idnits 2.17.1 draft-petithuguenin-tram-stun-pmtud-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 6, 2015) is 3216 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'I-D.ietf-payload-flexible-fec-scheme' is defined on line 400, but no explicit reference was found in the text == Unused Reference: 'RFC6982' is defined on line 410, but no explicit reference was found in the text ** Obsolete normative reference: RFC 5389 (Obsoleted by RFC 8489) ** Obsolete normative reference: RFC 5245 (Obsoleted by RFC 8445, RFC 8839) == Outdated reference: A later version (-20) exists of draft-ietf-payload-flexible-fec-scheme-00 -- Obsolete informational reference (is this intentional?): RFC 6982 (Obsoleted by RFC 7942) Summary: 2 errors (**), 0 flaws (~~), 4 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 TRAM M. Petit-Huguenin 3 Internet-Draft Impedance Mismatch 4 Intended status: Standards Track G. Salgueiro 5 Expires: January 7, 2016 Cisco 6 July 6, 2015 8 Path MTU Discovery Using Session Traversal Utilities for NAT (STUN) 9 draft-petithuguenin-tram-stun-pmtud-01 11 Abstract 13 This document describes a Session Traversal Utilities for NAT (STUN) 14 usage for Path MTU Discovery (PMTUD) between a client and a server. 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at http://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on January 7, 2016. 33 Copyright Notice 35 Copyright (c) 2015 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (http://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 52 3. Probing Mechanisms . . . . . . . . . . . . . . . . . . . . . 3 53 4. Simple Probing Mechanism . . . . . . . . . . . . . . . . . . 4 54 4.1. Sending a Probe Request . . . . . . . . . . . . . . . . . 4 55 4.2. Receiving a Probe Request . . . . . . . . . . . . . . . . 4 56 4.3. Receiving a Probe Response . . . . . . . . . . . . . . . 4 57 5. Complete Probing Mechanism . . . . . . . . . . . . . . . . . 5 58 5.1. Sending the Probe Indications and Report Request . . . . 5 59 5.2. Receiving an ICMP packet . . . . . . . . . . . . . . . . 5 60 5.3. Receiving a Probe Indication and Report Request . . . . . 5 61 5.4. Receiving a Report Response . . . . . . . . . . . . . . . 6 62 5.5. Using Checksum as Packet Identifiers . . . . . . . . . . 6 63 5.6. Using Sequential Numbers as Packet Identifiers . . . . . 6 64 6. Probe Support Discovery Mechanisms . . . . . . . . . . . . . 7 65 6.1. Implicit Mechanism . . . . . . . . . . . . . . . . . . . 7 66 6.2. Probe Support Discovery with TURN . . . . . . . . . . . . 7 67 6.3. Probe Support Discovery with ICE . . . . . . . . . . . . 7 68 7. New STUN Method . . . . . . . . . . . . . . . . . . . . . . . 8 69 8. New STUN Attributes . . . . . . . . . . . . . . . . . . . . . 8 70 8.1. IDENTIFIERS . . . . . . . . . . . . . . . . . . . . . . . 8 71 8.2. PMTUD-SUPPORTED . . . . . . . . . . . . . . . . . . . . . 8 72 9. Security Considerations . . . . . . . . . . . . . . . . . . . 8 73 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 74 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 75 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 76 12.1. Normative References . . . . . . . . . . . . . . . . . . 9 77 12.2. Informative References . . . . . . . . . . . . . . . . . 9 78 Appendix A. Release Notes . . . . . . . . . . . . . . . . . . . 10 79 A.1. Modifications between draft-petithuguenin-tram-stun- 80 pmtud-01 and draft-petithuguenin-tram-stun-pmtud-00 . . . 10 81 A.2. Modifications between draft-petithuguenin-tram-stun- 82 pmtud-00 and draft-petithuguenin-behave-stun-pmtud-03 . . 10 83 A.3. Modifications between draft-petithuguenin-behave-stun- 84 pmtud-03 and draft-petithuguenin-behave-stun-pmtud-02 . . 10 85 A.4. Modifications between draft-petithuguenin-behave-stun- 86 pmtud-02 and draft-petithuguenin-behave-stun-pmtud-01 . . 10 87 A.5. Modifications between draft-petithuguenin-behave-stun- 88 pmtud-01 and draft-petithuguenin-behave-stun-pmtud-00 . . 11 89 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11 91 1. Introduction 93 The Packetization Layer Path MTU Discovery specification [RFC4821] 94 describes a method to discover the path MTU but does not describe a 95 practical protocol to do so with UDP. 97 This document only describes how probing mechanisms are implemented 98 with Session Traversal Utilities for NAT (STUN). The algorithm to 99 find the path MTU is described in [RFC4821]. 101 The STUN usage defined in this document for Path MTU Discovery 102 (PMTUD) between a client and a server simplifies troubleshooting and 103 has multiple applications across a wide variety of technologies. 105 Additional network characteristics like the network path (using the 106 STUN Traceroute mechanism described in 107 [I-D.martinsen-tram-stuntrace]) and bandwidth availability (using the 108 mechanism described in [I-D.martinsen-tram-turnbandwidthprobe]) can 109 be discovered using complementary techniques. 111 2. Terminology 113 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 114 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 115 document are to be interpreted as described in [RFC2119]. When these 116 words are not in ALL CAPS (such as "must" or "Must"), they have their 117 usual English meanings, and are not to be interpreted as RFC 2119 key 118 words. 120 3. Probing Mechanisms 122 A client MUST NOT send a probe if it does not have knowledge that the 123 server supports this specification. This is done by an external 124 mechanism specific to each UDP protocol. Section 6 describes some of 125 this mechanisms. 127 The probe mechanism is used to discover the path MTU in one direction 128 only, from the client to the server. 130 Two probing mechanisms are described, a simple probing mechanism and 131 a more complete mechanism that can converge quicker. 133 The simple probing mechanism is implemented by sending a Probe 134 Request with a PADDING [RFC5780] attribute and the DF bit set over 135 UDP. A router on the path to the server can reject this request with 136 an ICMP message or drop it. The client SHOULD cease retransmissions 137 after 3 missing responses. 139 The complete probing mechanism is implemented by sending one or more 140 Probe Indication with a PADDING attribute and the DF bit set over UDP 141 then a Report Request to the same server. A router on the path to 142 the server can reject this indication with an ICMP message or drop 143 it. The server keeps a time ordered list of identifiers of all 144 packets received (including retransmitted packets) and sends this 145 list back to the client in the Report Response. The client analyzes 146 this list to find which packets were not received. Because UDP 147 packets does not contain an identifier, the complete probing 148 mechanism needs a way to identify each packet received. While there 149 are other possible packet identification schemes, this document 150 describes two different ways to identify a specific packet. 152 In the first packet identifier mechanism, the server computes a 153 checksum over each packet received and sends back to the sender the 154 ordered list of checksums. The client compares this list to its own 155 list of checksums. 157 In the second packet identifier mechanism, the client adds a 158 sequential number in front of each UDP packet sent. The server sends 159 back the ordered list of sequential numbers received that the client 160 compares to its own list 162 4. Simple Probing Mechanism 164 4.1. Sending a Probe Request 166 A client forms a Probe Request by following the rules in Section 7.1 167 of [RFC5389]. No authentication method is used. The client adds a 168 PADDING [RFC5780] attribute with a length that, when added to the IP 169 and UDP headers and the other STUN components, is equal to the 170 Selected Probe Size, as defined in [RFC4821] section 7.3. The client 171 MUST add the FINGERPRINT attribute. 173 Then the client sends the Probe Request to the server over UDP with 174 the DF bit set. The client SHOULD stop retransmitting after 3 175 missing responses. 177 4.2. Receiving a Probe Request 179 A server receiving a Probe Request MUST process it as specified in 180 [RFC5389]. The server MUST NOT challenge the client. 182 The server then creates a Probe Response. The server MUST add the 183 FINGERPRINT attribute. The server then sends the response to the 184 client. 186 4.3. Receiving a Probe Response 188 A client receiving a Probe Response MUST process it as specified in 189 [RFC5389]. If a response is received this is interpreted as a Probe 190 Success as defined in [RFC4821] section 7.6.1. If an ICMP packet 191 "Fragmentation needed" is received then this is interpreted as a 192 Probe Failure as defined in [RFC4821] section 7.6.2. If the Probe 193 transactions fails in timeout, then this is interpreted as a Probe 194 Inconclusive as defined in [RFC4821] section 7.6.4. 196 5. Complete Probing Mechanism 198 5.1. Sending the Probe Indications and Report Request 200 A client forms a Probe Indication by following the rules in [RFC5389] 201 section 7.1. The client adds to the Probe Indication a PADDING 202 attribute with a size that, when added to the IP and UDP headers and 203 the other STUN components, is equal to the Selected Probe Size, as 204 defined in [RFC4821] section 7.3. The client MUST add the 205 FINGERPRINT attribute. 207 Then the client sends the Probe Indication to the server over UDP 208 with the DF bit set. 210 Then the client forms a Report Request by following the rules in 211 [RFC5389] section 7.1. No authentication method is used. The client 212 MUST add the FINGERPRINT attribute. 214 Then the client waits half the RTO if it is known or 50 milliseconds 215 after sending the Probe Indication and sends the Report Request to 216 the server over UDP. 218 5.2. Receiving an ICMP packet 220 If an ICMP packet "Fragmentation needed" is received then this is 221 interpreted as a Probe Failure as defined in [RFC4821] section 7.5. 223 5.3. Receiving a Probe Indication and Report Request 225 A server supporting this specification and knowing that the client 226 also supports it will keep the identifiers of all packets received in 227 a list ordered by receiving time. The same identifier can appear 228 multiple times in the list because of retransmission. The maximum 229 size of this list is calculated so that when the list is added to the 230 Report Response, the total size of the packet does not exceed the 231 unknown path MTU as defined in [RFC5389] section 7.1. Older 232 identifiers are removed when new identifiers are added to a list 233 already full. 235 A server receiving a Report Request MUST process it as specified in 236 [RFC5389]. The server MUST NOT challenge the client. 238 The server creates a Report Response and adds an IDENTIFIERS 239 attribute that contains the list of all identifiers received so far. 241 The server MUST add the FINGERPRINT attribute. The server then sends 242 the response to the client. 244 5.4. Receiving a Report Response 246 A client receiving a Report Response processes it as specified in 247 [RFC5389]. If the response IDENTIFIERS attribute contains the 248 identifier of the Probe Indication, then this is interpreted as a 249 Probe Success for this probe as defined in [RFC4821] Section 7.5. If 250 the Probe Indication identifier cannot be found in the Report 251 Response, this is interpreted as a Probe Failure as defined in 252 [RFC4821] Section 7.5. If the Probe Indication identifier cannot be 253 found in the Report Response but other packets identifier sent before 254 or after the Probe Indication cannot also be found, this is 255 interpreted as a Probe Inconclusive as defined in [RFC4821] 256 Section 7.5. If the Report Transaction fails in timeout, this is 257 interpreted as a Full-Stop Timeout as defined in [RFC4821] Section 3. 259 5.5. Using Checksum as Packet Identifiers 261 When using checksum as packet identifiers, the client calculate the 262 checksum for each packet sent over UDP and keep this checksum in an 263 ordered list. The server does the same thing and send back this list 264 in the Report Response. 266 It could have been possible to use the checksum generated in the UDP 267 checksum for this, but this value is generally not accessible to 268 applications. Also sometimes the checksum is not calculated or off- 269 loaded to the network card. 271 5.6. Using Sequential Numbers as Packet Identifiers 273 When using sequential numbers, a small header similar to the TURN 274 ChannelData header is added in front of all non-STUN packets. The 275 sequential number is incremented for each packet sent. The server 276 collects the sequence number of the packets sent. 278 0 1 2 3 279 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 280 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 281 | Channel Number | Length | 282 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 283 | Sequence number | 284 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 285 | | 286 / Application Data / 287 / / 288 | | 289 | +-------------------------------+ 290 | | 291 +-------------------------------+ 293 The Channel Number is always 0xFFFF. 295 6. Probe Support Discovery Mechanisms 297 6.1. Implicit Mechanism 299 An endpoint acting as a client for the STUN usage described in this 300 specification MUST also act as a server for this STUN usage. This 301 means that a server receiving a probe can assumes that it can acts as 302 a client to discover the path MTU to the IP address and port from 303 which it received the probe. 305 6.2. Probe Support Discovery with TURN 307 A TURN client supporting this STUN usage will add a PMTUD-SUPPORTED 308 attribute to the Allocate Request sent to the TURN server. The TURN 309 server can immediately start to send probes to the TURN client on 310 reception of an Allocation Request with a PMTUD-SUPPORTED attribute. 311 The TURN client will then use the Implicit Mechanism described above 312 to send probes. 314 6.3. Probe Support Discovery with ICE 316 An ICE [RFC5245] client supporting this STUN usage will add a PMTUD- 317 SUPPORTED attribute to the Binding Request sent during a connectivity 318 check. The ICE server can immediately start to send probes to the 319 ICE client on reception of a Binding Request with a PMTUD-SUPPORTED 320 attributed. Local candidates receiving Binding Request with the 321 PMTUD-SUPPORTED flag must not start PMTUD with the remote candidate 322 if already done so. The ICE client will then use the Implicit 323 Mechanism described above to send probes. 325 7. New STUN Method 327 This specification defines the following new STUN methods: 329 0x801 : Probe 331 0x802 : Report 333 8. New STUN Attributes 335 This specification defines the following new STUN attributes: 337 0x4001 : IDENTIFIERS 339 0xC001 : PMTUD-SUPPORTED 341 8.1. IDENTIFIERS 343 The IDENTIFIERS attribute is used in Report Response. It contains a 344 list of UDP packet identifiers. 346 8.2. PMTUD-SUPPORTED 348 The PMTUD-SUPPORTED attribute is used in STUN usages and extensions 349 to signal the support of this specification. This attribute has no 350 content. 352 9. Security Considerations 354 TBD 356 10. IANA Considerations 358 TBD 360 11. Acknowledgements 362 Thanks to Eilon Yardeni, Geir Sandbakken and Paal-Erik Martinsen for 363 their review comments, suggestions and questions that helped to 364 improve this document. 366 Special thanks to Dan Wing, who supported this document since its 367 first publication back in 2008. 369 12. References 371 12.1. Normative References 373 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 374 Requirement Levels", BCP 14, RFC 2119, March 1997. 376 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 377 Discovery", RFC 4821, March 2007. 379 [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing, 380 "Session Traversal Utilities for NAT (STUN)", RFC 5389, 381 October 2008. 383 [RFC5245] Rosenberg, J., "Interactive Connectivity Establishment 384 (ICE): A Protocol for Network Address Translator (NAT) 385 Traversal for Offer/Answer Protocols", RFC 5245, April 386 2010. 388 12.2. Informative References 390 [I-D.martinsen-tram-stuntrace] 391 Martinsen, P. and D. Wing, "STUN Traceroute", draft- 392 martinsen-tram-stuntrace-01 (work in progress), June 2015. 394 [I-D.martinsen-tram-turnbandwidthprobe] 395 Martinsen, P., Andersen, T., Salgueiro, G., and M. Petit- 396 Huguenin, "Traversal Using Relays around NAT (TURN) 397 Bandwidth Probe", draft-martinsen-tram- 398 turnbandwidthprobe-00 (work in progress), May 2015. 400 [I-D.ietf-payload-flexible-fec-scheme] 401 Singh, V., Begen, A., and M. Zanaty, "RTP Payload Format 402 for Non-Interleaved and Interleaved Parity Forward Error 403 Correction (FEC)", draft-ietf-payload-flexible-fec- 404 scheme-00 (work in progress), February 2015. 406 [RFC5780] MacDonald, D. and B. Lowekamp, "NAT Behavior Discovery 407 Using Session Traversal Utilities for NAT (STUN)", RFC 408 5780, May 2010. 410 [RFC6982] Sheffer, Y. and A. Farrel, "Improving Awareness of Running 411 Code: The Implementation Status Section", RFC 6982, July 412 2013. 414 Appendix A. Release Notes 416 This section must be removed before publication as an RFC. 418 A.1. Modifications between draft-petithuguenin-tram-stun-pmtud-01 and 419 draft-petithuguenin-tram-stun-pmtud-00 421 o Moved some Introduction text to the Probing Mechanism section. 423 o Added cross-reference to the other two STUN troubleshooting 424 mechanism drafts. 426 o Updated references. 428 o Added Gonzalo Salgueiro as co-author. 430 A.2. Modifications between draft-petithuguenin-tram-stun-pmtud-00 and 431 draft-petithuguenin-behave-stun-pmtud-03 433 o General refresh for republication. 435 A.3. Modifications between draft-petithuguenin-behave-stun-pmtud-03 and 436 draft-petithuguenin-behave-stun-pmtud-02 438 o Changed author address. 440 o Changed the IPR to trust200902. 442 A.4. Modifications between draft-petithuguenin-behave-stun-pmtud-02 and 443 draft-petithuguenin-behave-stun-pmtud-01 445 o Replaced the transactions identifiers by packet identifiers 447 o Defined checksum and sequential numbers as possible packet 448 identifiers. 450 o Updated the reference to RFC 5389 452 o The FINGERPRINT attribute is now mandatory. 454 o Changed the delay between Probe indication and Report request to 455 be RTO/2 or 50 milliseconds. 457 o Added ICMP packet processing. 459 o Added Full-Stop Timeout detection. 461 o Stated that Binding request with PMTUD-SUPPORTED does not start 462 the PMTUD process if already started. 464 A.5. Modifications between draft-petithuguenin-behave-stun-pmtud-01 and 465 draft-petithuguenin-behave-stun-pmtud-00 467 o Removed the use of modified STUN transaction but shorten the 468 retransmission for the simple probing mechanism. 470 o Added a complete probing mechanism. 472 o Removed the PADDING-RECEIVED attribute. 474 o Added release notes. 476 Authors' Addresses 478 Marc Petit-Huguenin 479 Impedance Mismatch 481 Email: marc@petit-huguenin.org 483 Gonzalo Salgueiro 484 Cisco Systems, Inc. 485 7200-12 Kit Creek Road 486 Research Triangle Park, NC 27709 487 United States 489 Email: gsalguei@cisco.com