draft-ietf-tsvwg-datagram-plpmtud-06.txt   draft-ietf-tsvwg-datagram-plpmtud-07.txt 
Internet Engineering Task Force G. Fairhurst Internet Engineering Task Force G. Fairhurst
Internet-Draft T. Jones Internet-Draft T. Jones
Updates: 4821 (if approved) University of Aberdeen Updates: 4821 (if approved) University of Aberdeen
Intended status: Standards Track M. Tuexen Intended status: Standards Track M. Tuexen
Expires: May 24, 2019 I. Ruengeler Expires: August 22, 2019 I. Ruengeler
T. Voelker
Muenster University of Applied Sciences Muenster University of Applied Sciences
November 20, 2018 February 18, 2019
Packetization Layer Path MTU Discovery for Datagram Transports Packetization Layer Path MTU Discovery for Datagram Transports
draft-ietf-tsvwg-datagram-plpmtud-06 draft-ietf-tsvwg-datagram-plpmtud-07
Abstract Abstract
This document describes a robust method for Path MTU Discovery This document describes a robust method for Path MTU Discovery
(PMTUD) for datagram Packetization Layers (PLs). The document (PMTUD) for datagram Packetization Layers (PLs). The document
describes an extension to RFC 1191 and RFC 8201, which specifies describes an extension to RFC 1191 and RFC 8201, which specifies
ICMP-based Path MTU Discovery for IPv4 and IPv6. The method allows a ICMP-based Path MTU Discovery for IPv4 and IPv6. The method allows a
PL, or a datagram application that uses a PL, to discover whether a PL, or a datagram application that uses a PL, to discover whether a
network path can support the current size of datagram. This can be network path can support the current size of datagram. This can be
used to detect and reduce the message size when a sender encounters a used to detect and reduce the message size when a sender encounters a
network black hole (where packets are discarded, and no ICMP message network black hole (where packets are discarded, and no ICMP message
is received). The method can also probe a network path with is received). The method can also probe a network path with
progressively larger packets to find whether the maximum packet size progressively larger packets to find whether the maximum packet size
can be increased. This allows a sender to determine an appropriate can be increased. This allows a sender to determine an appropriate
packet size, providing functionally for datagram transports that is packet size, providing functionally for datagram transports that is
equivalent to the Packetization layer PMTUD specification for TCP, equivalent to the Packetization Layer PMTUD specification for TCP,
specified in RFC 4821. specified in RFC 4821.
The document also provides implementation notes for incorporating The document also provides implementation notes for incorporating
Datagram PMTUD into IETF datagram transports or applications that use Datagram PMTUD into IETF datagram transports or applications that use
datagram transports. datagram transports.
When published, this specification updates RFC 4821. When published, this specification updates RFC 4821.
Status of This Memo Status of This Memo
skipping to change at page 2, line 7 skipping to change at page 2, line 7
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 24, 2019. This Internet-Draft will expire on August 22, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 36 skipping to change at page 2, line 36
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Classical Path MTU Discovery . . . . . . . . . . . . . . 4 1.1. Classical Path MTU Discovery . . . . . . . . . . . . . . 4
1.2. Packetization Layer Path MTU Discovery . . . . . . . . . 6 1.2. Packetization Layer Path MTU Discovery . . . . . . . . . 6
1.3. Path MTU Discovery for Datagram Services . . . . . . . . 7 1.3. Path MTU Discovery for Datagram Services . . . . . . . . 7
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7
3. Features Required to Provide Datagram PLPMTUD . . . . . . . . 9 3. Features Required to Provide Datagram PLPMTUD . . . . . . . . 9
4. DPLPMTUD Mechanisms . . . . . . . . . . . . . . . . . . . . . 12 4. DPLPMTUD Mechanisms . . . . . . . . . . . . . . . . . . . . . 12
4.1. PLPMTU Probe Packets . . . . . . . . . . . . . . . . . . 12 4.1. PLPMTU Probe Packets . . . . . . . . . . . . . . . . . . 12
4.2. Confirmation of Probed Packet Size . . . . . . . . . . . 13 4.2. Confirmation of Probed Packet Size . . . . . . . . . . . 13
4.3. Detection of Black Holes . . . . . . . . . . . . . . . . 14 4.3. Detection of Black Holes . . . . . . . . . . . . . . . . 14
4.4. Response to PTB Messages . . . . . . . . . . . . . . . . 14 4.4. Response to PTB Messages . . . . . . . . . . . . . . . . 15
4.4.1. Validation of PTB Messages . . . . . . . . . . . . . 15 4.4.1. Validation of PTB Messages . . . . . . . . . . . . . 15
4.4.2. Use of PTB Messages . . . . . . . . . . . . . . . . . 15 4.4.2. Use of PTB Messages . . . . . . . . . . . . . . . . . 16
5. Datagram Packetization Layer PMTUD . . . . . . . . . . . . . 16 5. Datagram Packetization Layer PMTUD . . . . . . . . . . . . . 17
5.1. DPLPMTUD Components . . . . . . . . . . . . . . . . . . . 17 5.1. DPLPMTUD Components . . . . . . . . . . . . . . . . . . . 18
5.1.1. Timers . . . . . . . . . . . . . . . . . . . . . . . 17 5.1.1. Timers . . . . . . . . . . . . . . . . . . . . . . . 18
5.1.2. Constants . . . . . . . . . . . . . . . . . . . . . . 18 5.1.2. Constants . . . . . . . . . . . . . . . . . . . . . . 19
5.1.3. Variables . . . . . . . . . . . . . . . . . . . . . . 19 5.1.3. Variables . . . . . . . . . . . . . . . . . . . . . . 19
5.2. DPLPMTUD Phases . . . . . . . . . . . . . . . . . . . . . 19 5.2. DPLPMTUD Phases . . . . . . . . . . . . . . . . . . . . . 20
5.2.1. Path Confirmation Phase . . . . . . . . . . . . . . . 21 5.2.1. BASE_PMTU Confirmation Phase . . . . . . . . . . . . 22
5.2.2. Search Phase . . . . . . . . . . . . . . . . . . . . 21 5.2.2. Search Phase . . . . . . . . . . . . . . . . . . . . 22
5.2.2.1. Resilience to inconsistent path information . . . 22 5.2.2.1. Resilience to Inconsistent Path Information . . . 22
5.2.3. Search Complete Phase . . . . . . . . . . . . . . . . 22 5.2.3. Search Complete Phase . . . . . . . . . . . . . . . . 23
5.2.4. PROBE_BASE Phase . . . . . . . . . . . . . . . . . . 23 5.2.4. PROBE_BASE Phase . . . . . . . . . . . . . . . . . . 23
5.2.5. ERROR Phase . . . . . . . . . . . . . . . . . . . . . 23 5.2.5. ERROR Phase . . . . . . . . . . . . . . . . . . . . . 24
5.2.5.1. Robustness to inconsistent path . . . . . . . . . 23 5.2.5.1. Robustness to Inconsistent Path . . . . . . . . . 24
5.2.6. DISABLED Phase . . . . . . . . . . . . . . . . . . . 24 5.2.6. DISABLED Phase . . . . . . . . . . . . . . . . . . . 24
5.3. State Machine . . . . . . . . . . . . . . . . . . . . . . 24 5.3. State Machine . . . . . . . . . . . . . . . . . . . . . . 24
5.4. Search to Increase the PLPMTU . . . . . . . . . . . . . . 27 5.4. Search to Increase the PLPMTU . . . . . . . . . . . . . . 27
5.4.1. Probing for a larger PLPMTU . . . . . . . . . . . . . 27 5.4.1. Probing for a Larger PLPMTU . . . . . . . . . . . . . 27
5.4.2. Selection of Probe Sizes . . . . . . . . . . . . . . 28 5.4.2. Selection of Probe Sizes . . . . . . . . . . . . . . 28
5.4.3. Resilience to inconsistent Path information . . . . . 29 5.4.3. Resilience to Inconsistent Path Information . . . . . 28
6. Specification of Protocol-Specific Methods . . . . . . . . . 29 6. Specification of Protocol-Specific Methods . . . . . . . . . 28
6.1. Application support for DPLPMTUD with UDP or UDP-Lite . . 29 6.1. Application support for DPLPMTUD with UDP or UDP-Lite . . 29
6.1.1. Application Request . . . . . . . . . . . . . . . . . 30 6.1.1. Application Request . . . . . . . . . . . . . . . . . 29
6.1.2. Application Response . . . . . . . . . . . . . . . . 30 6.1.2. Application Response . . . . . . . . . . . . . . . . 29
6.1.3. Sending Application Probe Packets . . . . . . . . . . 30 6.1.3. Sending Application Probe Packets . . . . . . . . . . 30
6.1.4. Validating the Path . . . . . . . . . . . . . . . . . 30 6.1.4. Validating the Path . . . . . . . . . . . . . . . . . 30
6.1.5. Handling of PTB Messages . . . . . . . . . . . . . . 30 6.1.5. Handling of PTB Messages . . . . . . . . . . . . . . 30
6.2. DPLPMTUD with UDP Options . . . . . . . . . . . . . . . . 31 6.2. DPLPMTUD with UDP Options . . . . . . . . . . . . . . . . 30
6.2.1. UDP Probe Request Option . . . . . . . . . . . . . . 32 6.2.1. UDP Probe Request Option . . . . . . . . . . . . . . 32
6.2.2. UDP Probe Response Option . . . . . . . . . . . . . . 33 6.2.2. UDP Probe Response Option . . . . . . . . . . . . . . 32
6.3. DPLPMTUD for SCTP . . . . . . . . . . . . . . . . . . . . 33 6.3. DPLPMTUD for SCTP . . . . . . . . . . . . . . . . . . . . 33
6.3.1. SCTP/IPv4 and SCTP/IPv6 . . . . . . . . . . . . . . . 33 6.3.1. SCTP/IPv4 and SCTP/IPv6 . . . . . . . . . . . . . . . 33
6.3.1.1. Sending SCTP Probe Packets . . . . . . . . . . . 33 6.3.1.1. Sending SCTP Probe Packets . . . . . . . . . . . 33
6.3.1.2. Validating the Path with SCTP . . . . . . . . . . 34 6.3.1.2. Validating the Path with SCTP . . . . . . . . . . 34
6.3.1.3. PTB Message Handling by SCTP . . . . . . . . . . 34 6.3.1.3. PTB Message Handling by SCTP . . . . . . . . . . 34
6.3.2. DPLPMTUD for SCTP/UDP . . . . . . . . . . . . . . . . 34 6.3.2. DPLPMTUD for SCTP/UDP . . . . . . . . . . . . . . . . 34
6.3.2.1. Sending SCTP/UDP Probe Packets . . . . . . . . . 34 6.3.2.1. Sending SCTP/UDP Probe Packets . . . . . . . . . 34
6.3.2.2. Validating the Path with SCTP/UDP . . . . . . . . 35 6.3.2.2. Validating the Path with SCTP/UDP . . . . . . . . 34
6.3.2.3. Handling of PTB Messages by SCTP/UDP . . . . . . 35 6.3.2.3. Handling of PTB Messages by SCTP/UDP . . . . . . 34
6.3.3. DPLPMTUD for SCTP/DTLS . . . . . . . . . . . . . . . 35 6.3.3. DPLPMTUD for SCTP/DTLS . . . . . . . . . . . . . . . 34
6.3.3.1. Sending SCTP/DTLS Probe Packets . . . . . . . . . 35 6.3.3.1. Sending SCTP/DTLS Probe Packets . . . . . . . . . 35
6.3.3.2. Validating the Path with SCTP/DTLS . . . . . . . 35 6.3.3.2. Validating the Path with SCTP/DTLS . . . . . . . 35
6.3.3.3. Handling of PTB Messages by SCTP/DTLS . . . . . . 35 6.3.3.3. Handling of PTB Messages by SCTP/DTLS . . . . . . 35
6.4. DPLPMTUD for QUIC . . . . . . . . . . . . . . . . . . . . 35 6.4. DPLPMTUD for QUIC . . . . . . . . . . . . . . . . . . . . 35
6.4.1. Sending QUIC Probe Packets . . . . . . . . . . . . . 36 6.4.1. Sending QUIC Probe Packets . . . . . . . . . . . . . 35
6.4.2. Validating the Path with QUIC . . . . . . . . . . . . 36 6.4.2. Validating the Path with QUIC . . . . . . . . . . . . 36
6.4.3. Handling of PTB Messages by QUIC . . . . . . . . . . 36 6.4.3. Handling of PTB Messages by QUIC . . . . . . . . . . 36
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 37 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 36
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 36
9. Security Considerations . . . . . . . . . . . . . . . . . . . 37 9. Security Considerations . . . . . . . . . . . . . . . . . . . 36
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 38 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 38
10.1. Normative References . . . . . . . . . . . . . . . . . . 38 10.1. Normative References . . . . . . . . . . . . . . . . . . 38
10.2. Informative References . . . . . . . . . . . . . . . . . 39 10.2. Informative References . . . . . . . . . . . . . . . . . 39
Appendix A. Event-driven state changes . . . . . . . . . . . . . 40 Appendix A. Event-driven state changes . . . . . . . . . . . . . 40
Appendix B. Revision Notes . . . . . . . . . . . . . . . . . . . 43 Appendix B. Revision Notes . . . . . . . . . . . . . . . . . . . 43
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 45 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 45
1. Introduction 1. Introduction
The IETF has specified datagram transport using UDP, SCTP, and DCCP, The IETF has specified datagram transport using UDP, SCTP, and DCCP,
skipping to change at page 4, line 32 skipping to change at page 4, line 32
Packets not intended as probe packets are either fragmented to the Packets not intended as probe packets are either fragmented to the
current effective PMTU, or the attempt to send fails with an error current effective PMTU, or the attempt to send fails with an error
code. Applications are sometimes provided with a primitive to let code. Applications are sometimes provided with a primitive to let
them read the Maximum Packet Size (MPS), derived from the current them read the Maximum Packet Size (MPS), derived from the current
effective PMTU. effective PMTU.
Classical PMTUD is subject to protocol failures. One failure arises Classical PMTUD is subject to protocol failures. One failure arises
when traffic using a packet size larger than the actual PMTU is when traffic using a packet size larger than the actual PMTU is
black-holed (all datagrams sent with this size, or larger, are black-holed (all datagrams sent with this size, or larger, are
silently discarded without the sender receiving ICMP PTB messages). silently discarded without the sender receiving PTB messages). This
This could arise when the PTB messages are not delivered back to the could arise when the PTB messages are not delivered back to the
sender for some reason [RFC2923]). sender for some reason (see for example [RFC2923]).
Examples where PTB messages are not delivered include: Examples where PTB messages are not delivered include:
o The generation of ICMP messages is usually rate limited. This may o The generation of ICMP messages is usually rate limited. This may
result in no PTB messages being sent to the sender (see section result in no PTB messages being sent to the sender (see section
2.4 of [RFC4443] 2.4 of [RFC4443])
o ICMP messages are increasingly filtered by middleboxes (including o ICMP messages are increasingly filtered by middleboxes (including
firewalls) [RFC4890]. A stateful firewall could be configured firewalls) [RFC4890]. A stateful firewall could be configured
with a policy to block incoming ICMP messages, which would prevent with a policy to block incoming ICMP messages, which would prevent
reception of PTB messages to endpoints behind this firewall. reception of PTB messages to endpoints behind this firewall.
o When the router issuing the ICMP message drops a tunneled packet, o When the router issuing the ICMP message drops a tunneled packet,
the resulting ICMP message will be directed to the tunnel ingress. the resulting ICMP message will be directed to the tunnel ingress.
This tunnel endpoint is responsible for forwarding the ICMP This tunnel endpoint is responsible for forwarding the ICMP
message and also processing the quoted packet within the payload message and also processing the quoted packet within the payload
skipping to change at page 5, line 25 skipping to change at page 5, line 25
router, then any resulting ICMP message needs to also be directed router, then any resulting ICMP message needs to also be directed
by the ECMP router towards the same server (i.e., ICMP messages by the ECMP router towards the same server (i.e., ICMP messages
need to follow the same path as the flows to which they need to follow the same path as the flows to which they
correspond). Failure to do this results in black-holing. correspond). Failure to do this results in black-holing.
o There are cases where the next hop destination fails to receive a o There are cases where the next hop destination fails to receive a
packet because of its size. This could be due to misconfiguration packet because of its size. This could be due to misconfiguration
of the layer 2 path between nodes, for instance the MTU configured of the layer 2 path between nodes, for instance the MTU configured
in a layer 2 switch, or misconfiguration of the Maximum Receive in a layer 2 switch, or misconfiguration of the Maximum Receive
Unit (MRU). If the packet is dropped by the link, this will not Unit (MRU). If the packet is dropped by the link, this will not
cause in a PTB to be sent, and result in consequent black-holing. cause a PTB message to be sent, and result in consequent black-
holing.
Another failure could result if a node that is not on the network Another failure could result if a node that is not on the network
path sends a PTB message that attempts to force the sender to change path sends a PTB message that attempts to force the sender to change
the effective PMTU [RFC8201]. A sender can protect itself from the effective PMTU [RFC8201]. A sender can protect itself from
reacting to such messages by utilising the quoted packet within a PTB reacting to such messages by utilising the quoted packet within a PTB
message payload to validate that the received PTB message was message payload to validate that the received PTB message was
generated in response to a packet that had actually originated from generated in response to a packet that had actually originated from
the sender. However, there are situations where a sender would be the sender. However, there are situations where a sender would be
unable to provide this validation. unable to provide this validation.
skipping to change at page 6, line 50 skipping to change at page 7, line 4
application MPS. application MPS.
PLPMTUD introduces flexibility in the implementation of PMTU PLPMTUD introduces flexibility in the implementation of PMTU
discovery. At one extreme, it can be configured to only perform PTB discovery. At one extreme, it can be configured to only perform PTB
black hole detection and recovery to increase the robustness of black hole detection and recovery to increase the robustness of
Classical PMTUD, or at the other extreme, all PTB processing can be Classical PMTUD, or at the other extreme, all PTB processing can be
disabled and PLPMTUD can completely replace Classical PMTUD. disabled and PLPMTUD can completely replace Classical PMTUD.
PLPMTUD can also include additional consistency checks without PLPMTUD can also include additional consistency checks without
increasing the risk of increased black-holing. For instance,the increasing the risk of increased black-holing. For instance,the
information available at the PL, or higher layers, makes PTB information available at the PL, or higher layers, makes PTB message
validation more straight forward. validation more straight forward.
1.3. Path MTU Discovery for Datagram Services 1.3. Path MTU Discovery for Datagram Services
Section 5 of this document presents a set of algorithms for datagram Section 5 of this document presents a set of algorithms for datagram
protocols to discover the largest size of unfragmented datagram that protocols to discover the largest size of unfragmented datagram that
can be sent over a network path. The method described relies on can be sent over a network path. The method described relies on
features of the PL described in Section 3 and applies to transport features of the PL described in Section 3 and applies to transport
protocols operating over IPv4 and IPv6. It does not require protocols operating over IPv4 and IPv6. It does not require
cooperation from the lower layers, although it can utilise ICMP PTB cooperation from the lower layers, although it can utilise PTB
messages when these received messages are made available to the PL. messages when these received messages are made available to the PL.
The UDP Usage Guidelines [RFC8085] state "an application SHOULD The UDP Usage Guidelines [RFC8085] state "an application SHOULD
either use the Path MTU information provided by the IP layer or either use the Path MTU information provided by the IP layer or
implement Path MTU Discovery (PMTUD)", but does not provide a implement Path MTU Discovery (PMTUD)", but does not provide a
mechanism for discovering the largest size of unfragmented datagram mechanism for discovering the largest size of unfragmented datagram
that can be used on a network path. Prior to this document, PLPMTUD that can be used on a network path. Prior to this document, PLPMTUD
had not been specified for UDP. had not been specified for UDP.
Section 10.2 of [RFC4821] recommends a PLPMTUD probing method for the Section 10.2 of [RFC4821] recommends a PLPMTUD probing method for the
Stream Control Transport Protocol (SCTP). SCTP utilises heartbeat Stream Control Transport Protocol (SCTP). SCTP utilises probe
messages as probe packets, but RFC4821 does not provide a complete packets consisting of a minimal sized HEARTBEAT chunk bundled with a
specification. The present document provides the details to complete PAD chunk as defined in [RFC4820], but RFC4821 does not provide a
that specification. complete specification. The present document provides the details to
complete that specification.
The Datagram Congestion Control Protocol (DCCP) [RFC4340] requires The Datagram Congestion Control Protocol (DCCP) [RFC4340] requires
implementations to support Classical PMTUD and states that a DCCP implementations to support Classical PMTUD and states that a DCCP
sender "MUST maintain the MPS allowed for each active DCCP session". sender "MUST maintain the MPS allowed for each active DCCP session".
It also defines the current congestion control MPS (CCMPS) supported It also defines the current congestion control MPS (CCMPS) supported
by a network path. This recommends use of PMTUD, and suggests use of by a network path. This recommends use of PMTUD, and suggests use of
control packets (DCCP-Sync) as path probe packets, because they do control packets (DCCP-Sync) as path probe packets, because they do
not risk application data loss. The method defined in this not risk application data loss. The method defined in this
specification could be used with DCCP. specification could be used with DCCP.
Section 6 specifies the method for a set of transports, and provides Section 6 specifies the method for a set of transports, and provides
information to enable the implementation of PLPMTUD with other information to enable the implementation of PLPMTUD with other
datagram transports and applications that use datagram transports. datagram transports and applications that use datagram transports.
2. Terminology 2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [[RFC8174]] when, and only when, they appear in all 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
Other terminology is directly copied from [RFC4821], and the Other terminology is directly copied from [RFC4821], and the
definitions in [RFC1122]. definitions in [RFC1122].
Actual PMTU: The Actual PMTU is the PMTU of a network path between a Actual PMTU: The Actual PMTU is the PMTU of a network path between a
sender PL and a destination PL, which the DPLPMTUD algorithm seeks sender PL and a destination PL, which the DPLPMTUD algorithm seeks
to determine. to determine.
Black Holed: Packets are Black holed when the sender is unaware that Black Holed: Packets are Black holed when the sender is unaware that
skipping to change at page 8, line 51 skipping to change at page 9, line 5
Link MTU: The Link Maximum Transmission Unit (MTU) is the size in Link MTU: The Link Maximum Transmission Unit (MTU) is the size in
bytes of the largest IP packet, including the IP header and bytes of the largest IP packet, including the IP header and
payload, that can be transmitted over a link. Note that this payload, that can be transmitted over a link. Note that this
could more properly be called the IP MTU, to be consistent with could more properly be called the IP MTU, to be consistent with
how other standards organizations use the acronym. This includes how other standards organizations use the acronym. This includes
the IP header, but excludes link layer headers and other framing the IP header, but excludes link layer headers and other framing
that is not part of IP or the IP payload. Other standards that is not part of IP or the IP payload. Other standards
organizations generally define the link MTU to include the link organizations generally define the link MTU to include the link
layer headers. layer headers.
MAX_PMTU: The MAX_PMTU is the largest size of PLPMTU that DPLPMTUD
will attempt to use.
MPS: The Maximum Packet Size (MPS) is the largest size of MPS: The Maximum Packet Size (MPS) is the largest size of
application data block that can be sent across a network path. In application data block that can be sent across a network path. In
DPLPMTUD this quantity is derived from the PLPMTU by taking into DPLPMTUD this quantity is derived from the PLPMTU by taking into
consideration the size of the lower protocol layer headers. consideration the size of the lower protocol layer headers.
MIN_PMTU: The MIN_PMTU is the smallest size of PLPMTU that DPLPTMUD MIN_PMTU: The MIN_PMTU is the smallest size of PLPMTU that DPLPMTUD
will attempt to use. will attempt to use.
Packet: A Packet is the IP header plus the IP payload. Packet: A Packet is the IP header plus the IP payload.
Packetization Layer (PL): The Packetization Layer (PL) is the layer Packetization Layer (PL): The Packetization Layer (PL) is the layer
of the network stack that places data into packets and performs of the network stack that places data into packets and performs
transport protocol functions. transport protocol functions.
Path: The Path is the set of links and routers traversed by a packet Path: The Path is the set of links and routers traversed by a packet
between a source node and a destination node by a particular flow. between a source node and a destination node by a particular flow.
skipping to change at page 10, line 15 skipping to change at page 10, line 21
It MAY utilize similar information about the receiver when this It MAY utilize similar information about the receiver when this
is supplied (note this could be less than EMTU_R). This avoids is supplied (note this could be less than EMTU_R). This avoids
implementations trying to send probe packets that can not be implementations trying to send probe packets that can not be
transmitted by the local link. Too high of a value could reduce transmitted by the local link. Too high of a value could reduce
the efficiency of the search algorithm. Some applications also the efficiency of the search algorithm. Some applications also
have a maximum transport protocol data unit (PDU) size, in which have a maximum transport protocol data unit (PDU) size, in which
case there is no benefit from probing for a size larger than this case there is no benefit from probing for a size larger than this
(unless a transport allows multiplexing multiple applications (unless a transport allows multiplexing multiple applications
PDUs into the same datagram). PDUs into the same datagram).
2. PLPMTU: A datagram application is REQUIRED to be able to choose 2. PLPMTU: A datagram application using a transport layer not
the size of datagrams sent to the network, up to the PLPMTU, or a supporting fragmentation is REQUIRED to be able to choose the
size of datagrams sent to the network, up to the PLPMTU, or a
smaller value (such as the MPS) derived from this. This value is smaller value (such as the MPS) derived from this. This value is
managed by the DPLPMTUD method. The PLPMTU (specified as the managed by the DPLPMTUD method. The PLPMTU (specified as the
effective PMTU in Section 1 of [RFC1191]) is equivalent to the effective PMTU in Section 1 of [RFC1191]) is equivalent to the
EMTU_S (specified in [RFC1122]). EMTU_S (specified in [RFC1122]).
3. Probe packets: On request, a DPLPMTUD sender is REQUIRED to be 3. Probe packets: On request, a DPLPMTUD sender is REQUIRED to be
able to transmit a packet larger than the PLMPMTU. This is used able to transmit a packet larger than the PLMPMTU. This is used
to send a probe packet. In IPv4, a probe packet MUST be sent to send a probe packet. In IPv4, a probe packet MUST be sent
with the Don't Fragment (DF) bit set in the IP header, and with the Don't Fragment (DF) bit set in the IP header, and
without network layer endpoint fragmentation. In IPv6, a probe without network layer endpoint fragmentation. In IPv6, a probe
packet is always sent without source fragmentation (as specified packet is always sent without source fragmentation (as specified
in section 5.4 of [RFC8201]). in section 5.4 of [RFC8201]).
4. Processing PTB messages: A DPLPMTUD sender MAY optionally utilize 4. Processing PTB messages: A DPLPMTUD sender MAY optionally utilize
PTB messages received from the network layer to help identify PTB messages received from the network layer to help identify
when a network path does not support the current size of probe when a network path does not support the current size of probe
packet. Any received PTB message MUST be validated before it is packet. Any received PTB message MUST be validated before it is
used to update the PLPMTU discovery information [RFC8201]. This used to update the PLPMTU discovery information [RFC8201]. This
validation confirms that the PTB message was sent in response to validation confirms that the PTB message was sent in response to
a packet originating by the sender, and needs to be performed a packet originating by the sender, and needs to be performed
before the PLPMTU discovery method reacts to the PTB message. before the PLPMTU discovery method reacts to the PTB message. A
When the PTB_SIZE is indicated in the PTB message, this MAY be PTB message MUST NOT be used to increase the PLPMTU [RFC8201].
used by DPLPMTUD to reduce the probe size but MUST NOT be used to
increase the PLPMTU ([RFC8201]). This validation SHOULD utilise
information that can not be simply determined by an off-path
attacker, for example, by checking the value of a protocol header
field known only to the two PL endpoints. (Some datagram
applications use well-known source and destination ports and
therefore this check needs to rely on other information.)
5. Reception feedback: The destination PL endpoint is REQUIRED to 5. Reception feedback: The destination PL endpoint is REQUIRED to
provide a feedback method that indicates to the DPLPMTUD sender provide a feedback method that indicates to the DPLPMTUD sender
when a probe packet has been received by the destination PL when a probe packet has been received by the destination PL
endpoint. The mechanism needs to be robust to the possibility endpoint. The mechanism needs to be robust to the possibility
that packets could be significantly delayed along a network path. that packets could be significantly delayed along a network path.
The local PL endpoint at the sending node is REQUIRED to pass The local PL endpoint at the sending node is REQUIRED to pass
this feedback to the sender-side DPLPMTUD method. this feedback to the sender-side DPLPMTUD method.
6. Probing and congestion control: The isolated loss of a probe 6. Probe loss recovery: It is RECOMMENDED to use probe packets that
packet SHOULD NOT be treated as an indication of congestion and do not carry any user data. Most datagram transports permit
its loss SHOULD NOT directly trigger a congestion control this. If a probe packet contains user data requiring
reaction [RFC4821]. retransmission in case of loss, the PL (or layers above) are
REQUIRED to arrange any retransmission/repair of any resulting
loss. DPLPMTUD is REQUIRED to be robust in the case where probe
packets are lost due to other reasons (including link
transmission error, congestion).
7. Probe loss recovery: If the data block carried by a probe packet 7. Probing and congestion control: The DPLPMTUD sender treats
needs to be sent reliably, the PL (or layers above) are REQUIRED isolated loss of a probe packet (with or without a corresponding
to arrange any retransmission/repair of any resulting loss. This PTB message) as a potential indication of a PMTU limit for the
method is REQUIRED to be robust in the case where probe packets path. Loss of a probe packet SHOULD NOT be treated as an
are lost due to other reasons (including link transmission error, indication of congestion and the loss SHOULD NOT directly trigger
congestion). The DPLPMTUD sender treats isolated loss of a probe a congestion control reaction [RFC4821].
packet (with or without an PTB message) as a potential indication
of a PMTU limit for the path, but not as an indication of
congestion, see Paragraph 6.
8. Shared PLPMTU state: The PLPMTU value could also be stored with 8. Shared PLPMTU state: The PLPMTU value could also be stored with
the corresponding entry in the destination cache and used by the corresponding entry in the destination cache and used by
other PL instances. The specification of PLPMTUD [RFC4821] other PL instances. The specification of PLPMTUD [RFC4821]
states: "If PLPMTUD updates the MTU for a particular path, all states: "If PLPMTUD updates the MTU for a particular path, all
Packetization Layer sessions that share the path representation Packetization Layer sessions that share the path representation
(as described in Section 5.2 of [RFC4821]) SHOULD be notified to (as described in Section 5.2 of [RFC4821]) SHOULD be notified to
make use of the new MTU and make the required congestion control make use of the new MTU". Such methods MUST be robust to the
adjustments". Such methods MUST be robust to the wide variety of wide variety of underlying network forwarding behaviours, PLPMTU
underlying network forwarding behaviours, PLPMTU adjustments adjustments based on shared PLPMTU values should be incorporated
based on shared PLPMTU values should be incorporated in the in the search algorithms. Section 5.2 of [RFC8201] provides
search algorithms. Section 5.2 of [RFC8201] provides guidance on guidance on the caching of PMTU information and also the relation
the caching of PMTU information and also the relation to IPv6 to IPv6 flow labels.
flow labels.
In addition, the following principles are stated for design of a In addition, the following principles are stated for design of a
DPLPMTUD method: DPLPMTUD method:
o MPS: A method is REQUIRED to signal an appropriate MPS to the o MPS: A method is REQUIRED to signal an appropriate MPS to the
higher layer using the PL. The value of the MPS can change higher layer using the PL. The value of the MPS can change
following a change to the path. It is RECOMMENDED that methods following a change to the path. It is RECOMMENDED that methods
avoid forcing an application to use an arbitrary small MPS avoid forcing an application to use an arbitrary small MPS
(PLPMTU) for transmission while the method is searching for the (PLPMTU) for transmission while the method is searching for the
currently supported PLPMTU. Datagram PLs do not necessarily currently supported PLPMTU. Datagram PLs do not necessarily
skipping to change at page 13, line 32 skipping to change at page 13, line 32
fails. This could need the PL to re-fragment the data block to a fails. This could need the PL to re-fragment the data block to a
smaller packet size that is expected to traverse the end-to-end path smaller packet size that is expected to traverse the end-to-end path
(which could utilise endpoint network-layer or PL fragmentation when (which could utilise endpoint network-layer or PL fragmentation when
these are available). these are available).
DPLPMTUD MAY choose to use only one of these methods to simplify the DPLPMTUD MAY choose to use only one of these methods to simplify the
implementation. implementation.
Probe messages sent by a PL MUST contain enough information to Probe messages sent by a PL MUST contain enough information to
uniquely identify the probe within Maximum Segment Lifetime, while uniquely identify the probe within Maximum Segment Lifetime, while
being robust to reordering and replay of probe response and ICMP PTB being robust to reordering and replay of probe response and PTB
messages. messages.
4.2. Confirmation of Probed Packet Size 4.2. Confirmation of Probed Packet Size
The PL needs a method to determine (confirm) when probe packets have The PL needs a method to determine (confirm) when probe packets have
been successfully received end-to-end across a network path. been successfully received end-to-end across a network path.
Transport protocols can include end-to-end methods that detect and Transport protocols can include end-to-end methods that detect and
report reception of specific datagrams that they send (e.g., DCCP and report reception of specific datagrams that they send (e.g., DCCP and
SCTP provide keep-alive/heartbeat features). When supported, this SCTP provide keep-alive/heartbeat features). When supported, this
mechanism SHOULD also be used by DPLPMTUD to acknowledge reception of mechanism SHOULD also be used by DPLPMTUD to acknowledge reception of
a probe packet. a probe packet.
A PL that does not acknowledge data reception (e.g., UDP and UDP- A PL that does not acknowledge data reception (e.g., UDP and UDP-
Lite) is unable itself to detect when the packets that it sends are Lite) is unable itself to detect when the packets that it sends are
discarded because their size is greater than the actual PMTU. These discarded because their size is greater than the actual PMTU. These
PLs need to either rely on an application protocol to detect this PLs need to either rely on an application protocol to detect this
loss, or make use of an additional transport method such as UDP- loss, or make use of an additional transport method such as UDP-
Options [I-D.ietf-tsvwg-udp-options]. Options [I-D.ietf-tsvwg-udp-options].
Section Section 5 specifies this function for a set of IETF-specified Section 5 specifies this function for a set of IETF-specified
protocols. protocols.
4.3. Detection of Black Holes 4.3. Detection of Black Holes
A PL sender needs to reduce the PLPMTU when it discovers the actual A PL sender needs to reduce the PLPMTU when it discovers the actual
PMTU supported by a network path is less than the PLPMTU (i.e. to PMTU supported by a network path is less than the PLPMTU (i.e. to
detect that traffic is being black holed). This can be triggered detect that traffic is being black holed). This can be triggered
when a validated PTB message is received, or by another event that when a validated PTB message is received, or by another event that
indicates the network path no longer sustains the current packet indicates the network path no longer sustains the current packet
size, such as a loss report from the PL or repeated lack of response size, such as a loss report from the PL or repeated lack of response
skipping to change at page 14, line 32 skipping to change at page 14, line 32
sender detect that the current PLPMTU is not sustained by the path sender detect that the current PLPMTU is not sustained by the path
(i.e., to detect a black hole): (i.e., to detect a black hole):
o A PL can rely upon a mechanisms implemented within the PL protocol o A PL can rely upon a mechanisms implemented within the PL protocol
to detect excessive loss of data sent with a specific packet size to detect excessive loss of data sent with a specific packet size
and then conclude that this excessive loss could be a result of an and then conclude that this excessive loss could be a result of an
invalid PMTU (as in PLPMTUD for TCP [RFC4821]). invalid PMTU (as in PLPMTUD for TCP [RFC4821]).
o A PL can use the probing mechanism to send confirmation probe o A PL can use the probing mechanism to send confirmation probe
packets of the size of the current PLPMTU and a timer track packets of the size of the current PLPMTU and a timer track
whether acknowledgments are received (e.g., The number of probe whether acknowledgments are received (e.g., the number of probe
packets sent without receiving an acknowledgement, PROBE_COUNT, packets sent without receiving an acknowledgement, PROBE_COUNT,
becomes greater than the MAX_PROBES). These messages need to be becomes greater than the MAX_PROBES). These messages need to be
generated periodically (e.g., using the confirmation timer generated periodically (e.g., using the confirmation timer
Section 5.1.1), and should be suppressed when the PL is not Section 5.1.1), and MAY inhibit sending probe packets when no
actively sending data. Successive loss of probes is an indication application data has been sent since the previous probe packet. A
that the current path no longer supports the PLPMTU. PL preferring to use an up-to-data PMTU once user data is sent
again, MAY choose to continue PMTU discovery for each path.
However, this may result in additional packets being sent.
Successive loss of probes is an indication that the current path
no longer supports the PLPMTU.
When the method detects the current PLPMTU is not supported (a black When the method detects the current PLPMTU is not supported (a black
hole is found), DPLPMTUD sets a lower MPS. The PL then confirms that hole is found), DPLPMTUD sets a lower MPS. The PL then confirms that
the updated PLPMTU can be successfully used across the path. This the updated PLPMTU can be successfully used across the path. This
can need the PL to send a probe packet with a size less than the size can need the PL to send a probe packet with a size less than the size
of the data block generated by an application. In this case, the PL of the data block generated by an application. In this case, the PL
could provide a way to fragment a datagram at the PL, or could could provide a way to fragment a datagram at the PL, or could
instead utilise a control packet with padding. instead utilise a control packet with padding.
4.4. Response to PTB Messages 4.4. Response to PTB Messages
skipping to change at page 15, line 13 skipping to change at page 15, line 18
message before using the PTB information. The response to a PTB message before using the PTB information. The response to a PTB
message depends on the PTB_SIZE indicated in the PTB message, the message depends on the PTB_SIZE indicated in the PTB message, the
state of the PLPMTUD state machine, and the IP protocol being used. state of the PLPMTUD state machine, and the IP protocol being used.
Section 4.4.1 first describes validation for both IPv4 ICMP Section 4.4.1 first describes validation for both IPv4 ICMP
Unreachable messages (type 3) and ICMPv6 packet too big messages, Unreachable messages (type 3) and ICMPv6 packet too big messages,
both of which are referred to as PTB messages in this document. both of which are referred to as PTB messages in this document.
4.4.1. Validation of PTB Messages 4.4.1. Validation of PTB Messages
A PL that receives a PTB message from a router or middlebox, MUST This section specifies utlisation of PTB messages.
perform ICMP validation as specified in Section 5.2 of [RFC8085].
This needs the PL to check the protocol information in the quoted
payload to validate the message originated from the sending node.
This check includes determining the appropriate port and IP
information - necessary for the PTB message to be passed to the PL.
In addition, the PL SHOULD validate information from the ICMP payload
to determine that the quoted packet was sent by the PL. These checks
are intended to provide protection from packets that originate from a
node that is not on the network path. PTB messages are discarded if
they fail to pass these checks, or where there is insufficient ICMP
payload to perform the checks
PTB messages that have been validated can be utilised by the DPLPMTUD o A simple implementation MAY ignore received PTB messages and in
algorithm. A method that utilises these PTB messages can improve the this case the PLPMTU is not updated when a PTB message is
speed at the which the algorithm detects an appropriate PLPMTU, received.
compared to one that relies solely on probing.
o An implementation that supports PTB messages MUST validate
messages before they are further processed.
A PL that receives a PTB message from a router or middlebox, performs
ICMP validation as specified in Section 5.2 of [RFC8085][RFC8201].
Because DPLPMTUD operates at the PL, the PL needs to check that each
received PTB message is received in response to a packet transmitted
by the endpoint PL performing DPLPMTUD.
The PL MUST check the protocol information in the quoted packet
carried in the ICMP PTB message payload to validate the message
originated from the sending node. This validation includes
determining that the combination of the IP addresses, the protocol,
the source port and destination port match those returned in the
quoted packet - this is also necessary for the PTB message to be
passed to the corresponding PL.
The validation SHOULD utilise information that it is not simple for
an off-path attacker to determine. For example, by checking the
value of a protocol header field known only to the two PL endpoints.
A datagram application that uses well-known source and destination
ports ought to also rely on other information to complete this
validation.
These checks are intended to provide protection from packets that
originate from a node that is not on the network path.
A PTB message that does not complete the validation MUST NOT be
further utilised by the DPLPMTUD method.
PTB messages that have been validated MAY be utilised by the DPLPMTUD
algorithm, but MUST NOT be used directly to set the PLPMTU. A method
that utilises these PTB messages can improve the speed at the which
the algorithm detects an appropriate PLPMTU, compared to one that
relies solely on probing. Section 4.4.2 describes this processing.
4.4.2. Use of PTB Messages 4.4.2. Use of PTB Messages
A set of checks are intended to provide protection from a router that A set of checks are intended to provide protection from a router that
reports an unexpected PTB_SIZE. The PL needs to check that the reports an unexpected PTB_SIZE. The PL needs to check that the
indicated PTB_SIZE is less than the size used by probe packets and indicated PTB_SIZE is less than the size used by probe packets and
larger than minimum size accepted. larger than minimum size accepted.
This section provides an informative summary of how PTB messages can This section provides a summary of how PTB messages can be utilised.
be utilised. This processing depends on the PTB_SIZE and the current value of a
set of variables:
Validating PTB Messages:
* A simple implementation is permitted to ignore received PTB
messages and therefore the PLPMTU is not updated when a PTB
message is received.
* An implementation that supports PTB messages MUST validate MIN_PMTU < PTB_SIZE < BASE_PMTU
messages before they are processed.
MIN_PMTU < PTB_SIZE < BASE_MTU
* A robust PL MAY enter the PROBE_ERROR state for an IPv4 path * A robust PL MAY enter the PROBE_ERROR state for an IPv4 path
when the PTB_SIZE reported in the PTB message >= 576B and when when the PTB_SIZE reported in the PTB message >= 68 bytes and
this is less than the BASE_MTU. when this is less than the BASE_PMTU.
* A robust PL MAY enter the PROBE_ERROR state for an IPv6 path * A robust PL MAY enter the PROBE_ERROR state for an IPv6 path
when the PTB_SIZE reported in the PTB message >= 1280B and when when the PTB_SIZE reported in the PTB message >= 1280 bytes and
this is less than the BASE_MTU. when this is less than the BASE_PMTU.
PTB_SIZE = PLPMTU PTB_SIZE = PLPMTU
* Transition to SEARCH_COMPLETE. * Transition to SEARCH_COMPLETE.
PTB_SIZE > PROBED_SIZE PTB_SIZE > PROBED_SIZE
* The PTB_SIZE > PROBED_SIZE, inconsistent network signal. These * The PTB_SIZE > PROBED_SIZE, inconsistent network signal. These
PTB messages ought to be discarded without further processing PTB messages ought to be discarded without further processing
(the PLPMTU not updated). (the PLPMTU not updated).
skipping to change at page 16, line 43 skipping to change at page 17, line 15
PLPMTU < PTB_SIZE < PROBED_SIZE PLPMTU < PTB_SIZE < PROBED_SIZE
* The PLPMTU continues to be valid, but the last PROBED_SIZE * The PLPMTU continues to be valid, but the last PROBED_SIZE
searched was larger than the actual PMTU. searched was larger than the actual PMTU.
* The PLPMTU is not updated. * The PLPMTU is not updated.
* The PL can use the reported PTB_SIZE from the PTB message as * The PL can use the reported PTB_SIZE from the PTB message as
the next search point when it resumes the search algorithm. the next search point when it resumes the search algorithm.
xxx Author Note: Do we want to specify how to handle PTB Message with
PTB_SIZE = 0? xxx
5. Datagram Packetization Layer PMTUD 5. Datagram Packetization Layer PMTUD
This section specifies Datagram PLPMTUD (DPLPMTUD). The method can This section specifies Datagram PLPMTUD (DPLPMTUD). The method can
be introduced at various points in the IP protocol stack to discover be introduced at various points (as indicated with * in the figure
the PLPMTU so that an application can utilise an appropriate MPS for below) in the IP protocol stack to discover the PLPMTU so that an
the current network path. application can utilise an appropriate MPS for the current network
path. DPLPMTUD SHOULD NOT be used by an application if it is already
used in a lower layer.
+----------------------+ +----------------------+
| APP* | | Application* |
+-+-------+----+---+---+ +-+-------+----+---+---+
| | | | | | | |
+---+--+ +--+--+ | +-+---+ +---+--+ +--+--+ | +-+---+
| QUIC*| |UDPO*| | |SCTP*| | QUIC*| |UDPO*| | |SCTP*|
+---+--+ +--+--+ | ++--+-+ +---+--+ +--+--+ | ++--+-+
| | | | | | | | | |
+-------+-+ | | | +-------+-+ | | |
| | | | | | | |
++-+--++ | ++-+--++ |
| UDP | | | UDP | |
+---+--+ | +---+--+ |
| | | |
+--------------+-----+-+ +--------------+-----+-+
| Network Interface | | Network Interface |
+----------------------+ +----------------------+
Figure 1: Examples where DPLPMTUD can be implemented Figure 1: Examples where DPLPMTUD can be implemented
The central idea of DPLPMTUD is probing by a sender. Probe packets The central idea of DPLPMTUD is probing by a sender. Probe packets
are sent to find the maximum size of user message that is completely are sent to find the maximum size of a user message that can be
transferred across the network path from the sender to the completely transferred across the network path from the sender to the
destination. destination.
This section identifies the components needed for implementation, the This section identifies the components needed for implementation, the
phases of operation, the state machine and search algorithm. phases of operation, the state machine and search algorithm.
5.1. DPLPMTUD Components 5.1. DPLPMTUD Components
This section describes components of DPLPMTUD. This section describes components of DPLPMTUD.
5.1.1. Timers 5.1.1. Timers
The method utilises three timers: The method utilises up to three timers:
PROBE_TIMER: The PROBE_TIMER is configured to expire after a period PROBE_TIMER: The PROBE_TIMER is configured to expire after a period
longer than the maximum time to receive an acknowledgment to a longer than the maximum time to receive an acknowledgment to a
probe packet. This value MUST be larger than 1 second, and SHOULD probe packet. This value MUST NOT be smaller than 1 second, and
be larger than 15 seconds. Guidance on selection of the timer SHOULD be larger than 15 seconds. Guidance on selection of the
value are provided in section 3.1.1 of the UDP Usage Guidelines timer value are provided in section 3.1.1 of the UDP Usage
[RFC8085]. Guidelines [RFC8085].
If the PL has a path Round Trip Time (RTT) estimate and timely If the PL has a path Round Trip Time (RTT) estimate and timely
acknowledgements the PROBE_TIMER can be derived from the PL RTT acknowledgements the PROBE_TIMER can be derived from the PL RTT
estimate. estimate.
PMTU_RAISE_TIMER: The PMTU_RAISE_TIMER is configured to the period a PMTU_RAISE_TIMER: The PMTU_RAISE_TIMER is configured to the period a
sender will continue to use the current PLPMTU, after which it re- sender will continue to use the current PLPMTU, after which it re-
enters the Search phase. This timer has a period of 600 secs, as enters the Search phase. This timer has a period of 600 secs, as
recommended by PLPMTUD [RFC4821]. recommended by PLPMTUD [RFC4821].
DPLPMTUD SHOULD inhibit sending probe packets when no application DPLPMTUD MAY inhibit sending probe packets when no application
data has been sent since the previous probe packet. data has been sent since the previous probe packet. A PL
preferring to use an up-to-data PMTU once user data is sent again,
can choose to continue PMTU discovery for each path. However,
this could in sending additional packets.
CONFIRMATION_TIMER: The CONFIRMATION_TIMER is configured to the CONFIRMATION_TIMER: When an acknowledged PL is used, this timer MUST
period a PL sender waits before confirming the current PLPMTU is NOT be used. For other PLs, the CONFIRMATION_TIMER is configured
still supported. This is less than the PMTU_RAISE_TIMER and used to the period a PL sender waits before confirming the current
to decrease the PLPMTU (e.g., when a black hole is encountered). PLPMTU is still supported. This is less than the PMTU_RAISE_TIMER
Confirmation needs to be frequent enough when data is flowing that and used to decrease the PLPMTU (e.g., when a black hole is
the sending PL does not black hole extensive amounts of traffic. encountered). Confirmation needs to be frequent enough when data
Guidance on selection of the timer value are provided in section is flowing that the sending PL does not black hole extensive
3.1.1 of the UDP Usage Guidelines[RFC8085]. amounts of traffic. Guidance on selection of the timer value are
provided in section 3.1.1 of the UDP Usage Guidelines [RFC8085].
DPLPMTUD SHOULD inhibit sending probe packets when no application DPLPMTUD MAY inhibit sending probe packets when no application
data has been sent since the previous probe packet. data has been sent since the previous probe packet. A PL
preferring to use an up-to-data PMTU once user data is sent again,
can choose to continue PMTU discovery for each path. However,
this may result in sending additional packets.
An implementation could implement the various timers using a single An implementation could implement the various timers using a single
timer process. timer.
5.1.2. Constants 5.1.2. Constants
The following constants are defined: The following constants are defined:
MAX_PROBES: MAX_PROBES is the maximum value of the MAX_PROBES: MAX_PROBES is the maximum value of the PROBE_COUNT
PROBE_ERROR_COUNTER. The default value of MAX_PROBES is 10. counter. The default value of MAX_PROBES is 10.
MIN_PMTU: The MIN_PMTU is smallest allowed probe packet size. For MIN_PMTU: The MIN_PMTU is smallest allowed probe packet size. For
IPv6, this value is 1280 bytes, as specified in [RFC2460]. For IPv6, this value is 1280 bytes, as specified in [RFC2460]. For
IPv4, the minimum value is 68 bytes. (An IPv4 router is required IPv4, the minimum value is 68 bytes. (An IPv4 router is required
to be able to forward a datagram of 68 octets without further to be able to forward a datagram of 68 bytes without further
fragmentation. This is the combined size of an IPv4 header and fragmentation. This is the combined size of an IPv4 header and
the minimum fragment size of 8 octets. In addition, receivers are the minimum fragment size of 8 bytes. In addition, receivers are
required to be able to reassemble fragmented datagrams at least up required to be able to reassemble fragmented datagrams at least up
to 576B, as stated in section 3.3.3 of [RFC1122])) to 576 bytes, as stated in section 3.3.3 of [RFC1122]))
MAX_PMTU: The MAX_PMTU is the largest size of PLPMTU. This has to MAX_PMTU: The MAX_PMTU is the largest size of PLPMTU. This has to
be less than or equal to the minimum of the local MTU of the be less than or equal to the minimum of the local MTU of the
outgoing interface and the destination PMTU for receiving. An outgoing interface and the destination PMTU for receiving. An
application or PL MAY reduce the MAX_PMTU when there is no need to application or PL MAY reduce the MAX_PMTU when there is no need to
send packets larger than a specific size. send packets larger than a specific size.
BASE_PMTU: The BASE_PMTU is a configured size expected to work for BASE_PMTU: The BASE_PMTU is a configured size expected to work for
most paths. The size is equal to or larger than the MIN_PMTU and most paths. The size is equal to or larger than the MIN_PMTU and
smaller than the MAX_PMTU. In the case of IPv6, this value is smaller than the MAX_PMTU. In the case of IPv6, this value is
skipping to change at page 19, line 28 skipping to change at page 20, line 8
size of PROBED_SIZE is first attempted. size of PROBED_SIZE is first attempted.
The figure below illustrates the relationship between the packet size The figure below illustrates the relationship between the packet size
constants and variables, in this case when the DPLPMTUD algorithm constants and variables, in this case when the DPLPMTUD algorithm
performs path probing to increase the size of the PLPMTU. The MPS is performs path probing to increase the size of the PLPMTU. The MPS is
less than the PLPMTU. A probe packet has been sent of size less than the PLPMTU. A probe packet has been sent of size
PROBED_SIZE. When this is acknowledged, the PLPMTU will be raised to PROBED_SIZE. When this is acknowledged, the PLPMTU will be raised to
PROBED_SIZE allowing the PROBED_SIZE to be increased towards the PROBED_SIZE allowing the PROBED_SIZE to be increased towards the
actual PMTU. actual PMTU.
MIN_PMTU PMTU_MAX MIN_PMTU MAX_PMTU
<------------------------------------------------------> <-------------------------------------------------->
| | | | | | | | |
V | | | V V | | V
BASE_PMTU V | V Actual PMTU BASE_PMTU | V Actual PMTU
MPS | PROBED_SIZE | PROBED_SIZE
V V
PLPMTU PLPMTU
Figure 2: Relationships between probe and packet sizes Figure 2: Relationships between probe and packet sizes
5.2. DPLPMTUD Phases 5.2. DPLPMTUD Phases
The Datagram PLPMTUD algorithm moves through several phases of The Datagram PLPMTUD algorithm moves through several phases of
operation. operation.
An implementation that only reduces the PLPMTU to a suitable size An implementation that only reduces the PLPMTU to a suitable size
would be sufficient to ensure reliable operation, but can be very would be sufficient to ensure reliable operation, but can be very
inefficient when the actual PMTU changes or when the method (for inefficient when the actual PMTU changes or when the method (for
whatever reason) makes a suboptimal choice for the PLPMTU. whatever reason) makes a suboptimal choice for the PLPMTU.
A full implementation of DPLPMTUD provides an algorithm enabling the A full implementation of DPLPMTUD provides an algorithm enabling the
DPLPMTUD sender to increase the PLPMTU following a change in the DPLPMTUD sender to increase the PLPMTU following a change in the
characteristics of the path, such as when a link is reconfigured with characteristics of the path, such as when a link is reconfigured with
a larger MTU, or when there is a change in the set of links traversed a larger MTU, or when there is a change in the set of links traversed
by an end-to-end flow (e.g., after a routing or path fail-over by an end-to-end flow (e.g., after a routing or path fail-over
decision). decision).
Black hole detection, see Section 4.3 and PTB processing Section 4.4 Black hole detection (Section 4.3) and PTB processing (Section 4.4)
proceed in parallel with these phases of operation. proceed in parallel with these phases of operation.
+-------------------+ +------------------------+
| Path Confirmation +-- Connectivity | BASE_PMTU Confirmation +-- Connectivity
+--------+----------+ \----- or BASE_PMTU +------------+-----------+ \----+ or BASE_PMTU
| /\ \/ Confirmation Fails | ^ V Confirmation Fails
Connectivity and | | +-------+ Connectivity and | | +-------+
BASE_PMTU confirmed | ---------+ Error | BASE_PMTU confirmed | +---------+ Error |
| +-------+ | +-------+
| CONFIRMATION_TIMER | CONFIRMATION_TIMER
| Fires | Fires
\/ V
+----------------+ +--------------+ +----------------+ +--------------+
| Search Complete|<---------+ Search | | Search Complete|<---------+ Search |
+----------------+ +--------------+ +----------------+ +--------------+
Search Algorithm Search Algorithm
Completes Completes
Figure 3: DPLPMTUD Phases Figure 3: DPLPMTUD Phases
Path Confirmation BASE_PMTU Confirmation
* Connectivity is confirmed. * Connectivity is confirmed.
* DPLPMTUD confirms the BASE_PMTU is supported across the network * DPLPMTUD confirms the BASE_PMTU is supported across the network
path. path.
* DPLPMTUD then enters the search phase. * DPLPMTUD then enters the search phase.
Search Search
skipping to change at page 21, line 16 skipping to change at page 22, line 8
to discover if the PLPMTU can be raised. to discover if the PLPMTU can be raised.
Error Error
* Inconsistent or invalid network signals cause DPLPMTUD to be * Inconsistent or invalid network signals cause DPLPMTUD to be
unable to progress. unable to progress.
* This causes the algorithm to lower the MPS until the path is * This causes the algorithm to lower the MPS until the path is
shown to support the BASE_PMTU, or to suspend DPLPMTUD. shown to support the BASE_PMTU, or to suspend DPLPMTUD.
5.2.1. Path Confirmation Phase 5.2.1. BASE_PMTU Confirmation Phase
DPLPMTUD starts in the Path confirmation phase. Path confirmation is DPLPMTUD starts in the BASE_PMTU confirmation phase. BASE_PMTU
performed in two stages: confirmation is performed in two stages:
1. Connectivity to the remote peer is first confirmed. When a 1. Connectivity to the remote peer is first confirmed. When a
connection-oriented PL is used, this stage is implicit. It is connection-oriented PL is used, this stage is implicit. It is
performed as part of the normal PL connection handshake. In performed as part of the normal PL connection handshake. In
contrast, an connectionless PL MUST send an acknowledged probe contrast, an connectionless PL MUST send an acknowledged probe
packet to confirm that the remote peer is reachable. packet to confirm that the remote peer is reachable.
2. In the second stage, the PL confirms it can successfully send a 2. In the second stage, the PL confirms it can successfully send a
datagram of the BASE_PMTU size across the current path. datagram of the BASE_PMTU size across the current path.
A PL that does not wish to support a network path with a PLPMTU less A PL that does not wish to support a network path with a PLPMTU less
than BASE_PMTU can simplify the phase into a single step by than BASE_PMTU can simplify the phase into a single step by
performing connectivity checks with probes of the BASE_PMTU size. performing connectivity checks with probes of the BASE_PMTU size.
A PL MAY respond to PTB messages while in this phase, see A PL MAY respond to PTB messages while in this phase, see
Section 4.4. Section 4.4.
Once path confirmation has completed, DPLPMTUD can advertise an MPS Once BASE_PMTU confirmation has completed, DPLPMTUD can advertise an
to an upper layer. MPS to an upper layer.
If DPLPMTUD fails to complete these tests it enters the If DPLPMTUD fails to complete these tests it enters the
PROBE_DISABLED phase, see Section 5.2.6, and ceases using DPLPTMUD. PROBE_DISABLED phase, see Section 5.2.6, and ceases using DPLPTMUD.
5.2.2. Search Phase 5.2.2. Search Phase
The search phase utilises a search algorithm in attempt to increase The search phase utilises a search algorithm in attempt to increase
the PLPMTU (see Section 5.4.1). The PL sender increases the MPS each the PLPMTU (see Section 5.4.1). The PL sender increases the MPS each
time a packet probe confirms a larger PLPMTU is supported by the time a packet probe confirms a larger PLPMTU is supported by the
path. The algorithm concludes by entering the SEARCH_COMPLETE phase, path. The algorithm concludes by entering the SEARCH_COMPLETE phase,
see Section 5.2.3. see Section 5.2.3.
A PL MAY respond to PTB messages while in this phase, using the PTB A PL MAY respond to PTB messages while in this phase, using the PTB
to advance or terminate the search, see Section 4.4. Similarly black to advance or terminate the search, see Section 4.4. Similarly black
hole detection can terminate the search by entering the PROBE_BASE hole detection can terminate the search by entering the PROBE_BASE
phase, see Section 5.2.4. phase, see Section 5.2.4.
5.2.2.1. Resilience to inconsistent path information 5.2.2.1. Resilience to Inconsistent Path Information
Sometimes a PL sender is able to detect inconsistent results from the Sometimes a PL sender is able to detect inconsistent results from the
sequence of PLPMTU probes that it sends or the sequence of PTB sequence of PLPMTU probes that it sends or the sequence of PTB
messages that it receives. This could be manifested as excessive messages that it receives. This could be manifested as excessive
fluctuation of the MPS. fluctuation of the MPS.
When inconsistent path information is detected, a PL sender can When inconsistent path information is detected, a PL sender can
enable an alternate search mode that clamps the offered MPS to a enable an alternate search mode that clamps the offered MPS to a
smaller value for a period of time. This avoids unnecessary black- smaller value for a period of time. This avoids unnecessary black-
holing of packets. holing of packets.
skipping to change at page 23, line 39 skipping to change at page 24, line 28
DPLPMTUD remains in the ERROR phase until a consistent view of the DPLPMTUD remains in the ERROR phase until a consistent view of the
path can be discovered and it has also been confirmed that the path path can be discovered and it has also been confirmed that the path
supports the BASE_PMTU. supports the BASE_PMTU.
Note: MIN_PMTU may be identical to BASE_PMTU, simplifying the actions Note: MIN_PMTU may be identical to BASE_PMTU, simplifying the actions
in this phase. in this phase.
If no acknowledgement is received for PROBE_COUNT probes of size If no acknowledgement is received for PROBE_COUNT probes of size
MIN_PMTU, the method suspends DPLPMTUD, see Section 5.2.5. MIN_PMTU, the method suspends DPLPMTUD, see Section 5.2.5.
5.2.5.1. Robustness to inconsistent path 5.2.5.1. Robustness to Inconsistent Path
Robustness to paths unable to sustain the BASE_PMTU. Some paths Robustness to paths unable to sustain the BASE_PMTU. Some paths
could be unable to sustain packets of the BASE_PMTU size. These could be unable to sustain packets of the BASE_PMTU size. These
paths could use an alternate algorithm to implement the PROBE_ERROR paths could use an alternate algorithm to implement the PROBE_ERROR
phase that allows fallback to a smaller than desired PLPMTU, rather phase that allows fallback to a smaller than desired PLPMTU, rather
than suffer connectivity failure. than suffer connectivity failure.
This could also utilise methods such as endpoint IP fragmentation to This could also utilise methods such as endpoint IP fragmentation to
enable the PL sender to communicate using packets smaller than the enable the PL sender to communicate using packets smaller than the
BASE_PMTU. BASE_PMTU.
5.2.6. DISABLED Phase 5.2.6. DISABLED Phase
This phase suspends operation of DPLPMTUD. It disables probing for This phase suspends operation of DPLPMTUD. It disables probing for
the PLPMTU until action is taken by the PL or application using the the PLPMTU until action is taken by the PL or application using the
PL. PL.
5.3. State Machine 5.3. State Machine
A state machine for DPLPMTUD is depicted in Figure 4. If multihoming A state machine for DPLPMTUD is depicted in Figure 4. If multihoming
is supported, a state machine is needed for each active path. is supported, a state machine is needed for each path.
PROBE_TIMER expiry | |
(PROBE_COUNT = MAX_PROBES) | Start | PL indicates loss
+-------------------+ +--------------+ | | of connectivity
| PROBE_START +------>|PROBE_DISABLED| V V
+-------------------+ +--------------+ +---------------+ +---------------+
| ^ | DISABLED | | ERROR |
| Path confirmed | +---------------+ +---------------+
v | | PL indicates PROBE_TIMER expiry: ^ |
MAX_PMTU acked or +--------------+-+ (PROBE_COUNT | | connectivity PROBE_COUNT = MAX_PROBES | |
PTB (BASE_PMTU <= +---------| PROBE_SEARCH | | < MAX_PROBES) | +--------------------+ +---------------+ |
PTB_SIZE | +--> +--------------+<+ or Probe acked | | | |
<PROBED_SIZE) | | | ^ | | V | BASE_PMTU Probe |
or | | | | | | +---------------+ acked |
(PROBE_COUNT | | | | |((PTB_SIZE < | | BASE |----------------------+
=MAX_PROBES) | | | | | BASE_PMTU) | +---------------+ |
+---------------+ | | | | or | Black hole detected or ^ | ^ ^ Black hole detected or |
| | | | |(PLPMTU < BASE_MTU)) | PTB_SIZE < PLPMTU | | | | PTB_SIZE < PLPMTU |
| | | | |and (PROBE_COUNT = | +--------------------+ | | +--------------------+ |
| PMTU_RAISE_TIMER | | | | MAX_PROBES) | | +----+ | |
| | | | | | | PROBE_TIMER expiry: | |
| | | | \ | | PROBE_COUNT < MAX_PROBES | |
| +-----------+ | | \ Suspend DPLPDMTUD:| | | |
| | | | \ | | PMTU_RAISE_TIMER expiry | |
| | | | \---------+ | | +-----------------------------------------+ | |
| | (PTB_SIZE < PLPMTU)| | | | | | | | |
| | or | | BASE_PMTU | | | | V | V
| | Black hole detected | | Probe acked | | +---------------+ +---------------+
v | v | v | |SEARCH_COMPLETE| | SEARCHING |
+----------+----+ +--------------+ +-------------+ +---------------+ +---------------+
|SEARCH_COMPLETE|----------->| PROBE_BASE |<-------| PROBE_ERROR | | ^ ^ | | ^
+------+--------+ +--------------+ +-------------+ | | | | | |
/\ | Black hole detected ^ | | BASE_PMTU Probe acked: ^ | | +-----------------------------------------+ | |
| | or | | | | | | MAX_PMTU Probe acked or | |
| | (PTB_SIZE < PLPMTU) | | | Probe BASE_PMTU: | | | PTB (BASE_PMTU <= PTB_SIZE < PROBED_SIZE) or | |
| | | | | (PROBE_COUNT = MAX_PROBES)| +----+ PROBE_COUNT = MAX_PROBES +----+
| | | | +---------------------------+ CONFIRMATION_TIMER expiry: PROBE_TIMER expiry:
+----+ +--+ PROBE_COUNT < MAX_PROBES or PROBE_COUNT < MAX_PROBES or
Confirmation: PROBE_TIMER expiry: PLPMTU Probe acked Probe acked
(PROBE_COUNT < MAX_PROBES) (PROBE_COUNT < MAX_PROBES)
or
PLPMTU Probe acked
Figure 4: State machine for Datagram PLPMTUD. Note: Some state Figure 4: State machine for Datagram PLPMTUD. Note: Some state
changes are not show to simplify the diagram. changes are not show to simplify the diagram.
The following states are defined: The following states are defined:
PROBE_START: The PROBE_START state is the initial state before DISABLED: The DISABLED state is the initial state before probing has
probing has started. The state confirms connectivity to the started. It is also entered from any other state, when the PL
remote PL. indicates loss of connectivity. This state is left, once the PL
indicates connectivity to the remote PL.
The PLPMTU is set to the BASE_PMTU size. Probing ought to start BASE: The BASE state is used to confirm that the BASE_PMTU size is
immediately after connection setup to prevent the prevent the loss supported by the network path and is designed to allow an
of user data. PLPMTUD is not performed in this state. The state application to continue working when there are transient
transitions to PROBE_SEARCH, when a network path has been reductions in the actual PMTU. It also seeks to avoid long
confirmed, i.e., when a sent packet has been acknowledged on this periods where traffic is black holed while searching for a larger
network path and the BASE_PMTU is confirmed to be supported. If PLPMTU.
the network path cannot be confirmed this state transitions to
PROBE_DISABLED.
PROBE_SEARCH: The PROBE_SEARCH state is the main probing state. On entry, the PROBED_SIZE is set to the BASE_PMTU size and the
This state is entered when probing for the BASE_PMTU was PROBE_COUNT is set to zero.
successful.
Each time a probe packet is sent, and the PROBE_TIMER is started.
The state is exited when the probe packet is acknowledged, and the
PL sender enters the SEARCHING state.
The state is also left when the PROBE_COUNT reaches MAX_PROBES; a
PTB message is validated. This causes the PL sender to enter the
ERROR state.
SEARCHING: The SEARCHING state is the main probing state. This
state is entered when probing for the BASE_PMTU was successful.
The PROBE_COUNT is set to zero when the first probe packet is sent The PROBE_COUNT is set to zero when the first probe packet is sent
for each probe size. Each time a probe packet is acknowledged, for each probe size. Each time a probe packet is acknowledged,
the PLPMTU is set to the PROBED_SIZE, and then the PROBED_SIZE is the PLPMTU is set to the PROBED_SIZE, and then the PROBED_SIZE is
increased using the search algorithm. increased using the search algorithm.
When a probe packet is sent and not acknowledged within the period When a probe packet is sent and not acknowledged within the period
of the PROBE_TIMER, the PROBE_COUNT is incremented and the probe of the PROBE_TIMER, the PROBE_COUNT is incremented and the probe
packet is retransmitted. The state is exited when the PROBE_COUNT packet is retransmitted. The state is exited when the PROBE_COUNT
reaches MAX_PROBES; a PTB message is validated; a probe of size reaches MAX_PROBES; a PTB message is validated; a probe of size
PMTU_MAX is acknowledged or black hole detection is triggered. MAX_PMTU is acknowledged or black hole detection is triggered.
SEARCH_COMPLETE: The SEARCH_COMPLETE state indicates a successful SEARCH_COMPLETE: The SEARCH_COMPLETE state indicates a successful
end to the PROBE_SEARCH state. DPLPMTUD remains in this state end to the PROBE_SEARCH state. DPLPMTUD remains in this state
until either the PMTU_RAISE_TIMER expires; a received PTB message until either the PMTU_RAISE_TIMER expires; a received PTB message
is validated; or black hole detection is triggered. is validated; or black hole detection is triggered.
When DPLPMTUD uses an unacknowledged PL and is in the When DPLPMTUD uses an unacknowledged PL and is in the
SEARCH_COMPLETE state, a CONFIRMATION_TIMER periodically resets SEARCH_COMPLETE state, a CONFIRMATION_TIMER periodically resets
the PROBE_COUNT and schedules a probe packet with the size of the the PROBE_COUNT and schedules a probe packet with the size of the
PLPMTU. If the probe packet fails to be acknowledged after PLPMTU. If the probe packet fails to be acknowledged after
MAX_PROBES attempts, the method enters the PROBE_BASE state. When MAX_PROBES attempts, the method enters the BASE state. When used
used with an acknowledged PL (e.g., SCTP), DPLPMTUD SHOULD NOT with an acknowledged PL (e.g., SCTP), DPLPMTUD SHOULD NOT continue
continue to generate PLPMTU probes in this state. to generate PLPMTU probes in this state.
PROBE_BASE: The PROBE_BASE state is used to confirm whether the
BASE_PMTU size is supported by the network path and is designed to
allow an application to continue working when there are transient
reductions in the actual PMTU. It also seeks to avoid long
periods where traffic is black holed while searching for a larger
PLPMTU.
On entry, the PROBED_SIZE is set to the BASE_PMTU size and the
PROBE_COUNT is set to zero.
Each time a probe packet is sent, and the PROBE_TIMER is started.
The state is exited when the probe packet is acknowledged, and the
PL sender enters the PROBE_SEARCH state.
The state is also left when the PROBE_COUNT reaches MAX_PROBES; a
PTB message is validated. This causes the PL sender to enter the
PROBE_ERROR state.
PROBE_ERROR: The PROBE_ERROR state represents the case where the
network path is not known to support a PLPMTU of at least the
BASE_PMTU size. It is entered when either a probe of size
BASE_PMTU has not been acknowledged or a validated PTB message
indicates a smaller PTB_SIZE smaller than the BASE_PMTU.
On entry, the PROBE_COUNT is set to zero and the PROBED_SIZE is ERROR: The ERROR state represents the case where either the network
set to the MIN_PMTU size, and the PLPMTU is reset to MIN_PMTU path is not known to support a PLPMTU of at least the BASE_PMTU
size. In this state, a probe packet is sent, and the PROBE_TIMER size or when there is contradictory information about the network
is started. The state transitions to the PROBE_SEARCH state when path that would otherwise result in excessive variation in the MPS
a probe packet is acknowledged of at least size BASE_PMTU. Robust signalled to the higher layer. The state implements a method to
implementations may validate the BASE_PMTU several times before mitigate oscillation in the state-event engine. It signals a
transition to the PROBE_SEARCH. conservative value of the MPS to the higher layer by the PL. The
state is exited when Packet Probes no longer detect the error or
when the PL indicates that connectivity has been lost.
Implementations are permitted to enable endpoint fragmentation if Implementations are permitted to enable endpoint fragmentation if
the DPLPMTUD is unable to validate MIN_PMTU within PROBE_COUNT the DPLPMTUD is unable to validate MIN_PMTU within PROBE_COUNT
probes. If DPLPMTUD is unable to validate MIN_PMTU the probes. If DPLPMTUD is unable to validate MIN_PMTU the
implementation should transition to PROBE_DISABLED. implementation should transition to PROBE_DISABLED.
PROBE_DISABLED: The PROBE_DISABLED state indicates that connectivity
could not be established. DPLPMTUD MUST NOT probe in this state.
Appendix A contains an informative description of key events. Appendix A contains an informative description of key events.
5.4. Search to Increase the PLPMTU 5.4. Search to Increase the PLPMTU
This section describes the algorithms used by DPLPMTUD to search for This section describes the algorithms used by DPLPMTUD to search for
a larger PLPMTU. a larger PLPMTU.
5.4.1. Probing for a larger PLPMTU 5.4.1. Probing for a Larger PLPMTU
Implementations use a search algorithm across the search range to Implementations use a search algorithm across the search range to
determine whether a larger PLPMTU can be supported across a network determine whether a larger PLPMTU can be supported across a network
path. path.
The method discovers the search range by confirming the minimum The method discovers the search range by confirming the minimum
PLPMTU and then using the probe method to select a PROBED_SIZE less PLPMTU and then using the probe method to select a PROBED_SIZE less
than or equal to PMTU_MAX. PMTU_MAX is the minimum of the local MTU than or equal to MAX_PMTU. MAX_PMTU is the minimum of the local MTU
and EMTU_R (learned from the remote endpoint). The PMTU_MAX MAY be and EMTU_R (learned from the remote endpoint). The MAX_PMTU MAY be
reduced by an application that sets a maximum to the size of reduced by an application that sets a maximum to the size of
datagrams it will send. datagrams it will send.
The PROBE_COUNT is initialised to zero when a probe packet is first The PROBE_COUNT is initialised to zero when a probe packet is first
sent with a particular size. A timer is used by the search algorithm sent with a particular size. A timer is used by the search algorithm
to trigger the sending of probe packets of size PROBED_SIZE, larger to trigger the sending of probe packets of size PROBED_SIZE, larger
than the PLPMTU. Each probe packet successfully sent to the remote than the PLPMTU. Each probe packet successfully sent to the remote
peer is confirmed by acknowledgement at the PL, see Section 4.1. peer is confirmed by acknowledgement at the PL, see Section 4.1.
Each time a probe packet is sent to the destination, the PROBE_TIMER Each time a probe packet is sent to the destination, the PROBE_TIMER
skipping to change at page 29, line 5 skipping to change at page 28, line 31
Implementations could optimize the search procedure by selecting step Implementations could optimize the search procedure by selecting step
sizes from a table of common PMTU sizes. When selecting the sizes from a table of common PMTU sizes. When selecting the
appropriate next size to search, an implementor ought to also appropriate next size to search, an implementor ought to also
consider that there can be common sizes of MPS that applications seek consider that there can be common sizes of MPS that applications seek
to use. to use.
xxx Author Note: A future version of this section will detail example xxx Author Note: A future version of this section will detail example
methods for selecting probe size values, but does not plan to mandate methods for selecting probe size values, but does not plan to mandate
a single method. xxx a single method. xxx
5.4.3. Resilience to inconsistent Path information 5.4.3. Resilience to Inconsistent Path Information
A decision to increase the PLPMTU needs to be resilient to the A decision to increase the PLPMTU needs to be resilient to the
possibility that information learned about the network path is possibility that information learned about the network path is
inconsistent (this could happen when probe packets are lost due to inconsistent (this could happen when probe packets are lost due to
other reasons, or some of the packets in a flow are forwarded along a other reasons, or some of the packets in a flow are forwarded along a
portion of the path that supports a different actual PMTU). portion of the path that supports a different actual PMTU).
Frequent path changes could occur due to unexpected "flapping" - Frequent path changes could occur due to unexpected "flapping" -
where some packets from a flow pass along one path, but other packets where some packets from a flow pass along one path, but other packets
follow a different path with different properties. DPLPMTUD can be follow a different path with different properties. DPLPMTUD can be
skipping to change at page 29, line 26 skipping to change at page 29, line 4
made resilient to these anomalies by introducing hysteresis into the made resilient to these anomalies by introducing hysteresis into the
search decision to increase the MPS. search decision to increase the MPS.
6. Specification of Protocol-Specific Methods 6. Specification of Protocol-Specific Methods
This section specifies protocol-specific details for datagram PLPMTUD This section specifies protocol-specific details for datagram PLPMTUD
for IETF-specified transports. for IETF-specified transports.
The first subsection provides guidance on how to implement the The first subsection provides guidance on how to implement the
DPLPMTUD method as a part of an application using UDP or UDP-Lite. DPLPMTUD method as a part of an application using UDP or UDP-Lite.
The guidance also applies to other datagram services that do not The guidance also applies to other datagram services that do not
include a specific transport protocol (such as a tunnel include a specific transport protocol (such as a tunnel
encapsulation). The following subsection describe how DPLPMTUD can encapsulation). The following subsections describe how DPLPMTUD can
be implemented as a part of the transport service, allowing be implemented as a part of the transport service, allowing
applications using the service to benefit from discovery of the applications using the service to benefit from discovery of the
PLPMTU without themselves needing to implement this method. PLPMTU without themselves needing to implement this method.
6.1. Application support for DPLPMTUD with UDP or UDP-Lite 6.1. Application support for DPLPMTUD with UDP or UDP-Lite
The current specifications of UDP [RFC0768] and UDP-Lite [RFC3828] do The current specifications of UDP [RFC0768] and UDP-Lite [RFC3828] do
not define a method in the RFC-series that supports PLPMTUD. In not define a method in the RFC-series that supports PLPMTUD. In
particular, the UDP transport does not provide the transport layer particular, the UDP transport does not provide the transport layer
features needed to implement datagram PLPMTUD. features needed to implement datagram PLPMTUD.
The DPLPMTUD method can be implemented as a part of an application The DPLPMTUD method can be implemented as a part of an application
built directly or indirectly on UDP or UDP-Lite, but relies on built directly or indirectly on UDP or UDP-Lite, but relies on
higher-layer protocol features to implement the method [RFC8085]. higher-layer protocol features to implement the method [RFC8085].
Some primitives used by DPLPMTUD might not be available via the Some primitives used by DPLPMTUD might not be available via the
Datagram API (e.g., the ability to access the PLPMTU cache, or Datagram API (e.g., the ability to access the PLPMTU cache, or
interpret received ICMP PTB messages). interpret received PTB messages).
In addition, it is desirable that PMTU discovery is not performed by In addition, it is desirable that PMTU discovery is not performed by
multiple protocol layers. An application SHOULD avoid implementing multiple protocol layers. An application SHOULD avoid implementing
DPLPMTUD when the underlying transport system provides this DPLPMTUD when the underlying transport system provides this
capability. Using a common method for managing the PLPMTU has capability. Using a common method for managing the PLPMTU has
benefits, both in the ability to share state between different benefits, both in the ability to share state between different
processes and opportunities to coordinate probing. processes and opportunities to coordinate probing.
6.1.1. Application Request 6.1.1. Application Request
skipping to change at page 30, line 47 skipping to change at page 30, line 27
CONFIRMATION_TIMER to periodically send probe packets while in the CONFIRMATION_TIMER to periodically send probe packets while in the
SEARCH_COMPLETE state. SEARCH_COMPLETE state.
6.1.5. Handling of PTB Messages 6.1.5. Handling of PTB Messages
An application that is able and wishes to receive PTB messages MUST An application that is able and wishes to receive PTB messages MUST
perform ICMP validation as specified in Section 5.2 of [RFC8085]. perform ICMP validation as specified in Section 5.2 of [RFC8085].
This requires that the application to check each received PTB This requires that the application to check each received PTB
messages to validate it is received in response to transmitted messages to validate it is received in response to transmitted
traffic and that the reported PTB_SIZE is less than the current traffic and that the reported PTB_SIZE is less than the current
probed size. A validated PTB message MAY be used as input to the probed size (see Section 4.4.2). A validated PTB message MAY be used
DPLPMTUD algorithm, but MUST NOT be used directly to set the PLPMTU. as input to the DPLPMTUD algorithm, but MUST NOT be used directly to
set the PLPMTU.
6.2. DPLPMTUD with UDP Options 6.2. DPLPMTUD with UDP Options
UDP Options[I-D.ietf-tsvwg-udp-options] can supply the additional UDP Options[I-D.ietf-tsvwg-udp-options] can supply the additional
functionality required to implement DPLPMTUD within the UDP transport functionality required to implement DPLPMTUD within the UDP transport
service. Implementing DPLPMTU using UDP Options avoids the need for service. Implementing DPLPMTUD using UDP Options avoids the need for
each application to implement the DPLPMTUD method. each application to implement the DPLPMTUD method.
Section 5.6 of[I-D.ietf-tsvwg-udp-options] defines the Maximum Section 5.6 of[I-D.ietf-tsvwg-udp-options] defines the Maximum
Segment Size (MSS) option, which allows the local sender to indicate Segment Size (MSS) option, which allows the local sender to indicate
the EMTU_R to the peer. The value received in this option can be the EMTU_R to the peer. The value received in this option can be
used to initialise PMTU_MAX. used to initialise MAX_PMTU.
UDP Options enables padding to be added to UDP datagrams that are UDP Options enables padding to be added to UDP datagrams that are
used as Probe Packets. Feedback confirming reception of each Probe used as Probe Packets. Feedback confirming reception of each Probe
Packet is provided by two new UDP Options: Packet is provided by two new UDP Options:
o The Probe Request Option (Section 6.2.1) is set by a sending PL to o The Probe Request Option (Section 6.2.1) is set by a sending PL to
solicit a response from a remote endpoint. A four-byte token solicit a response from a remote endpoint. A four-byte token
identifies each request. identifies each request.
o The Probe Response Option (Section 6.2.2 is generated by the UDP o The Probe Response Option (Section 6.2.2 is generated by the UDP
skipping to change at page 32, line 42 skipping to change at page 32, line 22
the sender (and is sent along the end-to-end path). The initial the sender (and is sent along the end-to-end path). The initial
value of the token SHOULD be assigned to a randomised value, as value of the token SHOULD be assigned to a randomised value, as
described in section 5.1 of [RFC8085]) to enhance protection from described in section 5.1 of [RFC8085]) to enhance protection from
off-path attacks. off-path attacks.
The sender needs to then check the value returned in the UDP Probe The sender needs to then check the value returned in the UDP Probe
Response Option. The value of the Token field, uniquely identifies a Response Option. The value of the Token field, uniquely identifies a
probe within the maximum segment lifetime. probe within the maximum segment lifetime.
+----------+--------+-----------------+ +----------+--------+-----------------+
| Kind=9* | Len=6 | Token | | Kind=9* | Len=6 | Token |
+----------+--------+-----------------+ +----------+--------+-----------------+
1 byte 1 byte 4 bytes 1 byte 1 byte 4 bytes
* To be confirmed by IANA. * To be confirmed by IANA.
Figure 5: UDP Probe REQ Option Format Figure 5: UDP Probe REQ Option Format
6.2.2. UDP Probe Response Option 6.2.2. UDP Probe Response Option
The Probe Response Option is generated in response to reception of a The Probe Response Option is generated in response to reception of a
skipping to change at page 36, line 6 skipping to change at page 35, line 33
Quick UDP Internet Connection (QUIC) [I-D.ietf-quic-transport] is a Quick UDP Internet Connection (QUIC) [I-D.ietf-quic-transport] is a
UDP-based transport that provides reception feedback. The UDP UDP-based transport that provides reception feedback. The UDP
payload includes the QUIC packet header, protected payload, and any payload includes the QUIC packet header, protected payload, and any
authentication fields. QUIC depends on a PMTU of at least 1280 authentication fields. QUIC depends on a PMTU of at least 1280
bytes. bytes.
Section 9.2 of [I-D.ietf-quic-transport] describes the path Section 9.2 of [I-D.ietf-quic-transport] describes the path
considerations when sending QUIC packets. It recommends the use of considerations when sending QUIC packets. It recommends the use of
PADDING frames to build the probe packet. Pure probe-only packets PADDING frames to build the probe packet. Pure probe-only packets
are constructed with PADDING frames and PING frames to create a are constructed with PADDING frames and PING frames to create a
padding only packet that will illict an acknowledgement. Padding padding only packet that will elicit an acknowledgement. Padding
only frames enable probing the without affecting the transfer of only frames enable probing the without affecting the transfer of
other QUIC frames. other QUIC frames.
The recommendation for QUIC endpoints implementing DPLPMTUD is The recommendation for QUIC endpoints implementing DPLPMTUD is
therefore that a MPS is maintained for each combination of local and therefore that a MPS is maintained for each combination of local and
remote IP addresses [I-D.ietf-quic-transport]. If a QUIC endpoint remote IP addresses [I-D.ietf-quic-transport]. If a QUIC endpoint
determines that the PMTU between any pair of local and remote IP determines that the PMTU between any pair of local and remote IP
addresses has fallen below an acceptable MPS, it needs to immediately addresses has fallen below an acceptable MPS, it needs to immediately
cease sending QUIC packets on the affected path. This could result cease sending QUIC packets on the affected path. This could result
in termination of the connection if an alternative path cannot be in termination of the connection if an alternative path cannot be
skipping to change at page 37, line 38 skipping to change at page 37, line 14
recommends that sender limits generation of probe packets to an recommends that sender limits generation of probe packets to an
average rate lower than one probe per 3 seconds. average rate lower than one probe per 3 seconds.
A PL sender needs to ensure that the method used to confirm reception A PL sender needs to ensure that the method used to confirm reception
of probe packets offers protection from off-path attackers injecting of probe packets offers protection from off-path attackers injecting
packets into the path. This protection if provided in IETF-defined packets into the path. This protection if provided in IETF-defined
protocols (e.g., TCP, SCTP) using a randomly-initialised sequence protocols (e.g., TCP, SCTP) using a randomly-initialised sequence
number. A description of one way to do this when using UDP is number. A description of one way to do this when using UDP is
provided in section 5.1 of [RFC8085]). provided in section 5.1 of [RFC8085]).
There are cases where PTB messages are not delivered due to policy, There are cases where ICMP Packet Too Big (PTB) messages are not
configuration or equipment design (see Section 1.1), this method delivered due to policy, configuration or equipment design (see
therefore does not rely upon PTB messages being received, but is able Section 1.1), this method therefore does not rely upon PTB messages
to utilise these when they are received by the sender. PTB messages being received, but is able to utilise these when they are received
could potentially be used to cause a node to inappropriately reduce by the sender. PTB messages could potentially be used to cause a
the PLPMTU. A node supporting DPLPMTUD MUST therefore appropriately node to inappropriately reduce the PLPMTU. A node supporting
validate the payload of PTB messages to ensure these are received in DPLPMTUD MUST therefore appropriately validate the payload of PTB
response to transmitted traffic (i.e., a reported error condition messages to ensure these are received in response to transmitted
that corresponds to a datagram actually sent by the path layer). traffic (i.e., a reported error condition that corresponds to a
datagram actually sent by the path layer, see Section 4.4.1).
An on-path attacker, able to create a PTB message could forge PTB An on-path attacker, able to create a PTB message could forge PTB
messages that include a valid quoted IP packet. Such an attack could messages that include a valid quoted IP packet. Such an attack could
be used to drive down the PLPMTU. There are two ways this method can be used to drive down the PLPMTU. There are two ways this method can
be mitigated against such attacks: First, by ensuring that a PL be mitigated against such attacks: First, by ensuring that a PL
sender never reduces the PLPMTU below the base size, solely in sender never reduces the PLPMTU below the base size, solely in
response to receiving a PTB message. This is achieved by first response to receiving a PTB message. This is achieved by first
entering the PROBE_BASE state when such a message is received. entering the PROBE_BASE state when such a message is received.
Second, the design does not require processing of PTB messages, a PL Second, the design does not require processing of PTB messages, a PL
sender could therefore suspend processing of PTB messages (e.g., in a sender could therefore suspend processing of PTB messages (e.g., in a
skipping to change at page 45, line 32 skipping to change at page 45, line 32
o Feedback after speaking with Joe Touch helped improve UDP-Options o Feedback after speaking with Joe Touch helped improve UDP-Options
description. description.
Working Group draft -06: Working Group draft -06:
o Updated description of ICMP issues in section 1.1 o Updated description of ICMP issues in section 1.1
o Update to description of QUIC. o Update to description of QUIC.
Authors' Addresses Working group draft -07:
o Moved description of the PTB processing method from the PTB
requirements section.
o Clarified what is performed in the PTB validation check.
o Updated security consideration to explain PTB security without
needing to read the rest of the document.
o Reformatted state machine diagram
Authors' Addresses
Godred Fairhurst Godred Fairhurst
University of Aberdeen University of Aberdeen
School of Engineering School of Engineering
Fraser Noble Building Fraser Noble Building
Aberdeen AB24 3UE Aberdeen AB24 3UE
UK UK
Email: gorry@erg.abdn.ac.uk Email: gorry@erg.abdn.ac.uk
Tom Jones Tom Jones
skipping to change at page 46, line 4 skipping to change at page 46, line 21
Email: gorry@erg.abdn.ac.uk Email: gorry@erg.abdn.ac.uk
Tom Jones Tom Jones
University of Aberdeen University of Aberdeen
School of Engineering School of Engineering
Fraser Noble Building Fraser Noble Building
Aberdeen AB24 3UE Aberdeen AB24 3UE
UK UK
Email: tom@erg.abdn.ac.uk Email: tom@erg.abdn.ac.uk
Michael Tuexen Michael Tuexen
Muenster University of Applied Sciences Muenster University of Applied Sciences
Stegerwaldstrasse 39 Stegerwaldstrasse 39
Stein fart 48565 Steinfurt 48565
DE DE
Email: tuexen@fh-muenster.de Email: tuexen@fh-muenster.de
Irene Ruengeler Irene Ruengeler
Muenster University of Applied Sciences Muenster University of Applied Sciences
Stegerwaldstrasse 39 Stegerwaldstrasse 39
Stein fart 48565 Steinfurt 48565
DE DE
Email: i.ruengeler@fh-muenster.de Email: i.ruengeler@fh-muenster.de
Timo Voelker
Muenster University of Applied Sciences
Stegerwaldstrasse 39
Steinfurt 48565
DE
Email: timo.voelker@fh-muenster.de
 End of changes. 95 change blocks. 
284 lines changed or deleted 313 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/