idnits 2.17.1 draft-petithuguenin-tsvwg-stun-pmtud-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (21 March 2022) is 739 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.V42.2002' -- Obsolete informational reference (is this intentional?): RFC 5766 (Obsoleted by RFC 8656) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Petit-Huguenin 3 Internet-Draft Impedance Mismatch 4 Intended status: Standards Track G. Salgueiro 5 Expires: 22 September 2022 Cisco Systems, Inc. 6 21 March 2022 8 Packetization Layer Path MTU Discovery (PLMTUD) For UDP Transports Using 9 Session Traversal Utilities for NAT (STUN) 10 draft-petithuguenin-tsvwg-stun-pmtud-00 12 Abstract 14 The datagram exchanged between two Internet endpoints have to go 15 through a series of physical and virtual links that may have 16 different limits on the upper size of the datagram they can transmit 17 without fragmentation. Because fragmentation is considered harmful, 18 most transports and protocols are designed with a mechanism that 19 permits dynamic measurement of the maximum size of a datagram. This 20 mechanism is called Packetization Layer Path MTU Discovery (PLPMTUD). 21 But the UDP transport and some of the protocols that use UDP were 22 designed without that feature. The Session Traversal Utilities for 23 NAT (STUN) Usage described in this document permits retrofitting an 24 existing UDP-based protocol with such a feature. Similarly, a new 25 UDP-based protocol could simply reuse the mechanism described in this 26 document. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at https://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on 22 September 2022. 45 Copyright Notice 47 Copyright (c) 2022 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 52 license-info) in effect on the date of publication of this document. 53 Please review these documents carefully, as they describe your rights 54 and restrictions with respect to this document. Code Components 55 extracted from this document must include Revised BSD License text as 56 described in Section 4.e of the Trust Legal Provisions and are 57 provided without warranty as described in the Revised BSD License. 59 Table of Contents 61 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 62 2. Overview of Operations . . . . . . . . . . . . . . . . . . . 3 63 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 64 4. Probing Mechanisms . . . . . . . . . . . . . . . . . . . . . 5 65 4.1. Simple Probing Mechanism . . . . . . . . . . . . . . . . 6 66 4.1.1. Sending a Probe Request . . . . . . . . . . . . . . . 6 67 4.1.2. Receiving a Probe Request . . . . . . . . . . . . . . 7 68 4.1.3. Receiving a Probe Response . . . . . . . . . . . . . 7 69 4.2. Complete Probing Mechanism . . . . . . . . . . . . . . . 7 70 4.2.1. Sending a Probe Indications and Report Request . . . 8 71 4.2.2. Receiving an ICMP Packet . . . . . . . . . . . . . . 9 72 4.2.3. Receiving a Probe Indication and Report Request . . . 9 73 4.2.4. Receiving a Report Response . . . . . . . . . . . . . 10 74 4.2.5. Using Checksums as Packet Identifiers . . . . . . . . 10 75 4.2.6. Using Sequence Numbers as Packet Identifiers . . . . 10 76 5. Probe Support Signaling Mechanisms . . . . . . . . . . . . . 11 77 5.1. Explicit Probe Support Signaling Mechanism . . . . . . . 12 78 5.2. Implicit Probe Support Signaling Mechanism . . . . . . . 12 79 6. STUN Attributes . . . . . . . . . . . . . . . . . . . . . . . 12 80 6.1. IDENTIFIERS . . . . . . . . . . . . . . . . . . . . . . . 12 81 6.2. PMTUD-SUPPORTED . . . . . . . . . . . . . . . . . . . . . 13 82 6.3. PADDING . . . . . . . . . . . . . . . . . . . . . . . . . 13 83 7. DPLPMTUD Considerations . . . . . . . . . . . . . . . . . . . 13 84 7.1. Features Required to provide Datagram PLPMTUD . . . . . . 13 85 7.2. Application Support for DPLPMTUD with UDP . . . . . . . . 14 86 8. Security Considerations . . . . . . . . . . . . . . . . . . . 15 87 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 88 9.1. New STUN Methods . . . . . . . . . . . . . . . . . . . . 16 89 9.2. New STUN Attributes . . . . . . . . . . . . . . . . . . . 16 90 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 91 10.1. Normative References . . . . . . . . . . . . . . . . . . 16 92 10.2. Informative References . . . . . . . . . . . . . . . . . 17 93 Changelog . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 94 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 21 95 Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 21 96 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 22 98 1. Introduction 100 The Packetization Layer Path MTU Discovery (PMTUD) specification 101 [RFC4821] describes a method to discover the Path MTU, but does not 102 describe a practical protocol to do so with UDP. Many application 103 layer protocols based on the transport layer protocol UDP do not 104 implement the Path MTU discovery mechanism described in [RFC4821]. 105 These application layer protocols can make use of the probing 106 mechanisms described in this document instead of designing their own 107 adhoc extension. These probing mechanisms are implemented with 108 Session Traversal Utilities for NAT (STUN), but their usage is not 109 limited to STUN-based protocols. 111 The STUN usage defined in this document for Packetization Layer Path 112 MTU Discovery (PLPMTUD) between a client and a server permits proper 113 measurement of the Path MTU for application layer protocols based on 114 the transport layer protocol UDP in the network. It also simplifies 115 troubleshooting and has multiple other applications across a wide 116 variety of technologies. 118 Complementary techniques can be used to discover additional network 119 characteristics, such as the network path (using the STUN Traceroute 120 mechanism described in [I-D.martinsen-tram-stuntrace]) and bandwidth 121 availability (using the mechanism described in 122 [I-D.martinsen-tram-turnbandwidthprobe]). In addition, [RFC8899] 123 provides a robust method for Path MTU Discovery for a broader range 124 of protocols and applications. 126 2. Overview of Operations 128 This section is meant to be informative only and is not intended as a 129 substitute for [RFC4821]. 131 A UDP endpoint that uses this specification to discover the Path MTU 132 over UDP and knows that the endpoint it is communicating with also 133 supports this specification can choose to use either the Simple 134 Probing mechanism (as described in Section 4.1) or the Complete 135 Probing mechanism (as described in Section 4.2). The selection of 136 which Probing Mechanism to use is dependent on performance and 137 security and complexity trade-offs. 139 If the Simple Probing mechanism is chosen, then the client initiates 140 Probe transactions, as shown in Figure 1, which decrease in size 141 until transactions succeed, indicating that the Path MTU has been 142 discovered. It then uses that information to update the Path MTU. 144 Client Server 145 | | 146 | Probe Request | 147 |---------------->| 148 | | 149 | Probe Response | 150 |<----------------| 151 | | 153 Figure 1: Simple Probing Example 155 If the Complete Probing mechanism (as described in Section 4.2) is 156 chosen, then the client sends Probe Indications of various sizes (as 157 specified in [RFC4821]) interleaved with UDP packets sent by the UDP 158 protocol. The client then sends a Report Request for the ordered 159 list of identifiers for the UDP packets and Probe Indications 160 received by the server. The client then compares the list returned 161 in the Report Response with its own list of identifiers for the UDP 162 packets and Probe Indications it sent. The client examines the 163 received reports to determine which probes were successful. When a 164 probe succeeds with a larger size than the current PMTU, the PMTU is 165 increased. When the probes indicate the current PMTU is not 166 supported the size is decreased. This mechanism acts to detect that 167 traffic is being back holed. 169 Because of the possibility of amplification attack, the Complete 170 Probing mechanism must be authenticated as specified in Section 5.1. 171 Particular care must be taken to prevent amplification when an 172 external mechanism is used to trigger the Complete Probing mechanism. 174 Client Server 175 | UDP Packet | 176 |------------------>| 177 | | 178 | UDP Packet | 179 |------------------>| 180 | | 181 | Probe Indication | 182 |------------------>| 183 | | 184 | UDP Packet | 185 |------------------>| 186 | | 187 | Probe Indication | 188 |------------------>| 189 | | 190 | Report Request | 191 |------------------>| 192 | Report Response | 193 |<------------------| 194 | | 196 Figure 2: Complete Probing Example 198 3. Terminology 200 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 201 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 202 "OPTIONAL" in this document are to be interpreted as described in BCP 203 14 [RFC2119][RFC8174] when, and only when, they appear in all 204 capitals, as shown here. 206 4. Probing Mechanisms 208 The Probing mechanism is used to discover the Path MTU in one 209 direction only: from the client to the server. Both endpoints MAY 210 behave as a client and a server to achieve bi-directional path 211 discovery. 213 Two Probing mechanisms are described: a Simple Probing mechanism and 214 a more complete mechanism that can converge more quickly and find an 215 appropriate Path MTU in the presence of congestion. Additionally, 216 the Simple Probing mechanism does not require authentication except 217 where used as an implicit signaling mechanism, whereas the complete 218 mechanism does. 220 Implementations supporting this specification MUST implement the 221 server side of both the Simple Probing mechanism (Section 4.1) and 222 the Complete Probing mechanism (Section 4.2). 224 Implementations supporting this specification MUST implement the 225 client side of the Complete Probing mechanism. They MAY implement 226 the client side of the Simple Probing mechanism. 228 The FINGERPRINT mechanism described in section 7 of [RFC8489] MUST be 229 used for both probing mechanisms. 231 4.1. Simple Probing Mechanism 233 The Simple Probing mechanism is implemented by sending a Probe 234 Request with a PADDING attribute over UDP with the DF bit set in the 235 IP header for IPv4 packets and IPv6 packets without the Fragment 236 Header included. 238 | NOTE: Routers might be configured to clear the DF bit or ignore 239 | the DF bit which can be difficult or impossible to detect if 240 | reassembly occurs prior to receiving the packet. 242 The Simple Probing Mechanism uses only STUN Requests/Responses, which 243 are subject to the congestion control mechanism in [RFC8489] section 244 6.2.1. The default Rc and Rm values may be defined differently for a 245 combination of the Simple Probing Mechanism and the protocol running 246 on the same port. 248 4.1.1. Sending a Probe Request 250 A client forms a Probe Request by using the Probe Method and 251 following the rules in Section 6.1 of [RFC8489]. 253 The Probe transaction MUST be authenticated if the Simple Probing 254 mechanism is used in conjunction with the Implicit Probing Support 255 mechanism described in Section 5.2. If not, the Probe transaction 256 MAY be authenticated. 258 The client adds a PADDING attribute with a length that, when added to 259 the IP and UDP headers and the other STUN components, is equal to the 260 Selected Probe Size, as defined in [RFC4821] Section 7.3. The 261 PADDING bits MUST be set to zero. The client MUST add the 262 FINGERPRINT attribute so the STUN messages are disambiguated from the 263 other protocol packets as specified in Section 7 of [RFC8489]. 265 Then the client sends the Probe Request to the server over UDP with 266 the DF bit set for IPv4 packets and IPv6 packets without the Fragment 267 Header included. For the purpose of this transaction, the Rc 268 parameter is set to 3 and the initial value for RTO stays at 500 ms 269 as specified in Section 6.2.1 of [RFC8489]. 271 To be able to determine the reason STUN messages may be blocked, a 272 client MUST NOT send a probe if it does not have knowledge that the 273 server supports this specification. This is done either by external 274 signalling or by a mechanism specific to the UDP protocol to which 275 PMTUD capabilities are added or by one of the mechanisms specified in 276 Section 5. 278 4.1.2. Receiving a Probe Request 280 A server receiving a Probe Request MUST process it as specified in 281 [RFC8489]. 283 The server then creates a Probe Response. The server MUST add the 284 FINGERPRINT attribute so the STUN messages are disambiguated from the 285 other protocol packets as specified in Section 7 of [RFC8489]. The 286 server then sends the response to the client. 288 4.1.3. Receiving a Probe Response 290 A client receiving a Probe Response MUST process it as specified in 291 section 6.3.3 of [RFC8489] and MUST ignore the PADDING attribute. If 292 a response is received this is interpreted as a Probe Success, as 293 defined in [RFC4821] Section 7.6.1. If an ICMP packet "Fragmentation 294 needed" or "Packet Too Big" is received then this is interpreted as a 295 Probe Failure, as defined in [RFC4821] Section 7.6.2. If the Probe 296 transaction times out, then this is interpreted as a Probe 297 Inconclusive, as defined in [RFC4821] Section 7.6.4. Validation MUST 298 be performed on the ICMP packet as specified in [RFC8899]. 300 4.2. Complete Probing Mechanism 302 The Complete Probing mechanism is implemented by sending one or more 303 Probe Indications with a PADDING attribute over UDP with the DF bit 304 set in the IP header for IPv4 packets and IPv6 packets without the 305 Fragment Header included followed by a Report Request to the same 306 server. A router on the path to the server can reject this 307 Indication with an ICMP message or drop it. The server keeps a 308 chronologically ordered list of identifiers for all packets received 309 (including retransmitted packets) and sends this list back to the 310 client in the Report Response. The client analyzes this list to find 311 which packets were not received. Because UDP packets do not contain 312 an identifier, the Complete Probing mechanism needs a way to identify 313 each packet received. 315 Some application layer protocols may already have a way of 316 identifying each individual UDP packet, in which case these 317 identifiers SHOULD be used in the IDENTIFIERS attribute of the Report 318 Response. While there are other possible packet identification 319 schemes, this document describes two different ways to identify a 320 specific packet when no application layer protocol-specific 321 identification mechanism is available. 323 In the first packet identification mechanism, the server computes a 324 checksum over each packet received and sends back to the sender the 325 list of checksums ordered chronologically. The client compares this 326 list to its own list of checksums. 328 In the second packet identification mechanism, the client prepends 329 the UDP data with a header that provides a sequence number. The 330 server sends back the chronologically ordered list of sequence 331 numbers received that the client then compares with its own list. 333 The Simple Probing Mechanism uses STUN indications, which are not 334 subject to the congestion control mechanism in [RFC8489] section 335 6.2.1. As it will have to be intricately related to the protocol 336 that runs on the same port, each implementation of the Complete 337 Probing Mechanism in association MUST define the congestion control 338 that will be applied to the STUN Indications. The default Rc and Rm 339 values for the STUN Requests/Responses may be defined differently for 340 a combination of the Simple Probing Mechanism and the protocol 341 running on the same port. 343 4.2.1. Sending a Probe Indications and Report Request 345 A client forms a Probe Indication by using the Probe Method and 346 following the rules in [RFC8489] Section 6.1. The client adds to a 347 Probe Indication a PADDING attribute with a size that, when added to 348 the IP and UDP headers and the other STUN components, is equal to the 349 Selected Probe Size, as defined in [RFC4821] Section 7.3. The 350 PADDING bits MUST be set to zero. If the authentication mechanism 351 permits it, then the Indication MUST be authenticated. The client 352 MUST add the FINGERPRINT attribute so the STUN messages are 353 disambiguated from the other protocol packets. 355 Then the client sends a Probe Indication to the server over UDP with 356 the DF bit set for IPv4 packets and IPv6 packets without the Fragment 357 Header included. 359 Then the client forms a Report Request by following the rules in 360 [RFC8489] Section 6.1. The Report transaction MUST be authenticated 361 to prevent amplification attacks. The client MUST add the 362 FINGERPRINT attribute so the STUN messages are disambiguated from the 363 other protocol packets. 365 Then the client waits half the RTO after sending the last Probe 366 Indication and then sends the Report Request to the server over UDP. 368 4.2.2. Receiving an ICMP Packet 370 If an ICMP packet "Fragmentation needed" or "Packet Too Big" is 371 received then this is interpreted as a Probe Failure, as defined in 372 [RFC4821] Section 7.5. Validation MUST be performed on the ICMP 373 packet as specified in [RFC8899]. 375 4.2.3. Receiving a Probe Indication and Report Request 377 A server supporting this specification will keep the identifiers of 378 all packets received in a chronologically ordered list. The packets 379 that are to be associated to a given flow's identifier are selected 380 according to Section 5.2 of [RFC4821]. The same identifier can 381 appear multiple times in the list because of retransmissions. The 382 maximum size of this list is calculated such that when the list is 383 added to the Report Response, the total size of the packet does not 384 exceed the unknown Path MTU, as defined in [RFC8489] Section 6.1. 385 Older identifiers are removed when new identifiers are added to a 386 list that is already full. 388 A server receiving a Report Request MUST process it as specified in 389 [RFC8489] and MUST ignore the PADDING attribute. 391 The server creates a Report Response and adds an IDENTIFIERS 392 attribute that contains the chronologically ordered list of all 393 identifiers received so far. The server MUST add the FINGERPRINT 394 attribute. The server then sends the response to the client. 396 The exact content of the IDENTIFIERS attribute depends on what type 397 of identifiers have been chosen for the protocol. Each protocol 398 adding PMTUD capabilities as specified by this specification MUST 399 describe the format of the contents of the IDENTIFIERS attribute, 400 unless it is using one of the formats described in this 401 specification. See Section 6.1 for details about the IDENTIFIERS 402 attribute. 404 4.2.4. Receiving a Report Response 406 A client receiving a Report Response processes it as specified in 407 [RFC8489]. If the response IDENTIFIERS attribute contains the 408 identifier of a Probe Indication, then this is interpreted as a Probe 409 Success for this probe, as defined in [RFC4821] Section 7.5. If a 410 Probe Indication identifier cannot be found in the Report Response, 411 this is interpreted as a Probe Failure, as defined in [RFC4821] 412 Section 7.5. If a Probe Indication identifier cannot be found in the 413 Report Response but identifiers for other packets sent before or 414 after the Probe Indication can all be found, this is interpreted as a 415 Probe Failure as defined in [RFC4821] Section 7.5. If the Report 416 Transaction times out, this is interpreted as a Full-Stop Timeout, as 417 defined in [RFC4821] Section 3. 419 4.2.5. Using Checksums as Packet Identifiers 421 When using a checksum as a packet identifier, the client keeps a 422 chronologically ordered list of the packets it transmits, along with 423 an associated checksum value. For STUN Probe Indication or Request 424 packets, the associated checksum value is the FINGERPRINT value from 425 the packet; for other packets a checksum value is computed. The 426 value of the checksum is computed as the CRC-32 of the UDP payload, 427 as defined by the Length field of the UDP datagram [RFC4821], XOR'ed 428 with the 32-bit value 0x5354554e. The 32-bit CRC is the one defined 429 in ITU V.42 [ITU.V42.2002], which has a generator polynomial of x^32 430 + x^26 + x^23 + x^22 + x^16 + x^12 + x^11 + x^10 + x^8 + x^7 + x^5 + 431 x^4 + x^2 + x + 1. 433 For each STUN Probe Indication or Request, the server retrieves the 434 STUN FINGERPRINT value. For all other packets, the server calculates 435 the checksum as described above. It puts these FINGERPRINT and 436 checksum values in a chronologically ordered list that is sent back 437 in the Report Response. 439 The contents of the IDENTIFIERS attribute is a list of 4 byte 440 numbers, each using the same encoding that is used for the contents 441 of the FINGERPRINT attribute. 443 4.2.6. Using Sequence Numbers as Packet Identifiers 445 When using sequence numbers, a small header similar to the TURN 446 ChannelData header, as defined in Section 11.4 of [RFC5766], is added 447 in front of all packets that are not a STUN Probe Indication or 448 Request. The initial sequence number MUST be randomized and is 449 monotonically incremented by one for each packet sent. The most 450 significant bit of the sequence number is always 0. The server 451 collects the sequence number of the packets sent, or the 4 first 452 bytes of the transaction ID if a STUN Probe Indication or Request is 453 sent. In that case, the most significant bit of the 4 first bytes is 454 set to 1. 456 0 1 2 3 457 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 458 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 459 | Channel Number | Length | 460 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 461 |0| Sequence number | 462 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 463 | | 464 / Application Data / 465 / / 466 | | 467 | +-------------------------------+ 468 | | 469 +-------------------------------+ 471 Figure 3 473 The Channel Number is always 0xFFFF. The Length field specifies the 474 length in bytes of the sequence number and application data fields. 475 The header values are encoded using network order. 477 The contents of the IDENTIFIERS attribute is a chronologically 478 ordered list of 4 byte numbers, each containing either a sequence 479 number, if the packet was not a STUN Probe Indication or Request, or 480 the 4 first bytes of the transaction ID, with the most significant 481 bit forced to 1, if the packet is a STUN Probe Indication or Request. 483 5. Probe Support Signaling Mechanisms 485 The PMTUD mechanism described in this document is intended to be used 486 by any UDP-based protocols that do not have built-in PMTUD 487 capabilities, irrespective of whether those UDP-based protocols are 488 STUN-based or not. So the manner in which a specific protocol 489 discovers that it is safe to send PMTUD probes is largely dependent 490 on the details of that specific protocol, with the exception of the 491 Implicit Mechanism described below, which applies to any protocol. 493 5.1. Explicit Probe Support Signaling Mechanism 495 Some of these mechanisms can use a separate signalling mechanism (for 496 instance, an SDP attribute in an Offer/Answer exchange [RFC3264]), or 497 an optional flag that can be set in the protocol that is augmented 498 with PMTUD capabilities. STUN Usages that can benefit from PMTUD 499 capabilities can signal in-band that they support probing by 500 inserting a PMTUD-SUPPORTED attribute in some STUN methods. The 501 decision of which methods support this attribute is left to each 502 specific STUN Usage. 504 UDP-based protocols that want to use any of these mechanisms, 505 including the PMTUD-SUPPORTED attribute, to signal PMTUD capabilities 506 MUST ensure that it cannot be used to launch an amplification attack. 508 An amplification attack can be prevented using techniques such as: 510 * Authentication, where the source of the packet and the destination 511 share a secret. 513 * 3 way handshake with some form of unpredictable cookie. 515 * Make sure that the total size of the traffic potentially generated 516 is lower than the size of the request that generated it. 518 5.2. Implicit Probe Support Signaling Mechanism 520 As a result of the fact that all endpoints implementing this 521 specification are both clients and servers, a Probe Request or 522 Indication received by an endpoint acting as a server implicitly 523 signals that this server can now act as a client and MAY send a Probe 524 Request or Indication to probe the Path MTU in the reverse direction 525 toward the former client, that will now be acting as a server. 527 The Probe Request or Indication that are used to implicitly signal 528 probing support in the reverse direction MUST be authenticated to 529 prevent amplification attacks. 531 6. STUN Attributes 533 6.1. IDENTIFIERS 535 The IDENTIFIERS attribute carries a chronologically ordered list of 536 UDP packet identifiers. 538 While Section 4.2.5 and Section 4.2.6 describe two possible methods 539 for acquiring and formatting the identifiers used for this purpose, 540 ultimately each protocol has to define how these identifiers are 541 acquired and formatted. Therefore, the contents of the IDENTIFIERS 542 attribute is opaque. 544 6.2. PMTUD-SUPPORTED 546 The PMTUD-SUPPORTED attribute indicates that its sender supports this 547 mechanism, as incorporated into the STUN usage or protocol being 548 used. This attribute has no value part and thus the attribute length 549 field is 0. 551 6.3. PADDING 553 The PADDING attribute allows for the entire message to be padded to 554 force the STUN message to be divided into IP fragments. The PADDING 555 bits MUST be set to zero. PADDING can be used in either Binding 556 Requests or Binding Responses. 558 PADDING MUST NOT be longer than the length that brings the total IP 559 datagram size to 64K, minus the IP and UDP headers and the other STUN 560 components. It SHOULD be equal in length to the MTU of the outgoing 561 interface, rounded up to an even multiple of four bytes and SHOULD 562 ensure a probe does not result in a packet larger than the MTU for 563 the outgoing interface. STUN messages sent with PADDING are intended 564 to test the behavior of UDP fragmentation, therefore they are an 565 exception to the usual rule that STUN messages need to be less than 566 the PMTU for the path. 568 7. DPLPMTUD Considerations 570 This section specifies how the PMTUD mechanism described in this 571 document conforms to Sections 3 and 6.1 of [RFC8899] and indicates 572 where each requirement is addressed. The text in this section must 573 be compared side-by-side with [RFC8899] to understand the 574 relationship between the two. 576 7.1. Features Required to provide Datagram PLPMTUD 578 This section covers Section 3 of [RFC8899] and refers back to 579 sections in this document covering each of the feature requirements. 581 1. Managing the PLMPTU: This requirement is fulfilled by the Simple 582 Probing and Complete Probing mechanisms as discussed in 583 Section 2, Section 4.1 and Section 4.2 of this document. 585 2. Probe packets: This requirement is fulfilled by including a 586 PADDING attribute which indicates that the DF bit is set in the 587 IP header for IPv4 packets and not including the Don't Fragment 588 header in IPv6 packets as discussed in Section 4.1 and 589 Section 4.2 of this document. 591 3. Reception feedback: This requirement fulfilled by the Probe 592 Response and Report Response in Section 2 of this document. 594 4. Probe loss recovery: This requirement is fulfilled by requiring 595 that the PADDING bits MUST be set to zero as discussed in 596 Section 4.1.1 and Section 4.2.1 of this document. No 597 retransmission is required as no user data is being transmitted 598 in the probe. 600 5. PMTU parameters: This requirement is fulfilled by setting the 601 Selected Probe Size as defined in [RFC4821] and discussed in 602 Section 4.1 and Section 4.2 of this document. 604 6. Processing PTB messages: This requirement is fulfilled by the 605 Probe Response and Report Response in Section 4.1.3 and 606 Section 4.2.2 of this document. 608 7. Probing and congestion control: This requirement is fulfilled by 609 the Probe Request and Probe Indication discussed in Section 4.1.1 610 and Section 4.2.1 of this document. It conforms to Section 6.2.1 611 of [RFC8489]. 613 8. Probing and flow control: This requirement is out of scope and is 614 not discussed in this document. 616 9. Shared PLPMTU state: An implementation follows the same 617 guidelines to share state than in [RFC8899]. 619 Datagram reordering: This requirement is fulfilled by the Report 620 Response in Section 4.2 of this document. 622 Datagram delay and duplication: This requirement is fulfilled by the 623 Report Response in Section 4.2 of this document. 625 When to probe: This requirement is discussed in Section 2 of this 626 document. 628 7.2. Application Support for DPLPMTUD with UDP 630 This section covers Section 6.1 of [RFC8899] and refers back to which 631 sections in this document covers each of the feature requirements. 633 6.1.1 Application Request: This requirement is fulfilled by the 634 Simple Probing and Complete Probing mechanisms as discussed in 635 Section 2, Section 4.1 and Section 4.2 of this document. 637 6.1.2 Application Response: This requirement is fulfilled by the 638 Simple Probing and Complete Probing mechanisms as discussed in 639 Section 4.1 and Section 4.2 of this document. 641 6.1.3 Sending Application Probe Packets: This requirement is 642 fulfilled by the requirement that the PADDING bits MUST are set to 643 zero as discussed in Section 4.1.1 and Section 4.2.1 of this 644 document. 646 6.1.4 Initial Connectivity: This requirement is fulfilled by the 647 Implicit and Explicit Probe Support Signaling mechanisms as discussed 648 Section 5 of this document. 650 6.1.5 Validating the Path: This requirement is fulfilled by the 651 Report Request and Report Response mechanisms as discussed in 652 Section 4.2 of this document. 654 6.1.6 Handling of PTB Messages: This requirement is fulfilled by the 655 Probe Response and Report Response in Section 4.1.3 and Section 4.2.2 656 of this document. 658 8. Security Considerations 660 The PMTUD mechanism described in this document, when used without the 661 signalling mechanism described in Section 5.1, does not introduce any 662 specific security considerations beyond those described in [RFC4821] 663 and [RFC8899]. 665 The attacks described in Section 11 of [RFC4821] apply equally to the 666 mechanism described in this document. 668 The amplification attacks introduced by the signalling mechanism 669 described in Section 5.1 can be prevented by using one of the 670 techniques described in that section. 672 The Simple Probing mechanism may be used without authentication 673 because this usage by itself cannot trigger an amplification attack 674 as the Probe Response is smaller than the Probe Request except when 675 used in conjunction with the Implicit Probing Support Signaling 676 mechanism. 678 9. IANA Considerations 680 This specification defines two new STUN methods and two new STUN 681 attributes. 683 9.1. New STUN Methods 685 IANA is requested to add the following methods to the STUN Method 686 Registry: 688 0xXXX : Probe 690 0xXXX : Report 692 See Sections Section 4.1 and Section 4.2 for the semantics of these 693 new methods. 695 9.2. New STUN Attributes 697 IANA is requested to add the following attributes to the STUN Method 698 Registry: 700 Comprehension-required range (0x0000-0x7FFF): 702 0xXXXX: IDENTIFIERS 704 Comprehension-optional range (0x8000-0xFFFF): 706 0xXXXX: PMTUD-SUPPORTED 708 IANA is requested to add a reference to RFC-to-be (in addition to RFC 709 5780) for the following STUN attribute: 711 0x0026: PADDING 713 The IDENTIFIERS STUN attribute is defined in Section 6.1, the PMTUD- 714 SUPPORTED STUN attribute is defined in Section 6.2; the PADDING STUN 715 attribute is redefined in Section 6.3. 717 10. References 719 10.1. Normative References 721 [ITU.V42.2002] 722 International Telecommunications Union, "Error-correcting 723 Procedures for DCEs Using Asynchronous-to-Synchronous 724 Conversion", ITU-T Recommendation V.42, 2002. 726 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 727 Requirement Levels", BCP 14, BCP 14, RFC 2119, 728 DOI 10.17487/RFC2119, 1 March 1997, 729 . 731 [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU 732 Discovery", RFC 4821, DOI 10.17487/RFC4821, 1 March 2007, 733 . 735 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 736 2119 Key Words", BCP 14, BCP 14, RFC 8174, 737 DOI 10.17487/RFC8174, May 2017, 738 . 740 [RFC8489] Petit-Huguenin, M., Salgueiro, G., Rosenberg, J., Wing, 741 D., Mahy, R., and P. Matthews, "Session Traversal 742 Utilities for NAT (STUN)", RFC 8489, DOI 10.17487/RFC8489, 743 February 2020, . 745 [RFC8899] Fairhurst, G., Jones, T., Tuexen, M., Ruengeler, I., and 746 T. Voelker, "Packetization Layer Path MTU Discovery for 747 Datagram Transports", RFC 8899, DOI 10.17487/RFC8899, 748 September 2020, . 750 10.2. Informative References 752 [I-D.martinsen-tram-stuntrace] 753 Martinsen, M. and D. Wing, "STUN Traceroute", Work in 754 Progress, Internet-Draft, draft-martinsen-tram-stuntrace- 755 01, June 2015, . 758 [I-D.martinsen-tram-turnbandwidthprobe] 759 Martinsen, M., Andersen, T., Salgueiro, G., and M. Petit- 760 Huguenin, "Traversal Using Relays around NAT (TURN) 761 Bandwidth Probe", Work in Progress, Internet-Draft, draft- 762 martinsen-tram-turnbandwidthprobe-00, June 2015, 763 . 766 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 767 with Session Description Protocol (SDP)", RFC 3264, 768 DOI 10.17487/RFC3264, 1 June 2002, 769 . 771 [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using 772 Relays around NAT (TURN): Relay Extensions to Session 773 Traversal Utilities for NAT (STUN)", RFC 5766, 774 DOI 10.17487/RFC5766, 1 April 2010, 775 . 777 Changelog 779 This section must be removed before publication as an RFC. 781 draft-petithuguenin-tsvwg-stun-pmtud-00: 783 * Downgraded to an individual draft. 785 draft-ietf-tram-stun-pmtud-20: 787 * Modifications following reviews by Gorry and Magnus. 789 draft-ietf-tram-stun-pmtud-19: 791 * Nits. 792 * Update references, including sections number. 793 * Move co-editor to contributor section. 794 * Changelog (formerly Release Notes) is more compact. 796 draft-ietf-tram-stun-pmtud-18: 798 * Modifications to address DISCUSS and COMMENT from IESG review. 799 updated section 7. 801 draft-ietf-tram-stun-pmtud-17: 803 * Modifications to address DISCUSS and COMMENT from IESG review. 804 Added section 7. 806 draft-ietf-tram-stun-pmtud-16: 808 * Modifications to address DISCUSS and COMMENT from IESG review 810 draft-ietf-tram-stun-pmtud-15: 812 * Modifications to address DISCUSS and COMMENT from IESG review 814 draft-ietf-tram-stun-pmtud-14: 816 * Modifications to address COMMENTS from IESG review 818 draft-ietf-tram-stun-pmtud-13: 820 * Modifications to address nits 822 draft-ietf-tram-stun-pmtud-12: 824 * Modifications following IESG review. Incorporated RFC5780 PADDING 825 attribute (Adam's Discuss) and added IPv6 language (Suresh's 826 Discuss). 828 draft-ietf-tram-stun-pmtud-11: 830 * Modifications following IESG review. 832 draft-ietf-tram-stun-pmtud-10: 834 * Modifications following reviews for gen-art (Roni Even) and secdir 835 (Carl Wallace). 837 draft-ietf-tram-stun-pmtud-09: 839 * Add 3 ways of preventing amplification attacks. 841 draft-ietf-tram-stun-pmtud-08: 843 * Updates following Spencer's review. 845 draft-ietf-tram-stun-pmtud-07: 847 * Updates following Shepherd review. 849 draft-ietf-tram-stun-pmtud-06: 851 * Nits. 852 * Restore missing changelog for previous version. 854 draft-ietf-tram-stun-pmtud-05: 856 * Modifications following Brandon Williams review. 858 draft-ietf-tram-stun-pmtud-04: 860 * Modifications following Simon Perreault and Brandon Williams 861 reviews. 863 draft-ietf-tram-stun-pmtud-03: 865 * Add new Overview of Operations section with ladder diagrams. 866 * Authentication is mandatory for the Complete Probing mechanism, 867 optional for the Simple Probing mechanism. 869 * All the ICE specific text moves to a separate draft to be 870 discussed in the ICE WG. 871 * The TURN usage is removed because probing between a TURN server 872 and TURN client is not useful. 873 * Any usage of PMTUD-SUPPORTED or other signaling mechanisms 874 (formerly knows as discovery mechanisms) must now be 875 authenticated. 876 * Both probing mechanisms are MTI in the server, the complete 877 probing mechanism is MTI in the client. 878 * Make clear that stopping after 3 retransmission is done by 879 changing the STUN parameter. 880 * Define the format of the attributes. 881 * Make clear that the specification is for any UDP protocol that 882 does not already have PMTUD capabilities, not just STUN based 883 protocols. 884 * Change the default delay to send the Report Request to 250 ms 885 after the last Indication if the RTO is unknown. 886 * Each usage of this specification must the format of the 887 IDENTIFIERS attribute contents. 888 * Better define the implicit signaling mechanism. 889 * Extend the Security Consideration section. 890 * Tons of nits. 892 draft-ietf-tram-stun-pmtud-02: 894 * Cleaned up references. 896 draft-ietf-tram-stun-pmtud-01: 898 * Added Security Considerations Section. 899 * Added IANA Considerations Section. 901 draft-ietf-tram-stun-pmtud-00: 903 * Adopted by WG - Text unchanged. 905 draft-petithuguenin-tram-stun-pmtud-01: 907 * Moved some Introduction text to the Probing Mechanism section. 908 * Added cross-reference to the other two STUN troubleshooting 909 mechanism drafts. 910 * Updated references. 911 * Added Gonzalo Salgueiro as co-author. 913 draft-petithuguenin-tram-stun-pmtud-00: 915 * General refresh for republication. 917 draft-petithuguenin-behave-stun-pmtud-03: 919 * Changed author address. 920 * Changed the IPR to trust200902. 922 draft-petithuguenin-behave-stun-pmtud-02: 924 * Defined checksum and sequential numbers as possible packet 925 identifiers. 926 * Updated the reference to RFC 5389 927 * The FINGERPRINT attribute is now mandatory. 928 * Changed the delay between Probe indication and Report request to 929 be RTO/2 or 50 milliseconds. 930 * Added ICMP packet processing. 931 * Added Full-Stop Timeout detection. 932 * Stated that Binding request with PMTUD-SUPPORTED does not start 933 the PMTUD process if already started. 935 draft-petithuguenin-behave-stun-pmtud-01: 937 * Removed the use of modified STUN transaction but shorten the 938 retransmission for the simple probing mechanism. 939 * Added a complete probing mechanism. 940 * Removed the PADDING-RECEIVED attribute. 941 * Added release notes. 943 Acknowledgements 945 Thanks to Eilon Yardeni, Geir Sandbakken, Paal-Erik Martinsen, 946 Tirumaleswar Reddy, Ram Mohan R, Simon Perreault, Brandon Williams, 947 Tolga Asveren, Spencer Dawkins, Carl Wallace, Roni Even, Gorry 948 Fairhurst, and Magnus Westerlund for the comments, suggestions and 949 questions that helped improve this document. 951 Special thanks to Dan Wing, who supported this document since its 952 first publication back in 2008. 954 Contributors 956 Felipe Garrido 958 Email: fegarrid@cisco.com 960 Cisco Systems, Inc. 961 Research Triangle Park, NC 27709 962 United States 964 Authors' Addresses 966 Marc Petit-Huguenin 967 Impedance Mismatch 968 Email: marc@petit-huguenin.org 970 Gonzalo Salgueiro 971 Cisco Systems, Inc. 972 7200-12 Kit Creek Road 973 Research Triangle Park, NC 27709 974 United States 975 Email: gsalguei@cisco.com