5389, 349 October 2008. 351 [I-D.ietf-mmusic-ice] 352 Rosenberg, J., "Interactive Connectivity Establishment 353 (ICE): A Protocol for Network Address Translator (NAT) 354 Traversal for Offer/Answer Protocols", 355 draft-ietf-mmusic-ice-19 (work in progress), October 2007. 357 12.2. Informative References 359 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 360 June 1999. 362 [I-D.ietf-behave-nat-behavior-discovery] 363 MacDonald, D. and B. Lowekamp, "NAT Behavior Discovery 364 Using STUN", draft-ietf-behave-nat-behavior-discovery-05 365 (work in progress), November 2008. 367 Appendix A. Release notes 369 This section must be removed before publication as an RFC. 371 A.1. Modifications between -02 and -01 373 o Replaced the transactions identifiers by packet identifiers 374 o Defined checksum and sequential numbers as possible packet 375 identifiers. 376 o Updated the reference to RFC 5389 377 o The FINGERPRINT attribute is now mandatory. 378 o Changed the delay between Probe indication and Report request to 379 be RTO/2 or 50 milliseconds. 380 o Added ICMP packet processing. 381 o Added Full-Stop Timeout detection. 382 o Stated that Binding request with PMTUD-SUPPORTED does not start 383 the PMTUD process if already started. 385 A.2. Modifications between -01 and -00 387 o Removed the use of modified STUN transaction but shorten the 388 retransmission for the simple probing mechanism. 389 o Added a complete probing mechanism. 390 o Removed the PADDING-RECEIVED attribute. 391 o Added release notes. 393 Author's Address 395 Marc Petit-Huguenin 396 8x8, Inc. 397 3151 Jay Street 398 Santa Clara, CA 95054 399 US 401 Phone: +1 408 654 0875 402 Email: marc@8x8.com 404 Full Copyright Statement 406 Copyright (C) The IETF Trust (2008). 408 This document is subject to the rights, licenses and restrictions 409 contained in BCP 78, and except as set forth therein, the authors 410 retain all their rights. 412 This document and the information contained herein are provided on an 413 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 414 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 415 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 416 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 417 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 418 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 420 Intellectual Property 422 The IETF takes no position regarding the validity or scope of any 423 Intellectual Property Rights or other rights that might be claimed to 424 pertain to the implementation or use of the technology described in 425 this document or the extent to which any license under such rights 426 might or might not be available; nor does it represent that it has 427 made any independent effort to identify any such rights. Information 428 on the procedures with respect to rights in RFC documents can be 429 found in BCP 78 and BCP 79. 431 Copies of IPR disclosures made to the IETF Secretariat and any 432 assurances of licenses to be made available, or the result of an 433 attempt made to obtain a general license or permission for the use of 434 such proprietary rights by implementers or users of this 435 specification can be obtained from the IETF on-line IPR repository at 436 http://www.ietf.org/ipr. 438 The IETF invites any interested party to bring to its attention any 439 copyrights, patents or patent applications, or other proprietary 440 rights that may cover technology that may be required to implement 441 this standard. Please address the information to the IETF at 442 ietf-ipr@ietf.org.