Internet Engineering Task Force                             G. Fairhurst
Internet-Draft                                                  T. Jones
Updates: 4821
Updates4821 (if approved)                         University of Aberdeen
Intended status: Standards Track                               M. Tuexen
Expires: August 22, 7 December 2019                                    I. Ruengeler
                                                              T. Voelker
                                 Muenster University of Applied Sciences
                                                       February 18,
                                                             5 June 2019

     Packetization Layer Path MTU Discovery for Datagram Transports
                  draft-ietf-tsvwg-datagram-plpmtud-07
                  draft-ietf-tsvwg-datagram-plpmtud-08

Abstract

   This document describes a robust method for Path MTU Discovery
   (PMTUD) for datagram Packetization Layers (PLs).  The document  It describes an
   extension to RFC 1191 and RFC 8201, which specifies ICMP-based Path
   MTU Discovery for IPv4 and IPv6.  The method allows a PL, or a
   datagram application that uses a PL, to discover whether a network
   path can support the current size of datagram.  This can be used to
   detect and reduce the message size when a sender encounters a network
   black hole (where packets are discarded, and no ICMP message
   is received). discarded).  The method can also probe a
   network path with progressively larger packets to find discover whether
   the maximum packet size can be increased.  This allows a sender to
   determine an appropriate packet size, providing functionally for
   datagram transports that is equivalent to the Packetization Layer
   PMTUD specification for TCP, specified in RFC 4821.

   The document also provides implementation notes for incorporating
   Datagram PMTUD into IETF datagram transports or applications that use
   datagram transports.

   When published, this specification updates RFC 4821.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on August 22, 7 December 2019.

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Simplified BSD License text
   as described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Classical Path MTU Discovery  . . . . . . . . . . . . . .   4
     1.2.  Packetization Layer Path MTU Discovery  . . . . . . . . .   6
     1.3.  Path MTU Discovery for Datagram Services  . . . . . . . .   7
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   7
   3.  Features Required to Provide Datagram PLPMTUD . . . . . . . .   9  10
   4.  DPLPMTUD Mechanisms . . . . . . . . . . . . . . . . . . . . .  12
     4.1.  PLPMTU Probe Packets  . . . . . . . . . . . . . . . . . .  12
     4.2.  Confirmation of Probed Packet Size  . . . . . . . . . . .  13  14
     4.3.  Detection of Unsupported PLPMTU Size, aka Black Holes Hole
           Detection . . . . . . . . . . . . . . . . . . . . . . . .  14
     4.4.  Response to PTB Messages  . . . . . . . . . . . . . . . .  15
       4.4.1.  Validation of PTB Messages  . . . . . . . . . . . . .  15
       4.4.2.  Use of PTB Messages . . . . . . . . . . . . . . . . .  16
   5.  Datagram Packetization Layer PMTUD  . . . . . . . . . . . . .  17
     5.1.  DPLPMTUD Components . . . . . . . . . . . . . . . . . . .  18
       5.1.1.  Timers  . . . . . . . . . . . . . . . . . . . . . . .  18
       5.1.2.  Constants . . . . . . . . . . . . . . . . . . . . . .  19
       5.1.3.  Variables . . . . . . . . . . . . . . . . . . . . . .  19
     5.2.  20
       5.1.4.  Overview of DPLPMTUD Phases . . . . . . . . . . . . .  21
     5.2.  State Machine . . . . . . . . . .  20
       5.2.1.  BASE_PMTU Confirmation Phase . . . . . . . . . . . .  22
       5.2.2.  23
     5.3.  Search Phase to Increase the PLPMTU . . . . . . . . . . . . . .  26
       5.3.1.  Probing for a larger PLPMTU . . . . . .  22
         5.2.2.1.  Resilience to Inconsistent Path Information . . .  22
       5.2.3.  Search Complete Phase . . . .  26
       5.3.2.  Selection of Probe Sizes  . . . . . . . . . . . .  23
       5.2.4.  PROBE_BASE Phase . .  27
       5.3.3.  Resilience to Inconsistent Path Information . . . . .  27
     5.4.  Robustness to Inconsistent Paths  . . . . . . . . . . .  23
       5.2.5.  ERROR Phase .  28
   6.  Specification of Protocol-Specific Methods  . . . . . . . . .  28
     6.1.  Application support for DPLPMTUD with UDP or
           UDP-Lite  . . . . . . . . . . .  24
         5.2.5.1.  Robustness to Inconsistent Path . . . . . . . . .  24

       5.2.6.  DISABLED Phase . . . .  28
       6.1.1.  Application Request . . . . . . . . . . . . . . .  24
     5.3.  State Machine . .  29
       6.1.2.  Application Response  . . . . . . . . . . . . . . . .  29
       6.1.3.  Sending Application Probe Packets . . . .  24
     5.4.  Search to Increase the PLPMTU . . . . . .  29
       6.1.4.  Validating the Path . . . . . . . .  27
       5.4.1.  Probing for a Larger PLPMTU . . . . . . . . .  29
       6.1.5.  Handling of PTB Messages  . . . .  27
       5.4.2.  Selection of Probe Sizes . . . . . . . . . .  29
     6.2.  DPLPMTUD for SCTP . . . .  28
       5.4.3.  Resilience to Inconsistent Path Information . . . . .  28
   6.  Specification of Protocol-Specific Methods . . . . . . . . .  28
     6.1.  Application support for DPLPMTUD with UDP or UDP-Lite . .  29
       6.1.1.  Application Request  30
       6.2.1.  SCTP/IPv4 and SCTP/IPv6 . . . . . . . . . . . . . . .  30
       6.2.2.  DPLPMTUD for SCTP/UDP . .  29
       6.1.2.  Application Response . . . . . . . . . . . . . .  31
       6.2.3.  DPLPMTUD for SCTP/DTLS  . .  29
       6.1.3.  Sending Application Probe Packets . . . . . . . . . .  30
       6.1.4.  Validating the Path . . .  31
     6.3.  DPLPMTUD for QUIC . . . . . . . . . . . . . .  30
       6.1.5.  Handling of PTB Messages . . . . . .  32
       6.3.1.  Sending QUIC Probe Packets  . . . . . . . .  30
     6.2.  DPLPMTUD with UDP Options . . . . .  32
       6.3.2.  Validating the Path with QUIC . . . . . . . . . . .  30
       6.2.1.  UDP Probe Request Option .  33
       6.3.3.  Handling of PTB Messages by QUIC  . . . . . . . . . . . . .  32
       6.2.2.  UDP Probe Response Option  33
     6.4.  DPLPMTUD for UDP-Options  . . . . . . . . . . . . . .  32
     6.3.  DPLPMTUD for SCTP . . .  33
   7.  Acknowledgements  . . . . . . . . . . . . . . . . .  33
       6.3.1.  SCTP/IPv4 and SCTP/IPv6 . . . . .  33
   8.  IANA Considerations . . . . . . . . . .  33
         6.3.1.1.  Sending SCTP Probe Packets . . . . . . . . . . .  33
         6.3.1.2.  Validating the Path with SCTP .
   9.  Security Considerations . . . . . . . . .  34
         6.3.1.3.  PTB Message Handling by SCTP . . . . . . . . . .  34
       6.3.2.  DPLPMTUD for SCTP/UDP  33
   10. References  . . . . . . . . . . . . . . . .  34
         6.3.2.1.  Sending SCTP/UDP Probe Packets . . . . . . . . .  34
         6.3.2.2.  Validating the Path with SCTP/UDP . . . . . . .
     10.1.  Normative References .  34
         6.3.2.3.  Handling of PTB Messages by SCTP/UDP . . . . . .  34
       6.3.3.  DPLPMTUD for SCTP/DTLS . . . . . . . . . . .  34
     10.2.  Informative References . . . .  34
         6.3.3.1.  Sending SCTP/DTLS Probe Packets . . . . . . . . .  35
         6.3.3.2.  Validating the Path with SCTP/DTLS . . . .  36
   Appendix A.  Revision Notes . . .  35
         6.3.3.3.  Handling of PTB Messages by SCTP/DTLS . . . . . .  35
     6.4.  DPLPMTUD for QUIC . . . . . . . . . .  37
   Authors' Addresses  . . . . . . . . . .  35
       6.4.1.  Sending QUIC Probe Packets . . . . . . . . . . . . .  35
       6.4.2.  Validating  40

1.  Introduction

   The IETF has specified datagram transport using UDP, SCTP, and DCCP,
   as well as protocols layered on top of these transports (e.g., SCTP/
   UDP, DCCP/UDP, QUIC/UDP), and direct datagram transport over the IP
   network layer.  This document describes a robust method for Path MTU
   Discovery (PMTUD) that may be used with QUIC . . . . . . . . . . . .  36
       6.4.3.  Handling these transport protocols (or
   the applications that use their transport service) to discover an
   appropriate size of packet to use across an Internet path.

1.1.  Classical Path MTU Discovery

   Classical Path Maximum Transmission Unit Discovery (PMTUD) can be
   used with any transport that is able to process ICMP Packet Too Big
   (PTB) messages (e.g., [RFC1191] and [RFC8201]).  In this document,
   the term PTB Messages by QUIC  . . . . . . . . . .  36
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  36
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  36
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  36
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .  38
     10.1.  Normative References . . . . . . . . . . . . . . . . . .  38
     10.2.  Informative References . . . . . . . . . . . . . . . . .  39
   Appendix A.  Event-driven state changes . . . . . . . . . . . . .  40
   Appendix B.  Revision Notes . . . . . . . . . . . . . . . . . . .  43
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  45

1.  Introduction

   The IETF has specified datagram transport using UDP, SCTP, and DCCP,
   as well as protocols layered on top of these transports (e.g., SCTP/
   UDP, DCCP/UDP, QUIC/UDP), and direct datagram transport over the IP
   network layer.  This document describes a robust method for Path MTU
   Discovery (PMTUD) that may be used with these transport protocols (or
   the applications that use their transport service) to discover an
   appropriate size of packet to use across an Internet path.

1.1.  Classical Path MTU Discovery

   Classical Path Maximum Transmission Unit Discovery (PMTUD) can be
   used with any transport that is able to process ICMP Packet Too Big
   (PTB) messages (e.g., [RFC1191] and [RFC8201]).  The term PTB message
   is applied to both IPv4 ICMP Unreachable messages (type 3) that carry
   the error Fragmentation Needed (Type 3, Code 4) [RFC0792] and ICMPv6
   packet too big messages (Type 2) [RFC4443].  When a sender receives a
   PTB message, it reduces the effective MTU to the value reported as
   the Link MTU in the PTB message, and a method that from time-to-time
   increases the packet size in attempt to discover an increase in the
   supported PMTU.  The packets sent with a size larger than the current
   effective PMTU are known as probe packets.

   Packets not intended as probe packets are either fragmented to the
   current effective PMTU, or the attempt to send fails with an error
   code.  Applications are sometimes provided with a primitive to let
   them read the Maximum Packet Size (MPS), derived from the current
   effective PMTU.

   Classical PMTUD is subject to protocol failures.  One failure arises
   when traffic using a packet size larger than the actual PMTU is
   black-holed (all datagrams sent with this size, or larger, are
   silently discarded without the sender receiving PTB messages).  This
   could arise when the PTB messages are not delivered back to the
   sender for some reason (see for example [RFC2923]).

   Examples where PTB messages are not delivered include:

   o  The generation of ICMP messages is usually rate limited.  This may
      result in no PTB messages being sent to the sender (see section
      2.4 of [RFC4443])

   o  ICMP messages are increasingly filtered by middleboxes (including
      firewalls) [RFC4890].  A stateful firewall could be configured
      with a policy to block incoming ICMP messages, which would prevent
      reception of PTB messages to endpoints behind this firewall.

   o  When the router issuing the ICMP message drops a tunneled packet,
      the resulting ICMP message will be directed to the tunnel ingress.
      This tunnel endpoint is responsible for forwarding the ICMP
      message and also processing the quoted packet within the payload
      field to remove the effect of the tunnel, and return a correctly
      formatted ICMP message to the sender [I-D.ietf-intarea-tunnels].
      Failure to do this results in black-holing.

   o  Asymmetry in forwarding can result in there being no route back to
      the original sender, which would prevent an ICMP message being
      delivered to the sender.  This can be also be an issue when
      policy-based routing is used, Equal Cost Multipath (ECMP) routing
      is used, or a middlebox acts as an application load balancer.  An
      example is where the path towards the server is chosen by ECMP
      routing depending on bytes in the IP payload.  In this case, when
      a packet sent by the server encounters a problem after the ECMP
      router, then any resulting ICMP message needs to also be directed
      by the ECMP router towards the same server (i.e., ICMP messages
      need to follow the same path as the flows to which they
      correspond).  Failure to do this results in black-holing.

   o  There are cases where the next hop destination fails to receive a
      packet because of its size.  This could be due to misconfiguration
      of the layer 2 path between nodes, for instance the MTU configured
      in a layer 2 switch, or misconfiguration of the Maximum Receive
      Unit (MRU).  If the packet is dropped by the link, this will not
      cause a PTB message to be sent, and result in consequent black-
      holing.

   Another failure could result if a node that is not on the network
   path sends a PTB message that attempts to force the sender to change
   the effective PMTU [RFC8201].  A sender can protect itself from
   reacting to such messages by utilising the quoted packet within a PTB
   message payload to validate that the received PTB message was
   generated in response to a packet that had actually originated from
   the sender.  However, there are situations where a sender would be
   unable to provide this validation.

   Examples where validation of the PTB message is not possible include:

   o  When a router issuing the ICMP message implements RFC792
      [RFC0792], it is only required to include the first 64 bits of the
      IP payload of the packet within the quoted payload.  This may be
      insufficient to perform the tunnel processing described in the
      previous bullet.  There could be insufficient bytes remaining for
      the sender to interpret the quoted transport information.  The
      recommendation in RFC1812 [RFC1812] is that IPv4 routers return a
      quoted packet with as much of the original datagram as possible
      without the length of the ICMP datagram exceeding 576 bytes.
      (IPv6 routers include as much of invoking packet as possible
      without the ICMPv6 packet exceeding 1280 bytes [RFC4443].)

   o  The use of tunnels/encryption can reduce the size of the quoted
      packet returned to the original source address, increasing the
      risk that there could be insufficient bytes remaining for the
      sender to interpret the quoted transport information.

   o  Even when the PTB message includes sufficient bytes of the quoted
      packet, the network layer could lack sufficient context to
      validate the message, because validation depends on information
      about the active transport flows at an endpoint node (e.g., the
      socket/address pairs being used, and other protocol header
      information).

   o  When a packet is encapsulated/tunneled over an encrypted
      transport, the tunnel/encapsulation ingress might have
      insufficient context, or computational power, to reconstruct the
      transport header that would be needed to perform validation.

1.2.  Packetization Layer Path MTU Discovery

   The term Packetization Layer (PL) has been introduced to describe the
   layer that is responsible for placing data blocks into the payload of
   IP packets and selecting an appropriate MPS.  This function is often
   performed by a transport protocol, but can also be performed by other
   encapsulation methods working above the transport layer.

   In contrast to PMTUD, Packetization Layer Path MTU Discovery
   (PLPMTUD) [RFC4821] does not rely upon reception and validation of
   PTB messages.  It is therefore more robust than Classical PMTUD.
   This has become the recommended approach for implementing PMTU
   discovery with TCP.

   It uses a general strategy where the PL sends probe packets to search
   for the largest size of unfragmented datagram that can be sent over a
   network path.  The probe packets are sent with a progressively larger
   packet size.  If a probe packet is successfully delivered (as
   determined by the PL), then the PLPMTU is raised to the size of the
   successful probe.  If no response is received to a probe packet, the
   method reduces the probe size.  This PLPMTU is used to set the
   application MPS.

   PLPMTUD introduces flexibility in the implementation of PMTU
   discovery.  At one extreme, it can be configured to only perform PTB
   black hole detection and recovery to increase the robustness of
   Classical PMTUD, or at the other extreme, all PTB processing can be
   disabled and PLPMTUD can completely replace Classical PMTUD.

   PLPMTUD can also include additional consistency checks without
   increasing the risk of increased black-holing.  For instance,the
   information available at the PL, or higher layers, makes PTB message
   validation more straight forward.

1.3.  Path MTU Discovery for Datagram Services

   Section 5 of this document presents a set of algorithms for datagram
   protocols to discover the largest size of unfragmented datagram that
   can be sent over a network path.  The method described relies on
   features of the PL described in Section 3 and applies to transport
   protocols operating over IPv4 and IPv6.  It does not require
   cooperation from the lower layers, although it can utilise PTB
   messages when these received messages are made available to the PL.

   The UDP Usage Guidelines [RFC8085] state "an application SHOULD
   either use the Path MTU information provided by the IP layer or
   implement Path MTU Discovery (PMTUD)", but does not provide a
   mechanism for discovering the largest size of unfragmented datagram
   that can be used on a network path.  Prior to this document, PLPMTUD
   had not been specified for UDP.

   Section 10.2 of [RFC4821] recommends a PLPMTUD probing method for the
   Stream Control Transport Protocol (SCTP).  SCTP utilises probe
   packets consisting of a minimal sized HEARTBEAT chunk bundled with a
   PAD chunk as defined in [RFC4820], but RFC4821 does not provide a
   complete specification.  The present document provides the details to
   complete that specification.

   The Datagram Congestion Control Protocol (DCCP) [RFC4340] requires
   implementations to support Classical PMTUD and states that a DCCP
   sender "MUST maintain the MPS allowed for each active DCCP session".
   It also defines the current congestion control MPS (CCMPS) supported
   by a network path.  This recommends use of PMTUD, and suggests use of
   control packets (DCCP-Sync) as path probe packets, because they do
   not risk application data loss.  The method defined in this
   specification could be used with DCCP.

   Section 6 specifies the method for a set of transports, and provides
   information to enable the implementation of PLPMTUD with other
   datagram transports and applications that use datagram transports.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

   Other terminology is directly copied from [RFC4821], and the
   definitions in [RFC1122].

   Actual PMTU:  The Actual PMTU is the PMTU of a network path between a
      sender PL and a destination PL, which the DPLPMTUD algorithm seeks
      to determine.

   Black Holed:  Packets are Black holed when the sender is unaware that
      packets are not delivered to the destination endpoint (e.g., when
      the sender transmits packets of a particular size with a
      previously known effective PMTU and they are silently discarded by
      the network, but is not made aware of a change to the path that
      resulted in a smaller PLPMTU by ICMP messages).

   Classical Path MTU Discovery:  Classical PMTUD is a process described
      in [RFC1191] and [RFC8201], in which nodes rely on PTB messages to
      learn the largest size of unfragmented datagram that can be used
      across a network path.

   Datagram:  A datagram is a transport-layer protocol data unit,
      transmitted in the payload of an IP packet.

   Effective PMTU:  The Effective PMTU is the current estimated value
      for PMTU that is used by a PMTUD.  This is equivalent to the
      PLPMTU derived by PLPMTUD.

   EMTU_S:  The Effective MTU for sending (EMTU_S) is defined in
      [RFC1122] as "the maximum IP datagram size that may be sent, for a
      particular combination of IP source and destination addresses...".

   EMTU_R:  The Effective MTU for receiving (EMTU_R) is designated in
      [RFC1122] as the largest datagram size that can be reassembled by
      EMTU_R ("Effective MTU to receive").

   Link:  A Link is a communication facility or medium over which nodes
      can communicate at the link layer, i.e., a layer below the IP
      layer.  Examples are Ethernet LANs and Internet (or higher) layer
      and tunnels.

   Link MTU:  The Link Maximum Transmission Unit (MTU) is the size in
      bytes of the largest IP packet, including the IP header and
      payload, that can be transmitted over a link.  Note that this
      could more properly be called the IP MTU, to be consistent with
      how other standards organizations use the acronym.  This includes
      the IP header, but excludes link layer headers and other framing
      that is not part of IP or the IP payload.  Other standards
      organizations generally define the link MTU to include the link
      layer headers.

   MAX_PMTU:  The MAX_PMTU is the largest size of PLPMTU that DPLPMTUD
      will attempt to use.

   MPS:  The Maximum Packet Size (MPS) is the largest size of
      application data block that can be sent across a network path.  In
      DPLPMTUD this quantity is derived from the PLPMTU by taking into
      consideration the size of the lower protocol layer headers.

   MIN_PMTU:  The MIN_PMTU is the smallest size of PLPMTU that DPLPMTUD
      will attempt to use.

   Packet:  A Packet is the IP header plus the IP payload.

   Packetization Layer (PL):  The Packetization Layer (PL) is the layer
      of the network stack that places data into packets and performs
      transport protocol functions.

   Path:  The Path is the set of links and routers traversed by a packet
      between a source node and a destination node by a particular flow.

   Path MTU (PMTU):  The Path MTU (PMTU) is the minimum of the Link MTU
      of all the links forming a network path between a source node and
      a destination node.

   PTB_SIZE:  The PTB_SIZE is a value reported in a validated PTB
      message that indicates next hop link MTU of a router along the
      path.

   PLPMTU:  The Packetization Layer PMTU is an estimate of the actual
      PMTU provided by the DPLPMTUD algorithm.

   PLPMTUD:  Packetization Layer Path MTU Discovery (PLPMTUD), the
      method described in this document for datagram PLs, which is an
      extension to Classical PMTU Discovery.

   Probe packet:  A probe packet is a datagram sent with a purposely
      chosen size (typically the current PLPMTU or larger) to detect if
      packets of this size can be successfully sent end-to-end across
      the network path.

3.  Features Required to Provide Datagram PLPMTUD

   TCP PLPMTUD has been defined using standard TCP protocol mechanisms.
   All of the requirements in [RFC4821] also apply to the use of the
   technique with a datagram PL.  Unlike TCP, some datagram PLs require
   additional mechanisms to implement PLPMTUD.

   There are eight requirements for performing the datagram PLPMTUD
   method described in this specification:

   1.  PMTU parameters: A DPLPMTUD sender is RECOMMENDED to provide
       information about the maximum size of packet that can be
       transmitted by the sender on the local link (the local Link MTU).
       It MAY utilize similar information about the receiver when this
       is supplied (note this could be less than EMTU_R).  This avoids
       implementations trying to send probe packets that can not be
       transmitted by the local link.  Too high of a value could reduce
       the efficiency of the search algorithm.  Some applications also
       have a maximum transport protocol data unit (PDU) size, in which
       case there is no benefit from probing for a size larger than this
       (unless a transport allows multiplexing multiple applications
       PDUs into the same datagram).

   2.  PLPMTU: A datagram application using a transport layer not
       supporting fragmentation message is REQUIRED to be able applied to choose both IPv4 ICMP Unreachable
   messages (type 3) that carry the
       size of datagrams sent to error Fragmentation Needed (Type 3,
   Code 4) [RFC0792] and ICMPv6 packet too big messages (Type 2)
   [RFC4443].  When a sender receives a PTB message, it reduces the network, up
   effective MTU to the PLPMTU, or a
       smaller value (such reported as the MPS) derived from this.  This value is
       managed by Link MTU in the DPLPMTUD method.  The PLPMTU (specified as PTB
   message, and a method that from time-to-time increases the
       effective PMTU packet
   size in Section 1 of [RFC1191]) is equivalent attempt to the
       EMTU_S (specified discover an increase in [RFC1122]).

   3.  Probe packets: On request, a DPLPMTUD sender is REQUIRED to be
       able to transmit a packet larger than the PLMPMTU.  This is used
       to send a probe packet.  In IPv4, a probe packet MUST be supported PMTU.  The
   packets sent with the Don't Fragment (DF) bit set in the IP header, and
       without network layer endpoint fragmentation.  In IPv6, a probe
       packet is always sent without source fragmentation (as specified
       in section 5.4 of [RFC8201]).

   4.  Processing PTB messages: A DPLPMTUD sender MAY optionally utilize
       PTB messages received from size larger than the network layer to help identify
       when a network path does current effective PMTU are
   known as probe packets.

   Packets not support the current size of intended as probe
       packet.  Any received PTB message MUST be validated before it is
       used packets are either fragmented to update the PLPMTU discovery information [RFC8201].  This
       validation confirms that
   current effective PMTU, or the PTB message was sent in response attempt to send fails with an error
   code.  Applications are sometimes provided with a packet originating by the sender, and needs primitive to be performed
       before let
   them read the PLPMTU discovery method reacts Maximum Packet Size (MPS), derived from the current
   effective PMTU.

   Classical PMTUD is subject to protocol failures.  One failure arises
   when traffic using a packet size larger than the actual PMTU is
   black-holed (all datagrams sent with this size, or larger, are
   discarded).  This could arise when the PTB message.  A
       PTB message MUST NOT be used messages are not delivered
   back to increase the PLPMTU [RFC8201].

   5.  Reception feedback: sender for some reason (see for example [RFC2923]).

   Examples where PTB messages are not delivered include:

   *  The destination PL endpoint generation of ICMP messages is REQUIRED to
       provide a feedback method that indicates usually rate limited.  This
      could result in no PTB messages being generated to the DPLPMTUD sender
       when a probe packet has been received (see
      section 2.4 of [RFC4443])

   *  ICMP messages can be filtered by the destination PL
       endpoint.  The mechanism needs to middleboxes (including firewalls)
      [RFC4890].  A stateful firewall could be robust configured with a policy
      to block incoming ICMP messages, which would prevent reception of
      PTB messages to a sending endpoint behind this firewall.

   *  When the possibility
       that packets could be significantly delayed along router issuing the ICMP message drops a network path.

       The local PL endpoint at tunneled packet,
      the sending node is REQUIRED to pass
       this feedback resulting ICMP message will be directed to the sender-side DPLPMTUD method.

   6.  Probe loss recovery: It tunnel ingress.
      This tunnel endpoint is RECOMMENDED to use probe packets that
       do not carry any user data.  Most datagram transports permit
       this.  If a probe responsible for forwarding the ICMP
      message and also processing the quoted packet contains user data requiring
       retransmission in case of loss, within the PL (or layers above) are
       REQUIRED payload
      field to arrange any retransmission/repair remove the effect of any resulting
       loss.  DPLPMTUD is REQUIRED the tunnel, and return a correctly
      formatted ICMP message to be robust the sender [I-D.ietf-intarea-tunnels].
      Failure to do this prevents the PTB message reaching the original
      sender.

   *  Asymmetry in forwarding can result in there being no return route
      to the case where probe
       packets are lost due original sender, which would prevent an ICMP message being
      delivered to other reasons (including link
       transmission error, congestion).

   7.  Probing and congestion control: The DPLPMTUD sender treats
       isolated loss of a probe packet (with the sender.  This issue can also arise when policy-
      based routing is used, Equal Cost Multipath (ECMP) routing is
      used, or without a corresponding
       PTB message) middlebox acts as a potential indication of a PMTU limit for an application load balancer.  An
      example is where the
       path.  Loss of path towards the server is chosen by ECMP
      routing depending on bytes in the IP payload.  In this case, when
      a probe packet SHOULD NOT be treated as an
       indication of congestion and sent by the loss SHOULD NOT directly trigger server encounters a congestion control reaction [RFC4821].

   8.  Shared PLPMTU state: The PLPMTU value could problem after the ECMP
      router, then any resulting ICMP message needs to also be stored with directed
      by the corresponding entry in ECMP router towards the destination cache and used by
       other PL instances.  The specification of PLPMTUD [RFC4821]
       states: "If PLPMTUD updates original sender.

   *  There are additional cases where the MTU for next hop destination fails to
      receive a particular path, all
       Packetization Layer sessions that share the path representation
       (as described in Section 5.2 packet because of [RFC4821]) SHOULD its size.  This could be notified due to
       make use
      misconfiguration of the new MTU".  Such methods MUST be robust to layer 2 path between nodes, for instance
      the
       wide variety of underlying network forwarding behaviours, PLPMTU
       adjustments based on shared PLPMTU values should be incorporated MTU configured in the search algorithms.  Section 5.2 a layer 2 switch, or misconfiguration of [RFC8201] provides
       guidance on the caching of PMTU information and also
      Maximum Receive Unit (MRU).  If the relation
       to IPv6 flow labels.

   In addition, packet is dropped by the following principles are stated for design of link,
      this will not cause a
   DPLPMTUD method:

   o  MPS: A method is REQUIRED PTB message to signal an appropriate MPS be sent to the
      higher layer using the PL.  The value of the MPS can change
      following original
      sender.

   Another failure could result if a change to the path.  It is RECOMMENDED node that methods
      avoid forcing an application to use an arbitrary small MPS
      (PLPMTU) for transmission while the method is searching for the
      currently supported PLPMTU.  Datagram PLs do not necessarily
      support fragmentation of PDUs larger than on the network
   path sends a PTB message that attempts to force a sender to change
   the PLPMTU. effective PMTU [RFC8201].  A reduced
      MPS sender can adversely impact protect itself from
   reacting to such messages by utilising the performance of quoted packet within a datagram
      application.

   o  Path validation: It is RECOMMENDED that methods are robust PTB
   message payload to path
      changes validate that could have occurred since the path characteristics
      were last confirmed, and received PTB message was
   generated in response to a packet that had actually originated from
   the possibility of inconsistent path
      information being received.

   o  Datagram reordering: A method is REQUIRED to sender.  However, there are situations where a sender would be robust
   unable to provide this validation.  Examples where validation of the
      possibility that
   PTB message is not possible include:

   *  When a flow encounters reordering, or router issuing the traffic
      (including probe packets) ICMP message implements RFC792
      [RFC0792], it is divided over more than one network
      path.

   o  When only required to probe: It is RECOMMENDED that methods determine whether include the path capacity has increased since it last measured first 64 bits of the path.
      This determines when
      IP payload of the path should again be probed.

4.  DPLPMTUD Mechanisms

   This section lists packet within the protocol mechanisms used in this
   specification.

4.1.  PLPMTU Probe Packets

   The DPLPMTUD method relies upon quoted payload.  There could
      be insufficient bytes remaining for the PL sender being able to generate
   probe packets with a specific size.  TCP is able to generate these
   probe packets by choosing to appropriately segment data being sent
   [RFC4821].  In contrast, a datagram PL that needs to construct a
   probe packet has to either request an application to send a data
   block that interpret the
      quoted transport information.

      Note: The recommendation in RFC1812 [RFC1812] is larger than that generated by an application, or to
   utilise padding functions to extend IPv4 routers
      return a quoted packet with as much of the original datagram beyond as
      possible without the size length of the
   application data block.  Protocols that permit exchange ICMP datagram exceeding 576
      bytes.  IPv6 routers include as much of control
   messages (without an application data block) could alternatively
   prefer to generate a probe packet by extending a control message with
   padding data.

   A receiver needs to be able to distinguish an in-band data block from
   any added padding.  This is needed to ensure that any added padding
   is not passed on to an application at the receiver.

   This results in three invoking packet as
      possible ways that a sender can create a probe without the ICMPv6 packet listed in order exceeding 1280 bytes [RFC4443].

   *  The use of preference:

   Probing using padding data:  A probe tunnels/encryption can reduce the size of the quoted
      packet that contains only
      control information together with any padding, which is needed returned to the original source address, increasing the
      risk that there could be inflated insufficient bytes remaining for the
      sender to interpret the size required for quoted transport information.

   *  Even when the PTB message includes sufficient bytes of the quoted
      packet, the probe packet.  Since
      these probe packets do not carry an application-supplied data
      block, they do not typically require retransmission, although they
      do still consume network capacity and incur layer could lack sufficient context to
      validate the message, because validation depends on information
      about the active transport flows at an endpoint processing.

   Probing using application data node (e.g., the
      socket/address pairs being used, and padding data:  A probe packet that
      contains other protocol header
      information).

   *  When a data block supplied by an application that packet is combined
      with padding to inflate encapsulated/tunneled over an encrypted
      transport, the length of tunnel/encapsulation ingress might have
      insufficient context, or computational power, to reconstruct the datagram
      transport header that would be needed to perform validation.

1.2.  Packetization Layer Path MTU Discovery

   The term Packetization Layer (PL) has been introduced to describe the size
      required
   layer that is responsible for placing data blocks into the probe packet.  If the application/transport needs
      protection from the loss payload of this probe packet,
   IP packets and selecting an appropriate MPS.  This function is often
   performed by a transport protocol, but can also be performed by other
   encapsulation methods working above the application/ transport could perform transport-layer retransmission/repair layer.

   In contrast to PMTUD, Packetization Layer Path MTU Discovery
   (PLPMTUD) [RFC4821] does not rely upon reception and validation of
      the data block (e.g., by retransmission after loss
   PTB messages.  It is detected or
      by duplicating therefore more robust than Classical PMTUD.
   This has become the data block in recommended approach for implementing PMTU
   discovery with TCP.

   It uses a datagram without general strategy where the padding
      data).

   Probing using application data:  A PL sends probe packet packets to search
   for the largest size of unfragmented datagram that contains can be sent over a data
      block supplied by an application that matches
   network path.  Probe packets are sent with a progressively larger
   packet size.  If a probe packet is successfully delivered (as
   determined by the size required
      for PL), then the probe packet.  This method requests PLPMTU is raised to the application size of the
   successful probe.  If no response is received to
      issue a data block of probe packet, the
   method reduces the desired probe size.  If  The result of probing with the application/
      transport needs protection from PLPMTU
   is used to set the loss of an unsuccessful probe
      packet, application MPS.

   PLPMTUD introduces flexibility in the application/transport needs then implementation of PMTU
   discovery.  At one extreme, it can be configured to only perform transport-
      layer retransmission/repair ICMP
   black Hole Detection and recovery to increase the robustness of
   Classical PMTUD, or at the data block (e.g., by
      retransmission after loss is detected).

   A PL other extreme, all PTB processing can be
   disabled and PLPMTUD can completely replace Classical PMTUD.

   PLPMTUD can also include additional consistency checks without
   increasing the risk that uses a probe packet carrying an application data block,
   could need is lost when probing to retransmit this application data block if the probe
   fails.  This could need discover the PL to re-fragment
   path MTU.  For example, information available at the data block PL, or higher
   layers, enables received PTB messages to be validated before being
   utilized.

1.3.  Path MTU Discovery for Datagram Services

   Section 5 of this document presents a
   smaller packet set of algorithms for datagram
   protocols to discover the largest size of unfragmented datagram that is expected to traverse
   can be sent over a network path.  The method described relies on
   features of the end-to-end path
   (which could utilise endpoint network-layer or PL fragmentation described in Section 3 and applies to transport
   protocols operating over IPv4 and IPv6.  It does not require
   cooperation from the lower layers, although it can utilize PTB
   messages when these received messages are available).

   DPLPMTUD MAY choose made available to the PL.

   The UDP Usage Guidelines [RFC8085] state "an application SHOULD
   either use only one of these methods to simplify the
   implementation.

   Probe messages sent Path MTU information provided by the IP layer or
   implement Path MTU Discovery (PMTUD)", but does not provide a PL MUST contain enough information to
   uniquely identify
   mechanism for discovering the probe within Maximum Segment Lifetime, while
   being robust to reordering and replay of probe response and PTB
   messages.

4.2.  Confirmation largest size of Probed Packet Size

   The PL needs unfragmented datagram
   that can be used on a method network path.  Prior to determine (confirm) when probe packets have this document, PLPMTUD
   had not been successfully received end-to-end across specified for UDP.

   Section 10.2 of [RFC4821] recommends a network path. PLPMTUD probing method for the
   Stream Control Transport protocols can include end-to-end methods that detect and
   report reception of specific datagrams that they send (e.g., DCCP and Protocol (SCTP).  SCTP provide keep-alive/heartbeat features).  When supported, this
   mechanism SHOULD also be used by DPLPMTUD to acknowledge reception utilizes probe
   packets consisting of a probe packet.

   A PL that minimal sized HEARTBEAT chunk bundled with a
   PAD chunk as defined in [RFC4820], but RFC4821 does not acknowledge data reception (e.g., UDP and UDP-
   Lite) is unable itself to detect when the packets that it sends are
   discarded because their size is greater than provide a
   complete specification.  The present document provides the actual PMTU.  These
   PLs need details to either rely on an application protocol
   complete that specification.

   The Datagram Congestion Control Protocol (DCCP) [RFC4340] requires
   implementations to detect this
   loss, or make use of an additional transport method such as UDP-
   Options [I-D.ietf-tsvwg-udp-options].

   Section 5 specifies this function for support Classical PMTUD and states that a set of IETF-specified
   protocols.

4.3.  Detection of Black Holes

   A PL DCCP
   sender needs to reduce "MUST maintain the PLPMTU when it discovers MPS allowed for each active DCCP session".
   It also defines the actual
   PMTU current congestion control MPS (CCMPS) supported
   by a network path is less than the PLPMTU (i.e. to
   detect that traffic is being black holed). path.  This can be triggered
   when a validated PTB message is received, or by another event that
   indicates the network recommends use of PMTUD, and suggests use of
   control packets (DCCP-Sync) as path no longer sustains probe packets, because they do
   not risk application data loss.  The method defined in this
   specification could be used with DCCP.

   Section 6 specifies the current packet
   size, such as method for a loss report from the PL or repeated lack set of response
   to probe packets sent transports, and provides
   information to confirm enable the PLPMTU.  Detection is followed
   by a reduction implementation of the PLPMTU.

   Black Hole detection PLPMTUD with other
   datagram transports and applications that use datagram transports.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

   Other terminology is performed by periodically sending packet
   probes directly copied from [RFC4821], and the
   definitions in [RFC1122].

   Actual PMTU:  The Actual PMTU is the PMTU of size PLPMTU to verify that a network path still supports
   the last acknowledged PLPMTU size.  There are two ways between a DPLPMTUD
      sender detect that the current PLPMTU is not sustained by the path
   (i.e., to detect a black hole):

   o  A PL can rely upon and a mechanisms implemented within destination PL, which the PL protocol DPLPMTUD algorithm seeks
      to detect excessive loss of data sent with determine.

   Black Hole:  A Black Hole is encountered when a specific packet size
      and then conclude sender is unaware
      that this excessive loss could be a result of an
      invalid PMTU (as in PLPMTUD for TCP [RFC4821]).

   o  A PL can use the probing mechanism to send confirmation probe packets of the size of the current PLPMTU and a timer track
      whether acknowledgments are received (e.g., not being delivered to the number destination end point.
      Two types of probe Black Hole are relevant to DPLPMTUD:

      Packet Black Hole:  Packets encounter a Packet Black Hole when
                          packets sent without receiving an acknowledgement, PROBE_COUNT,
      becomes greater than the MAX_PROBES).  These messages need are not delivered to be
      generated periodically (e.g., using the confirmation timer
      Section 5.1.1), and MAY inhibit sending probe packets destination
                          endpoint (e.g., when no
      application data has been sent since the previous probe packet.  A
      PL preferring to use an up-to-data PMTU once user data is sent
      again, MAY choose to continue PMTU discovery for each path.
      However, this may result in additional sender transmits
                          packets being sent.
      Successive loss of probes a particular size with a previously
                          known effective PMTU and they are discarded by
                          the network).

      ICMP Black Hole     An ICMP Black Hole is an indication that encountered when the current path
      no longer supports
                          sender is unaware that packets are not
                          delivered to the PLPMTU.

   When destination endpoint because
                          PTB messages are not received by the method detects
                          originating PL sender.

   Black holed :  Traffic is black-holed when the current PLPMTU sender is unaware that
      packets are not supported (a black
   hole being delivered.  This could be due to a Packet
      Black Hole or an ICMP Black Hole.

   Classical Path MTU Discovery:  Classical PMTUD is found), DPLPMTUD sets a lower MPS.  The PL then confirms that process described
      in [RFC1191] and [RFC8201], in which nodes rely on PTB messages to
      learn the updated PLPMTU largest size of unfragmented datagram that can be successfully used
      across the path.  This
   can need the PL to send a probe packet with network path.

   Datagram:  A datagram is a size less than transport-layer protocol data unit,
      transmitted in the size payload of the data block generated by an application.  In this case, IP packet.

   Effective PMTU:  The Effective PMTU is the PL
   could provide current estimated value
      for PMTU that is used by a way PMTUD.  This is equivalent to fragment the
      PLPMTU derived by PLPMTUD.

   EMTU_S:  The Effective MTU for sending (EMTU_S) is defined in
      [RFC1122] as "the maximum IP datagram size that may be sent, for a
      particular combination of IP source and destination addresses...".

   EMTU_R:  The Effective MTU for receiving (EMTU_R) is designated in
      [RFC1122] as the largest datagram size that can be reassembled by
      EMTU_R (Effective MTU to receive).

   Link:  A Link is a communication facility or medium over which nodes
      can communicate at the PL, or could
   instead utilise link layer, i.e., a control packet with padding.

4.4.  Response to PTB Messages

   This method requires the DPLPMTUD sender to validate any received PTB
   message before using layer below the PTB information. IP
      layer.  Examples are Ethernet LANs and Internet (or higher) layer
      and tunnels.

   Link MTU:  The response to a PTB
   message depends on Link Maximum Transmission Unit (MTU) is the PTB_SIZE indicated size in the PTB message, the
   state
      bytes of the PLPMTUD state machine, and largest IP packet, including the IP protocol being used.

   Section 4.4.1 first describes validation for both IPv4 ICMP
   Unreachable messages (type 3) header and ICMPv6 packet too big messages,
   both of which are referred to as PTB messages in
      payload, that can be transmitted over a link.  Note that this document.

4.4.1.  Validation of PTB Messages
      could more properly be called the IP MTU, to be consistent with
      how other standards organizations use the acronym.  This section specifies utlisation of PTB messages.

   o  A simple implementation MAY ignore received PTB messages and in
      this case includes
      the PLPMTU IP header, but excludes link layer headers and other framing
      that is not updated when a PTB message part of IP or the IP payload.  Other standards
      organizations generally define the link MTU to include the link
      layer headers.

   MAX_PMTU:  The MAX_PMTU is
      received.

   o  An implementation the largest size of PLPMTU that supports PTB messages MUST validate
      messages before they are further processed.

   A PL DPLPMTUD
      will attempt to use.

   MPS:  The Maximum Packet Size (MPS) is the largest size of
      application data block that receives can be sent across a PTB message from network path by a router or middlebox, performs
   ICMP validation as specified in Section 5.2 of [RFC8085][RFC8201].
   Because
      PL.  In DPLPMTUD operates at the PL, the PL needs to check that each
   received PTB message this quantity is received in response to a packet transmitted derived from the PLPMTU by
      taking into consideration the endpoint PL performing DPLPMTUD.

   The PL MUST check size of the lower protocol information in layer
      headers.  Probe packets generated by DPLPMTUD can have a size
      larger than the quoted packet
   carried in MPS.

   MIN_PMTU:  The MIN_PMTU is the ICMP PTB message payload smallest size of PLPMTU that DPLPMTUD
      will attempt to validate use.

   Packet:  A Packet is the message
   originated from IP header plus the sending node.  This validation includes
   determining that IP payload.

   Packetization Layer (PL):  The Packetization Layer (PL) is the combination layer
      of the IP addresses, the protocol, network stack that places data into packets and performs
      transport protocol functions.

   Path:  The Path is the set of links and routers traversed by a packet
      between a source port node and a destination port match those returned in the
   quoted packet - this is also necessary for the PTB message to be
   passed to the corresponding PL. node by a particular flow.

   Path MTU (PMTU):  The validation SHOULD utilise information that it Path MTU (PMTU) is not simple for
   an off-path attacker to determine.  For example, by checking the
   value minimum of a protocol header field known only to the two PL endpoints.
   A datagram application that uses well-known Link MTU
      of all the links forming a network path between a source node and
      a destination
   ports ought to also rely on other information to complete this
   validation.

   These checks are intended to provide protection from packets that
   originate from node.

   PTB_SIZE:  The PTB_SIZE is a node value reported in a validated PTB
      message that is not on indicates next hop link MTU of a router along the network
      path.

   A PTB message that does not complete the validation MUST NOT be
   further utilised by

   PLPMTU:  The Packetization Layer PMTU is an estimate of the DPLPMTUD method.

   PTB messages that have been validated MAY be utilised actual
      PMTU provided by the DPLPMTUD
   algorithm, but MUST NOT be used directly to set algorithm.

   PLPMTUD:  Packetization Layer Path MTU Discovery (PLPMTUD), the PLPMTU.  A
      method
   that utilises these PTB messages can improve the speed at the described in this document for datagram PLs, which
   the algorithm detects is an appropriate PLPMTU, compared
      extension to one that
   relies solely on probing.  Section 4.4.2 describes this processing.

4.4.2.  Use of PTB Messages Classical PMTU Discovery.

   Probe packet:  A set of checks are intended to provide protection from a router that
   reports an unexpected PTB_SIZE.  The PL needs to check that the
   indicated PTB_SIZE probe packet is less than the a datagram sent with a purposely
      chosen size used by probe (typically the current PLPMTU or larger) to detect if
      packets and
   larger than minimum size accepted.

   This section provides a summary of how PTB messages this size can be utilised.
   This processing depends on the PTB_SIZE and successfully sent end-to-end across
      the current value network path.

3.  Features Required to Provide Datagram PLPMTUD

   TCP PLPMTUD has been defined using standard TCP protocol mechanisms.
   All of a
   set the requirements in [RFC4821] also apply to the use of variables:

   MIN_PMTU < PTB_SIZE < BASE_PMTU

      *  A robust PL MAY enter the PROBE_ERROR state
   technique with a datagram PL.  Unlike TCP, some datagram PLs require
   additional mechanisms to implement PLPMTUD.

   There are eight requirements for an IPv4 path
         when performing the PTB_SIZE reported datagram PLPMTUD
   method described in the PTB message >= 68 bytes and
         when this specification:

   1.  PMTU parameters: A DPLPMTUD sender is less than RECOMMENDED to provide
       information about the BASE_PMTU.

      *  A robust PL MAY enter maximum size of packet that can be
       transmitted by the PROBE_ERROR state for an IPv6 path
         when sender on the PTB_SIZE reported in local link (the local Link MTU).
       It MAY utilize similar information about the PTB message >= 1280 bytes and receiver when this
       is supplied (note this could be less than the BASE_PMTU.

   PTB_SIZE = PLPMTU

      *  Transition to SEARCH_COMPLETE.

   PTB_SIZE > PROBED_SIZE

      *  The PTB_SIZE > PROBED_SIZE, inconsistent network signal.  These
         PTB messages ought EMTU_R).  This avoids
       implementations trying to be discarded without further processing
         (the PLPMTU send probe packets that can not updated).

      *  The information could be utilised as an input to trigger
         enabling a resilience mode.

   BASE_PMTU <= PTB_SIZE < PLPMTU

      *  Black hole detection is triggered and
       transmitted by the PLPMTU ought to be
         set to BASE_PMTU.

      *  The PL local link.  Too high of a value could use PTB_SIZE reported in reduce
       the efficiency of the PTB message to
         initialise a search algorithm.

   PLPMTU < PTB_SIZE < PROBED_SIZE

      *  The PLPMTU continues to be valid, but the last PROBED_SIZE
         searched was  Some applications also
       have a maximum transport protocol data unit (PDU) size, in which
       case there is no benefit from probing for a size larger than this
       (unless a transport allows multiplexing multiple applications
       PDUs into the actual PMTU.

      *  The PLPMTU is not updated.

      *  The same datagram).

   2.  PLPMTU: A datagram application using a PL can use not supporting
       fragmentation is REQUIRED to be able to choose the size of
       datagrams sent to the reported PTB_SIZE network, up to the PLPMTU, or a smaller
       value (such as the MPS) derived from this.  This value is managed
       by the PTB message DPLPMTUD method.  The PLPMTU (specified as the next search point when it resumes effective
       PMTU in Section 1 of [RFC1191]) is equivalent to the search algorithm.

   xxx Author Note: Do we want EMTU_S
       (specified in [RFC1122]).

   3.  Probe packets: On request, a DPLPMTUD sender is REQUIRED to specify how be
       able to handle PTB Message with
   PTB_SIZE = 0? xxx

5.  Datagram Packetization Layer PMTUD transmit a packet larger than the PLMPMTU.  This section specifies Datagram PLPMTUD (DPLPMTUD).  The method can is used
       to send a probe packet.  In IPv4, a probe packet MUST be introduced at various points (as indicated sent
       with * in the figure
   below) Don't Fragment (DF) bit set in the IP protocol stack to discover the PLPMTU so that an
   application can utilise an appropriate MPS for the current header, and
       without network
   path.  DPLPMTUD SHOULD NOT be used by an application if it layer endpoint fragmentation.  In IPv6, a probe
       packet is already
   used always sent without source fragmentation (as specified
       in a lower layer.

     +----------------------+
     |      Application*    |
     +-+-------+----+---+---+
       |       |    |   |
   +---+--+ +--+--+ | +-+---+
   | QUIC*| |UDPO*| | |SCTP*|
   +---+--+ +--+--+ | ++--+-+
       |       |    |  |  |
       +-------+-+  |  |  |
                 |  |  |  |
                ++-+--++  |
                | UDP  |  |
                +---+--+  |
                    |     |
     +--------------+-----+-+
     |  Network Interface   |
     +----------------------+

           Figure 1: Examples where DPLPMTUD can be implemented

   The central idea section 5.4 of [RFC8201]).

   4.  Processing PTB messages: A DPLPMTUD is probing by a sender.  Probe packets
   are sent sender MAY optionally utilize
       PTB messages received from the network layer to find help identify
       when a network path does not support the maximum current size of a user probe
       packet.  Any received PTB message MUST be validated before it is
       used to update the PLPMTU discovery information [RFC8201].  This
       validation confirms that can the PTB message was sent in response to
       a packet originating by the sender, and needs to be
   completely transferred across performed
       before the network path from PLPMTU discovery method reacts to the PTB message.  A
       PTB message MUST NOT be used to increase the PLPMTU [RFC8201].

   5.  Reception feedback: The destination PL endpoint is REQUIRED to
       provide a feedback method that indicates to the DPLPMTUD sender
       when a probe packet has been received by the destination PL
       endpoint.  The mechanism needs to be robust to the
   destination.

   This section identifies possibility
       that packets could be significantly delayed along a network path.
       The local PL endpoint at the components needed for implementation, sending node is REQUIRED to pass
       this feedback to the
   phases sender DPLPMTUD method.

   6.  Probe loss recovery: It is RECOMMENDED to use probe packets that
       do not carry any user data.  Most datagram transports permit
       this.  If a probe packet contains user data requiring
       retransmission in case of operation, loss, the state machine and search algorithm.

5.1.  DPLPMTUD Components

   This section describes components PL (or layers above) are
       REQUIRED to arrange any retransmission/repair of DPLPMTUD.

5.1.1.  Timers

   The method utilises up any resulting
       loss.  DPLPMTUD is REQUIRED to three timers:

   PROBE_TIMER: be robust in the case where probe
       packets are lost due to other reasons (including link
       transmission error, congestion).

   7.  Probing and congestion control: The PROBE_TIMER is configured to expire after DPLPMTUD sender treats
       isolated loss of a period
      longer than probe packet (with or without a corresponding
       PTB message) as a potential indication of a PMTU limit for the maximum time to receive an acknowledgment to
       path.  Loss of a probe packet.  This value MUST packet SHOULD NOT be smaller than 1 second, treated as an
       indication of congestion and the loss SHOULD NOT directly trigger
       a congestion control reaction [RFC4821].

   8.  Shared PLPMTU state: The PLPMTU value could also be larger than 15 seconds.  Guidance on selection of stored with
       the
      timer value are provided corresponding entry in section 3.1.1 of the UDP Usage
      Guidelines [RFC8085].

      If the PL has a path Round Trip Time (RTT) estimate destination cache and timely
      acknowledgements the PROBE_TIMER can be derived from the used by
       other PL RTT
      estimate.

   PMTU_RAISE_TIMER: instances.  The PMTU_RAISE_TIMER is configured to specification of PLPMTUD [RFC4821]
       states: "If PLPMTUD updates the period MTU for a
      sender will continue particular path, all
       Packetization Layer sessions that share the path representation
       (as described in Section 5.2 of [RFC4821]) SHOULD be notified to
       make use of the current PLPMTU, after which it re-
      enters new MTU".  Such methods MUST be robust to the Search phase.  This timer has a period
       wide variety of 600 secs, as
      recommended by PLPMTUD [RFC4821].

      DPLPMTUD MAY inhibit sending probe packets when no application
      data has been sent since underlying network forwarding behaviors, PLPMTU
       adjustments based on shared PLPMTU values should be incorporated
       in the search algorithms.  Section 5.2 of [RFC8201] provides
       guidance on the caching of PMTU information and also the relation
       to IPv6 flow labels.

   In addition, the previous probe packet. following principles are stated for design of a
   DPLPMTUD method:

   *  MPS: A PL
      preferring to use an up-to-data PMTU once user data method is sent again,
      can choose REQUIRED to continue PMTU discovery for each path.  However,
      this could in sending additional packets.

   CONFIRMATION_TIMER:  When signal an acknowledged PL is used, this timer MUST
      NOT be used.  For other PLs, the CONFIRMATION_TIMER is configured appropriate MPS to the period
      higher layer using the PL.  The value of the MPS can change
      following a PL sender waits before confirming change to the current
      PLPMTU path.  It is still supported.  This RECOMMENDED that methods
      avoid forcing an application to use an arbitrary small MPS
      (PLPMTU) for transmission while the method is less searching for the
      currently supported PLPMTU.  Datagram PLs do not necessarily
      support fragmentation of PDUs larger than the PMTU_RAISE_TIMER
      and used to decrease PLPMTU.  A reduced
      MPS can adversely impact the PLPMTU (e.g., when performance of a black hole datagram
      application.

   *  Path validation: It is
      encountered).  Confirmation needs RECOMMENDED that methods are robust to be frequent enough when data
      is flowing path
      changes that could have occurred since the sending PL does not black hole extensive
      amounts of traffic.  Guidance on selection of path characteristics
      were last confirmed, and to the timer value are
      provided in section 3.1.1 possibility of inconsistent path
      information being received.

   *  Datagram reordering: A method is REQUIRED to be robust to the UDP Usage Guidelines [RFC8085].

      DPLPMTUD MAY inhibit sending
      possibility that a flow encounters reordering, or the traffic
      (including probe packets when no application
      data packets) is divided over more than one network
      path.

   *  When to probe: It is RECOMMENDED that methods determine whether
      the path has been sent changed since it last measured the previous probe packet.  A PL
      preferring to use an up-to-data PMTU once user data is sent again, path.  This can choose
      help determine when to continue PMTU discovery for each path.  However,
      this may result in sending additional packets.

   An implementation could implement the various timers using a single
   timer.

5.1.2.  Constants

   The following constants are defined:

   MAX_PROBES:  MAX_PROBES is probe the maximum value of path again.

4.  DPLPMTUD Mechanisms

   This section lists the PROBE_COUNT
      counter.  The default value of MAX_PROBES is 10.

   MIN_PMTU: protocol mechanisms used in this
   specification.

4.1.  PLPMTU Probe Packets

   The MIN_PMTU is smallest allowed DPLPMTUD method relies upon the PL sender being able to generate
   probe packet packets with a specific size.  For
      IPv6, this value is 1280 bytes, as specified in [RFC2460].  For
      IPv4, the minimum value is 68 bytes.  (An IPv4 router  TCP is required
      to be able to forward generate these
   probe packets by choosing to appropriately segment data being sent
   [RFC4821].  In contrast, a datagram of 68 bytes without further
      fragmentation.  This is the combined size of an IPv4 header and
      the minimum fragment size of 8 bytes.  In addition, receivers are
      required PL that needs to be able construct a
   probe packet has to reassemble fragmented datagrams at least up either request an application to 576 bytes, as stated in section 3.3.3 of [RFC1122]))

   MAX_PMTU:  The MAX_PMTU send a data
   block that is the largest size of PLPMTU.  This has to
      be less larger than that generated by an application, or equal to
   utilize padding functions to extend a datagram beyond the minimum size of the local MTU
   application data block.  Protocols that permit exchange of the
      outgoing interface and the destination PMTU for receiving.  An control
   messages (without an application or PL MAY reduce the MAX_PMTU when there is no need data block) could alternatively
   prefer to
      send packets larger than generate a specific size.

   BASE_PMTU:  The BASE_PMTU is probe packet by extending a configured size expected control message with
   padding data.

   A receiver needs to work for
      most paths.  The size is equal be able to or larger than the MIN_PMTU and
      smaller than the MAX_PMTU.  In the case of IPv6, this value distinguish an in-band data block from
   any added padding.  This is
      1280 bytes [RFC2460].  When using IPv4, a size of 1200 bytes needed to ensure that any added padding
   is
      RECOMMENDED.

5.1.3.  Variables not passed on to an application at the receiver.

   This method utilises results in three possible ways that a set sender can create a probe
   packet listed in order of variables:

   PROBED_SIZE:  The PROBED_SIZE preference:

   Probing using padding data:  A probe packet that contains only
      control information together with any padding, which is needed to
      be inflated to the size of required for the current probe packet.  This is a tentative value for the PLPMTU, which is
      awaiting confirmation by an acknowledgment.

   PROBE_COUNT:  The PROBE_COUNT is a count of the number of
      unsuccessful  Since
      these probe packets do not carry an application-supplied data
      block, they do not typically require retransmission, although they
      do still consume network capacity and incur endpoint processing.

   Probing using application data and padding
   data:  A probe packet that have been sent with
      contains a size of
      PROBED_SIZE.  The value data block supplied by an application that is initialised combined
      with padding to zero when a particular
      size inflate the length of PROBED_SIZE is first attempted.

   The figure below illustrates the relationship between datagram to the packet size
   constants and variables, in this case when
      required for the DPLPMTUD algorithm
   performs path probing to increase probe packet.  If the size application/transport needs
      protection from the loss of this probe packet, the PLPMTU.  The MPS application/
      transport could perform transport-layer retransmission/repair of
      the data block (e.g., by retransmission after loss is
   less than detected or
      by duplicating the PLPMTU. data block in a datagram without the padding
      data).

   Probing using application data:  A probe packet has been sent of that contains a data
      block supplied by an application that matches the size
   PROBED_SIZE.  When this is acknowledged, required
      for the PLPMTU will be raised to
   PROBED_SIZE allowing probe packet.  This method requests the PROBED_SIZE application to be increased towards
      issue a data block of the
   actual PMTU.

        MIN_PMTU                                        MAX_PMTU
          <-------------------------------------------------->
                         |        |     |           |
                         V        |     |           V
                     BASE_PMTU    |     V     Actual PMTU
                                  |  PROBED_SIZE
                                  V
                                PLPMTU

          Figure 2: Relationships between desired probe and packet sizes

5.2.  DPLPMTUD Phases

   The Datagram PLPMTUD algorithm moves through several phases of
   operation.

   An implementation that only reduces size.  If the PLPMTU to a suitable size
   would be sufficient to ensure reliable operation, but can be very
   inefficient when application/
      transport needs protection from the actual PMTU changes or when loss of an unsuccessful probe
      packet, the method (for
   whatever reason) makes a suboptimal choice for application/transport needs then to perform transport-
      layer retransmission/repair of the PLPMTU. data block (e.g., by
      retransmission after loss is detected).

   A full implementation of DPLPMTUD provides PL that uses a probe packet carrying an algorithm enabling the
   DPLPMTUD sender application data block,
   could need to increase retransmit this application data block if the PLPMTU following a change in probe
   fails.  This could need the
   characteristics of PL to re-fragment the path, such as when data block to a link
   smaller packet size that is reconfigured with
   a larger MTU, expected to traverse the end-to-end path
   (which could utilize endpoint network-layer or PL fragmentation when there is
   these are available).

   DPLPMTUD MAY choose to use only one of these methods to simplify the
   implementation.

   Probe messages sent by a change in PL MUST contain enough information to
   uniquely identify the set probe within Maximum Segment Lifetime, while
   being robust to reordering and replay of links traversed
   by an probe response and PTB
   messages.

4.2.  Confirmation of Probed Packet Size

   The PL needs a method to determine (confirm) when probe packets have
   been successfully received end-to-end flow (e.g., after across a routing or path fail-over
   decision).

   Black hole detection (Section 4.3) network path.

   Transport protocols can include end-to-end methods that detect and PTB processing (Section 4.4)
   proceed in parallel with these phases
   report reception of operation.

                    +------------------------+
                    | BASE_PMTU Confirmation +--       Connectivity
                    +------------+-----------+  \----+   or BASE_PMTU
                                 |     ^             V Confirmation Fails
            Connectivity specific datagrams that they send (e.g., DCCP and     |     |         +-------+
             BASE_PMTU confirmed |     +---------+ Error |
                                 |               +-------+
                                 |   CONFIRMATION_TIMER
                                 |        Fires
                                 V
+----------------+          +--------------+
| Search Complete|<---------+   Search     |
+----------------+          +--------------+
                Search Algorithm
                   Completes

                         Figure 3: DPLPMTUD Phases

   BASE_PMTU Confirmation

      *  Connectivity is confirmed.

      *
   SCTP provide keep-alive/heartbeat features).  When supported, this
   mechanism SHOULD also be used by DPLPMTUD confirms the BASE_PMTU to acknowledge reception of
   a probe packet.

   A PL that does not acknowledge data reception (e.g., UDP and UDP-
   Lite) is supported across the network
         path.

      *  DPLPMTUD then enters the search phase.

   Search

      *  DPLPMTUD performs probing unable itself to increase detect when the PLPMTU.

      *  DPLPMTUD then enters packets that it sends are
   discarded because their size is greater than the search complete actual PMTU.  These
   PLs need to either rely on an application protocol to detect this
   loss, or make use of an error phase.

   Search Complete

      *  DPLPMTUD has found additional transport method such as UDP-
   Options [I-D.ietf-tsvwg-udp-options].

   Section 6 specifies this function for a suitable set of IETF-specified
   protocols.

4.3.  Detection of Unsupported PLPMTU that is supported across
         the network path.

      * Size, aka Black hole detection will confirm this PLPMTU continues to be
         supported.

      *  On a longer time-frame, DPLPMTUD will re-enter the search phase Hole Detection

   A PL sender needs to discover if reduce the PLPMTU can be raised.

   Error

      *  Inconsistent or invalid network signals cause DPLPMTUD to be
         unable to progress.

      *  This causes the algorithm to lower the MPS until when it discovers the actual
   PMTU supported by a network path is
         shown to support less than the BASE_PMTU, PLPMTU.  This can
   be triggered when a validated PTB message is received, or to suspend DPLPMTUD.

5.2.1.  BASE_PMTU Confirmation Phase

   DPLPMTUD starts in by another
   event that indicates the BASE_PMTU confirmation phase.  BASE_PMTU
   confirmation is performed in two stages:

   1.  Connectivity to network path no longer sustains the remote peer is first confirmed.  When a
       connection-oriented PL is used, this stage is implicit.  It is
       performed current
   packet size, such as part of a loss report from the normal PL connection handshake.  In
       contrast, an connectionless PL MUST send an acknowledged PL, or repeated lack of
   response to probe
       packet packets sent to confirm that the remote peer PLPMTU.  Detection is reachable.

   2.  In the second stage, the PL confirms it can successfully send
   followed by a
       datagram reduction of the BASE_PMTU PLPMTU.

   This is performed by sending packet probes of size across the current path.

   A PL that does not wish PLPMTU to support verify
   that a network path with a PLPMTU less
   than BASE_PMTU can simplify the phase into a single step by
   performing connectivity checks with probes of still supports the BASE_PMTU last acknowledged PLPMTU size.
   There are two alternative mechanism:

   *  A PL MAY respond to PTB messages while in this phase, see
   Section 4.4.

   Once BASE_PMTU confirmation has completed, DPLPMTUD can advertise an
   MPS to an upper layer.

   If DPLPMTUD fails to complete these tests it enters the
   PROBE_DISABLED phase, see Section 5.2.6, and ceases using DPLPTMUD.

5.2.2.  Search Phase

   The search phase utilises a search algorithm in attempt to increase
   the PLPMTU (see Section 5.4.1).  The PL sender increases the MPS each
   time a packet probe confirms rely upon a larger PLPMTU is supported by the
   path.  The algorithm concludes by entering the SEARCH_COMPLETE phase,
   see Section 5.2.3.

   A PL MAY respond to PTB messages while in this phase, using the PTB
   to advance or terminate the search, see Section 4.4.  Similarly black
   hole detection can terminate the search by entering mechanism implemented within the PROBE_BASE
   phase, see Section 5.2.4.

5.2.2.1.  Resilience to Inconsistent Path Information

   Sometimes a PL sender is able to detect inconsistent results from the
   sequence of PLPMTU probes that it sends or the sequence
      excessive loss of PTB
   messages data sent with a specific packet size and then
      conclude that it receives.  This this excessive loss could be manifested as excessive
   fluctuation of the MPS.

   When inconsistent path information is detected, a result of an invalid
      PMTU (as in PLPMTUD for TCP [RFC4821]).

   *  A PL sender can
   enable an alternate search mode that clamps use the offered MPS DPLPMTUD probing mechanism to a
   smaller value for a period periodically
      generate probe packets of time.  This avoids unnecessary black-
   holing the size of packets.

5.2.3.  Search Complete Phase

   On entry to the search complete phase, current PLPMTU (e.g.,
      using the DPLPMTUD sender starts confirmation timer Section 5.1.1).  A timer tracks
      whether acknowledgments are received.  Successive loss of probes
      is an indication that the
   PMTU_RAISE_TIMER.  In this phase, current path no longer supports the
      PLPMTU remains at (e.g., when the value
   confirmed by number of probe packets sent without
      receiving an acknowledgement, PROBE_COUNT, becomes greater than
      MAX_PROBES).

   A PL MAY inhibit sending probe packets when no application data has
   been sent since the last successful previous probe packet.

   In  A PL preferring to use an
   up-to-data PLPMTU once user data is sent again, MAY choose to
   continue PLPMTU discovery for each path.  However, this phase, may result in
   additional packets being sent.

   When the method detects the current PLPMTU is not supported, DPLPMTUD
   sets a lower MPS.  The PL MUST periodically confirm then confirms that the updated PLPMTU is
   still supported by can
   be successfully used across the path.  If the  The PL is designed in a way that is
   unable to confirm reachability could need to send a
   probe packet with a size less than the destination endpoint after
   probing has completed, size of the method uses data block
   generated by an application.  In this case, the PL could provide a CONFIRMATION_TIMER
   way to
   periodically repeat fragment a probe datagram at the PL, or use a control packet for as the current PLPMTU size.

   If
   packet probe.

4.4.  Response to PTB Messages

   This method requires the DPLPMTUD sender is unable to confirm reachability for packets
   with validate any received PTB
   message before using the PTB information.  The response to a size of PTB
   message depends on the current PLPMTU (e.g., if PTB_SIZE indicated in the CONFIRMATION_TIMER
   expires) or PTB message, the PL signals a lack
   state of reachability, the method exits
   the phase PLPMTUD state machine, and enters the PROBE_BASE phase, see Section 5.2.4.

   If the PMTU_RAISE_TIMER expires, the DPLPMTUD sender re-enters the
   Search phase, see IP protocol being used.

   Section 5.2.2, and resumes probing 4.4.1 first describes validation for a larger
   PLPMTU.

   Back hole detection can be used in parallel both IPv4 ICMP
   Unreachable messages (type 3) and ICMPv6 packet too big messages,
   both of which are referred to check that as PTB messages in this document.

4.4.1.  Validation of PTB Messages

   This section specifies utilization of PTB messages.

   *  A simple implementation MAY ignore received PTB messages and in
      this case the PLPMTU is not updated when a network
   path continues to support PTB message is
      received.

   *  An implementation that supports PTB messages MUST validate
      messages before they are further processed.

   A PL that receives a previously confirmed PLPMTU.  If PTB message from a black
   hole is detected router or middlebox, performs
   ICMP validation as specified in Section 5.2 of [RFC8085][RFC8201].
   Because DPLPMTUD operates at the algorithm moves to PL, the PROBE_BASE phase, see
   Section 5.2.4.

   The phase can also exited when a validated PL needs to check that each
   received PTB message is received
   (see Section 4.4.1).

5.2.4.  PROBE_BASE Phase

   This phase is entered when black hole detection or in response to a packet transmitted
   by the endpoint PL performing DPLPMTUD.

   The PL MUST check the protocol information in the quoted packet
   carried in an ICMP PTB message
   indicates payload to validate the message
   originated from the sending node.  This validation includes
   determining that the PLPMTU is not supported by combination of the path.

   On entry to this phase, IP addresses, the PLPMTU protocol,
   the source port and destination port match those returned in the
   quoted packet - this is set also necessary for the PTB message to be
   passed to the BASE_PMTU, and a corresponding reduced MPS is advertised.

   PROBED_SIZE PL.

   The validation SHOULD utilize information that it is then set not simple for
   an off-path attacker to determine [RFC8085].  For example, by
   checking the PLPMTU (i.e., value of a protocol header field known only to the BASE_PMTU), two
   PL endpoints.  A datagram application that uses well-known source and
   destination ports ought to
   confirm also rely on other information to complete
   this size validation.

   These checks are intended to provide protection from packets that
   originate from a node that is supported across not on the network path.  If confirmed,  A PTB message
   that does not complete the validation MUST NOT be further utilized by
   the DPLPMTUD enters method.

   PTB messages that have been validated MAY be utilized by the Search Phase DPLPMTUD
   algorithm, but MUST NOT be used directly to determine whether set the PL sender
   can use a larger PLPMTU.

   If  A method
   that utilizes these PTB messages can improve the path cannot be confirmed to support speed at the BASE_PMTU after
   sending MAX_PROBES, DPLPMTUD moves to which
   the Error phase, see algorithm detects an appropriate PLPMTU, compared to one that
   relies solely on probing.  Section 5.2.5.

5.2.5.  ERROR Phase

   The ERROR phase is entered when there is conflicting or invalid
   PLPMTU information for the path (e.g. 4.4.2 describes this processing.

4.4.2.  Use of PTB Messages

   A set of checks are intended to provide protection from a failure router that
   reports an unexpected PTB_SIZE.  The PL also needs to support the
   BASE_PMTU).  In this phase, check that the MPS
   indicated PTB_SIZE is set to a value less than the
   BASE_PMTU, but at least the size of the MIN_PMTU.

   DPLPMTUD remains in the ERROR phase until used by probe packets and
   larger than minimum size accepted.

   This section provides a consistent view summary of the
   path how PTB messages can be discovered and it has also been confirmed that utilized.
   This processing depends on the path
   supports PTB_SIZE and the BASE_PMTU.

   Note: current value of a
   set of variables:

   MIN_PMTU may be identical to BASE_PMTU, simplifying < PTB_SIZE < BASE_PMTU
      *  A robust PL MAY enter an error state (see Section 5.2) for an
         IPv4 path when the actions PTB_SIZE reported in the PTB message is
         larger than or equal to 68 bytes and when this phase.

   If no acknowledgement is received for PROBE_COUNT probes of size
   MIN_PMTU, less than the method suspends DPLPMTUD, see
         BASE_PMTU.

      *  A robust PL MAY enter an error state (see Section 5.2.5.

5.2.5.1.  Robustness to Inconsistent Path

   Robustness to paths unable 5.2) for an
         IPv6 path when the PTB_SIZE reported in the PTB message is
         larger than or equal to sustain 1280 bytes and when this is less than
         the BASE_PMTU.  Some paths

   PTB_SIZE = PLPMTU
      *  Completes the search for a larger PLPMTU.

   PTB_SIZE > PROBED_SIZE
      *  Inconsistent network signal.

      *  PTB message ought to be discarded without further processing
         (e. g.  PLPMTU not modified).

      *  The information could be unable utilized as an input to sustain packets of the trigger
         enabling a resilience mode.

   BASE_PMTU size.  These
   paths <= PTB_SIZE < PLPMTU
      *  Black Hole Detection is triggered and the PLPMTU ought to be
         set to BASE_PMTU.

      *  The PL could use an alternate algorithm to implement the PROBE_ERROR
   phase that allows fallback PTB_SIZE reported in the PTB message to
         initialize a smaller than desired PLPMTU, rather
   than suffer connectivity failure.

   This could also utilise methods such as endpoint IP fragmentation search algorithm.

   PLPMTU < PTB_SIZE < PROBED_SIZE
      *  The PLPMTU continues to
   enable be valid, but the PL sender to communicate using packets smaller last PROBED_SIZE
         searched was larger than the
   BASE_PMTU.

5.2.6.  DISABLED Phase

   This phase suspends operation of DPLPMTUD.  It disables probing for
   the actual PMTU.

      *  The PLPMTU until action is taken by the not updated.

      *  The PL or application using can use the
   PL.

5.3.  State Machine

   A state machine for DPLPMTUD is depicted in Figure 4.  If multihoming
   is supported, a state machine is needed for each path.

      |         |
      | Start   | PL indicates loss
      |         |  of connectivity
      V         V
   +---------------+                                   +---------------+
   |    DISABLED   |                                   |     ERROR     |
   +---------------+                                   +---------------+
           | PL indicates           PROBE_TIMER expiry:   ^         |
           | connectivity        PROBE_COUNT = MAX_PROBES |         |
           +--------------------+         +---------------+         |
                                |         |                         |
                                V         |         BASE_PMTU Probe |
                             +---------------+            acked     |
                             |      BASE     |----------------------+
                             +---------------+                      |
         Black hole detected or ^ |    ^  ^ Black hole detected or  | reported PTB_SIZE < PLPMTU    | |    |  | from the PTB message as
         the next search point when it resumes the search algorithm.

   xxx Author Note: Do we want to specify how to handle PTB Message with
   PTB_SIZE < = 0? xxx

5.  Datagram Packetization Layer PMTUD

   This section specifies Datagram PLPMTUD (DPLPMTUD).  The method can
   be introduced at various points (as indicated with * in the figure
   below) in the IP protocol stack to discover the PLPMTU so that an
   application can utilize an appropriate MPS for the current network
   path.  DPLPMTUD SHOULD NOT be used by an application if it is already
   used in a lower layer.

     +----------------------+
     |
           +--------------------+ |    |  +--------------------+    |
           |                      +----+                       |    |
           |                PROBE_TIMER expiry:                |    |
           |             PROBE_COUNT < MAX_PROBES              |    |
           |                                                   |    |
           |               PMTU_RAISE_TIMER expiry             |    |
           |    +-----------------------------------------+    |    |
           |      Application*    |
     +-+-------+----+----+--+
       |       |    |    |
   +---+--+ +--+--+ |                                         V  +-+---+
   |    V
   +---------------+                                   +---------------+
   |SEARCH_COMPLETE| QUIC*| |UDPO*| |   SEARCHING  |SCTP*|
   +---+--+ +--+--+ |
   +---------------+                                   +---------------+  +--+--+
       |    ^    ^       |    |    ^  |  |
       +-------+--+ |  |  |
                  | |  |    +-----------------------------------------+  |
                +-+-+--+  |
                | UDP  |             MAX_PMTU Probe acked or  |
                +---+--+  |
                    |     |     PTB (BASE_PMTU <= PTB_SIZE < PROBED_SIZE) or
     +--------------+-----+-+
     |  Network Interface   |
      +----+               PROBE_COUNT = MAX_PROBES            +----+
   CONFIRMATION_TIMER expiry:                        PROBE_TIMER expiry:
   PROBE_COUNT < MAX_PROBES or               PROBE_COUNT < MAX_PROBES or
        PLPMTU Probe acked                           Probe acked
     +----------------------+

            Figure 4: State machine for Datagram PLPMTUD.  Note: Some state
               changes are not show to simplify the diagram.

   The following states are defined:

   DISABLED:  The DISABLED state is the initial state before probing has
      started.  It is also entered from any other state, when the PL
      indicates loss of connectivity.  This state is left, once the PL
      indicates connectivity to the remote PL.

   BASE:  The BASE state is used to confirm that the BASE_PMTU size is
      supported by the network path and is designed to allow an
      application to continue working when there are transient
      reductions in the actual PMTU.  It also seeks to avoid long
      periods 1: Examples where traffic is black holed while searching for a larger
      PLPMTU.

      On entry, the PROBED_SIZE DPLPMTUD can be implemented

   The central idea of DPLPMTUD is set probing by a sender.  Probe packets
   are sent to find the BASE_PMTU maximum size and the
      PROBE_COUNT is set to zero.

      Each time a probe packet is sent, and the PROBE_TIMER is started.
      The state is exited when the probe packet is acknowledged, and the
      PL sender enters the SEARCHING state.

      The state is also left when the PROBE_COUNT reaches MAX_PROBES; of a
      PTB user message is validated.  This causes that can be
   completely transferred across the network path from the PL sender to enter the
      ERROR state.

   SEARCHING:  The SEARCHING state is the main probing state.  This
      state is entered when probing for the BASE_PMTU was successful.
   destination.

   The PROBE_COUNT is set to zero when folloowing sections identify the first probe packet is sent components needed for each probe size.  Each time a probe packet is acknowledged,
      the PLPMTU is set to
   implementation, provides an overvoew of the PROBED_SIZE, phases of operation, and then the PROBED_SIZE is
      increased using
   specifies the state machine and search algorithm.

      When a probe packet is sent and not acknowledged within the period
      of the PROBE_TIMER,

5.1.  DPLPMTUD Components

   This section describes the PROBE_COUNT is incremented timers, constants, and the probe
      packet is retransmitted. variables of
   DPLPMTUD.

5.1.1.  Timers

   The state method utilizes up to three timers:

   PROBE_TIMER:         The PROBE_TIMER is exited when the PROBE_COUNT
      reaches MAX_PROBES; configured to expire after a PTB message is validated;
                        period longer than the maximum time to receive
                        an acknowledgment to a probe of size
      MAX_PMTU is acknowledged or black hole detection is triggered.

   SEARCH_COMPLETE:  The SEARCH_COMPLETE state indicates a successful
      end to packet.  This value
                        MUST NOT be smaller than 1 second, and SHOULD be
                        larger than 15 seconds.  Guidance on selection
                        of the PROBE_SEARCH state.  DPLPMTUD remains timer value are provided in this state
      until either section 3.1.1
                        of the UDP Usage Guidelines [RFC8085].

                        If the PMTU_RAISE_TIMER expires; a received PTB message
      is validated; or black hole detection is triggered.

      When DPLPMTUD uses an unacknowledged PL has a path Round Trip Time (RTT)
                        estimate and timely acknowledgements the
                        PROBE_TIMER can be derived from the PL RTT
                        estimate.

   PMTU_RAISE_TIMER:    The PMTU_RAISE_TIMER is in configured to the
      SEARCH_COMPLETE state, period
                        a CONFIRMATION_TIMER periodically resets sender will continue to use the PROBE_COUNT and schedules a probe packet with current
                        PLPMTU, after which it re-enters the size Search
                        phase.  This timer has a period of 600 secs, as
                        recommended by PLPMTUD [RFC4821].

                        DPLPMTUD MAY inhibit sending probe packets when
                        no application data has been sent since the
      PLPMTU.  If the
                        previous probe packet fails packet.  A PL preferring to be acknowledged after
      MAX_PROBES attempts, the method enters the BASE state. use
                        an up-to-data PMTU once user data is sent again,
                        can choose to continue PMTU discovery for each
                        path.  However, this may result in sending
                        additional packets.

   CONFIRMATION_TIMER:  When used
      with an acknowledged PL (e.g., SCTP), DPLPMTUD SHOULD NOT continue
      to generate PLPMTU probes in is used, this state.

   ERROR:  The ERROR state represents the case where either timer MUST
                        NOT be used.  For other PLs, the network
      path
                        CONFIRMATION_TIMER is not known configured to support the period a PLPMTU of at least
                        PL sender waits before confirming the BASE_PMTU
      size or when there current
                        PLPMTU is contradictory information about the network
      path that would otherwise result in excessive variation in still supported.  This is less than
                        the MPS
      signalled PMTU_RAISE_TIMER and used to decrease the higher layer.  The state implements
                        PLPMTU (e.g., when a method black hole is encountered).
                        Confirmation needs to
      mitigate oscillation in be frequent enough when
                        data is flowing that the state-event engine.  It signals a
      conservative value sending PL does not
                        black hole extensive amounts of traffic.
                        Guidance on selection of the MPS to the higher layer by timer value are
                        provided in section 3.1.1 of the PL.  The
      state is exited UDP Usage
                        Guidelines [RFC8085].

                        DPLPMTUD MAY inhibit sending probe packets when Packet Probes
                        no longer detect the error or
      when the PL indicates that connectivity application data has been lost.

      Implementations are permitted to enable endpoint fragmentation if sent since the DPLPMTUD is unable
                        previous probe packet.  A PL preferring to validate MIN_PMTU within PROBE_COUNT
      probes.  If DPLPMTUD use
                        an up-to-data PMTU once user data is unable sent again,
                        can choose to validate MIN_PMTU the continue PMTU discovery for each
                        path.  However, this may result in sending
                        additional packets.

   An implementation should transition to PROBE_DISABLED.

   Appendix A contains an informative description could implement the various timers using a single
   timer.

5.1.2.  Constants

   The following constants are defined:

   MAX_PROBES:  The MAX_PROBES is the maximum value of key events.

5.4.  Search to Increase the PLPMTU

   This section describes PROBE_COUNT
                counter (see Section 5.1.3).  The default value of
                MAX_PROBES is 10.

   MIN_PMTU:    The MIN_PMTU is the algorithms used by DPLPMTUD to search for
   a larger PLPMTU.

5.4.1.  Probing for a Larger PLPMTU

   Implementations use a search algorithm across smallest allowed probe packet size.
                For IPv6, this value is 1280 bytes, as specified in
                [RFC2460].  For IPv4, the search range minimum value is 68 bytes.

                Note: An IPv4 router is required to
   determine whether a larger PLPMTU can be supported across able to forward a network
   path.

   The method discovers
                datagram of 68 bytes without further fragmentation.
                This is the search range by confirming combined size of an IPv4 header and the
                minimum
   PLPMTU and then using fragment size of 8 bytes.  In addition,
                receivers are required to be able to reassemble
                fragmented datagrams at least up to 576 bytes, as stated
                in section 3.3.3 of [RFC1122].

   MAX_PMTU:    The MAX_PMTU is the probe method largest size of PLPMTU.  This has to select a PROBED_SIZE
                be less than or equal to MAX_PMTU.  MAX_PMTU is the minimum of the local MTU of
                the outgoing interface and EMTU_R (learned from the remote endpoint).  The MAX_PMTU destination PMTU for
                receiving.  An application, or PL, MAY be
   reduced by an application that sets a maximum to reduce the size of
   datagrams it will send.

   The PROBE_COUNT is initialised to zero
                MAX_PMTU when a probe packet is first
   sent with a particular size.  A timer there is used by the search algorithm no need to trigger the sending of probe send packets of size PROBED_SIZE, larger
                than the PLPMTU.  Each probe packet successfully sent to the remote
   peer is confirmed by acknowledgement at the PL, see Section 4.1.

   Each time a probe packet specific size.

   BASE_PMTU:   The BASE_PMTU is sent a configured size expected to the destination, the PROBE_TIMER
   is started. work for
                most paths.  The timer size is cancelled when the PL receives
   acknowledgment that equal to or larger than the probe packet has been successfully sent
   across
                MIN_PMTU and smaller than the path Section 4.1.  This confirms that MAX_PMTU.  In the PROBED_SIZE case of
                IPv6, this value is
   supported, and the 1280 bytes [RFC2460].  When using
                IPv4, a size of 1200 bytes is RECOMMENDED.

5.1.3.  Variables

   This method utilizes a set of variables:

   PROBED_SIZE:  The PROBED_SIZE value is then assigned to the PLPMTU.
   The search algorithm can continue to send subsequent probe packets size of
   an increasing size.

   If the timer expires before a current probe packet
                 packet.  This is acknowledged, the probe
   has failed to confirm the PROBED_SIZE.  Each time the PROBE_TIMER
   expires, a tentative value for the PROBE_COUNT PLPMTU,
                 which is incremented, the PROBE_TIMER awaiting confirmation by an acknowledgment.

   PROBE_COUNT:  The PROBE_COUNT is
   reinitialised, and a probe packet count of the same number of
                 unsuccessful probe packets that have been sent with a
                 size of PROBED_SIZE.  The value is retransmitted
   (the replicated probe improve the resilience initialized to loss).  The maximum
   number of retransmissions for zero
                 when a particular size of PROBED_SIZE is configured
   (MAX_PROBES).  If first
                 attempted.

   The figure below illustrates the value of relationship between the PROBE_COUNT reaches MAX_PROBES,
   probing will stop, packet size
   constants and the PL sender enters the SEARCH_COMPLETE
   state.

5.4.2.  Selection of Probe Sizes

   The search algorithm needs to determine a minimum useful gain in
   PLPMTU.  It would not be constructive for variables at a PL sender to attempt to
   probe for all sizes - this would incur unnecessary load on the path
   and has the undesirable effect point of slowing the time to reach a more
   optimal MPS.  Implementations SHOULD select when the set of probe packet
   sizes DPLPMTUD
   algorithm performs path probing to maximise the gain in PLPMTU from each search step.

   Implementations could optimize the search procedure by selecting step
   sizes from a table of common PMTU sizes.  When selecting increase the
   appropriate next size to search, an implementor ought to also
   consider that there can be common sizes of MPS that applications seek
   to use.

   xxx Author Note: the PLPMTU.
   A future version probe packet has been sent of size PROBED_SIZE.  Once this section is
   acknowledged, the PLPMTU will detail example
   methods for selecting probe size values, but does not plan to mandate
   a single method. xxx

5.4.3.  Resilience raise to Inconsistent Path Information

   A decision PROBED_SIZE allowing the
   DPLPMTUD algorithm to further increase PROBED_SIZE towards the actual
   PMTU.

        MIN_PMTU                                        MAX_PMTU
          <-------------------------------------------------->
                         |        |     |           |
                         v        |     |           v
                     BASE_PMTU    |     v     Actual PMTU
                                  |  PROBED_SIZE
                                  v
                                PLPMTU needs to be resilient to the
   possibility that information learned about the network path is
   inconsistent (this could happen when probe packets are lost due to
   other reasons, or some

    Figure 2: Relationships between packet size constants and variables

5.1.4.  Overview of the packets in a flow are forwarded along DPLPMTUD Phases

   This section provides a
   portion high-level informative view of the path that supports a different actual PMTU).

   Frequent path changes could occur due to unexpected "flapping" -
   where some packets from a flow pass along one path, but other packets
   follow a different path with different properties. DPLPMTUD can be
   made resilient to these anomalies
   method, by introducing hysteresis into describing the
   search decision movement of the method through several
   phases of operation.  More detail is available in the state machine
   Section 5.2.

                         +------+
                +------->| Base |----------------+ Connectivity
                |        +------+                | or BASE_PMTU
                |           |                    | confirmation failed
                |           |                    v
                |           | Connectivity   +-------+
                |           | and BASE_PMTU  | Error |
                |           | confirmed      +-------+
                |           |                    |
                |           v                    | Consistent connectivity
         PLPMTU |       +--------+               | and BASE_PMTU
   confirmation |       | Search |<--------------+ confirmed
         failed |       +--------+
                |          ^  |
                |          |  |
                |    Raise |  | Search
                |    timer |  | algorithm
                |  expired |  | completed
                |          |  |
                |          |  v
                |   +-----------------+
                +---| Search Complete |
                    +-----------------+

                         Figure 3: DPLPMTUD Phases

   BASE_PMTU Confirmation Phase
      *  The BASE_PMTU Confirmation Phase confirms connectivity to increase the MPS.

6.  Specification of Protocol-Specific Methods
         remote peer.  This section specifies protocol-specific details for datagram PLPMTUD phase is implicit for IETF-specified transports.

   The first subsection provides guidance on how to implement the
   DPLPMTUD method as a part of connection-oriented
         PL (where it can be performed in a PL connection handshake).  A
         connectionless PL needs to send an application using UDP or UDP-Lite. acknowledged probe packet to
         confirm that the remote peer is reachable.

      *  The guidance sender also applies to other datagram services confirms that do BASE_PMTU is supported across the
         network path.

      *  A PL that does not
   include wish to support a specific transport protocol (such as path with a tunnel
   encapsulation).  The following subsections describe how DPLPMTUD PLPMTU less
         than BASE_PMTU can
   be implemented as a part of the transport service, allowing
   applications using simplify the service to benefit from discovery of phase into a single step by
         performing the
   PLPMTU without themselves needing to implement this method.

6.1.  Application support for DPLPMTUD connectivity checks with UDP or UDP-Lite

   The current specifications of UDP [RFC0768] and UDP-Lite [RFC3828] do
   not define a method in the RFC-series that supports PLPMTUD.  In
   particular, probe of the UDP transport does not provide
         BASE_PMTU size.

      *  Once confirmed, DPLPMTUD enters the transport layer
   features needed Search Phase.  If this
         phase fails to implement datagram PLPMTUD.

   The confirm, DPLPMTUD method can be implemented as enters the Error Phase.

   Search Phase
      *  The Search Phase utilizes a part of an application
   built directly or indirectly on UDP or UDP-Lite, but relies on
   higher-layer protocol features search algorithm to implement the method [RFC8085].

   Some primitives used by DPLPMTUD might not be available via send probe
         packets to seek to increase the
   Datagram API (e.g., PLPMTU.

      *  The algorithm concludes when it has found a suitable PLPMTU, by
         entering the ability Search Complete Phase.

      *  A PL could respond to access PTB messages using the PLPMTU cache, or
   interpret received PTB messages).

   In addition, it is desirable that PMTU discovery is not performed to advance or
         terminate the search, see Section 4.4.

      *  Black Hole Detection can also terminate the search by
   multiple protocol layers.  An application SHOULD avoid implementing
   DPLPMTUD entering
         the BASE_PMTU Confirmation phase.

   Search Complete Phase
      *  The Search Complete Phase is entered when the underlying transport system provides this
   capability.  Using PLPMTU is
         supported across the network path.

      *  A PL can use a common method CONFIRMATION_TIMER to periodically repeat a
         probe packet for managing the current PLPMTU has
   benefits, both in size.  If the ability to share state between different
   processes and opportunities sender is
         unable to coordinate probing.

6.1.1.  Application Request

   An application needs an application-layer protocol mechanism (such as
   a message acknowledgement method) that solicits a response from confirm reachability (e.g., if the CONFIRMATION_TIMER
         expires) or the PL signals a
   destination endpoint. lack of reachability, DPLPMTUD
         enters the BASE_PMTU Confirmation phase.

      *  The method SHOULD allow PMTU_RAISE_TIMER is used to periodically resume the sender search
         phase to check discover if the value returned in PLPMTU can be raised.

      *  Black Hole Detection or receipt of a validated PTB message
         Section 4.4.1) can cause the response sender to provide additional protection
   from off-path insertion of data [RFC8085], suitable methods include enter the BASE_PMTU
         Confirmation Phase.

   Error Phase
      *  The Error Phase is entered when there is conflicting or invalid
         PLPMTU information for the path (e.g. a
   parameter known only failure to support the two endpoints, such as a session ID or
   initialised sequence number.

6.1.2.  Application Response

   An application needs an application-layer protocol mechanism
         BASE_PMTU) that cause DPLPMTUD to
   communicate be unable to progress and the response from
         PLPMTU is lowered

      *  DPLPMTUD remains in the destination endpoint.  This
   response may indicate successful reception Error Phase until a consistent view of
         the probe across the
   path, but could path can be discovered and it has also indicate been confirmed that some (or all packets) have failed
   to reach
         the destination.

6.1.3.  Sending Application Probe Packets

   A probe packet that may carry an application data block, but path supports the
   successful transmission of this data BASE_PMTU (or DPLPMTUD is at risk when used for
   probing.  Some applications suspended).

      *  Note: MIN_PMTU may prefer be identical to use a probe packet BASE_PMTU, simplifying the
         actions in this phase.

   An implementation that
   does not carry an application data block only reduces the PLPMTU to avoid disruption a suitable size
   would be sufficient to
   normal data transfer.

6.1.4.  Validating ensure reliable operation, but can be very
   inefficient when the Path

   An application that does not have other higher-layer information
   confirming correct delivery actual PMTU changes or when the method (for
   whatever reason) makes a suboptimal choice for the PLPMTU.

   A full implementation of datagrams SHOULD implement DPLPMTUD provides an algorithm enabling the
   CONFIRMATION_TIMER
   DPLPMTUD sender to periodically send probe packets while increase the PLPMTU following a change in the
   SEARCH_COMPLETE state.

6.1.5.  Handling
   characteristics of PTB Messages

   An application that is able and wishes to receive PTB messages MUST
   perform ICMP validation the path, such as specified when a link is reconfigured with
   a larger MTU, or when there is a change in Section 5.2 of [RFC8085].
   This requires that the application to check each received PTB
   messages to validate it set of links traversed
   by an end-to-end flow (e.g., after a routing or path fail-over
   decision).

5.2.  State Machine

   A state machine for DPLPMTUD is received depicted in response Figure 4.  If multipath
   or multihoming is supported, a state machine is needed for each path.

   Note: Some state changes are not shown to transmitted
   traffic and that simplify the reported diagram.

      |         |
      | Start   | PL indicates loss
      |         |  of connectivity
      v         v
   +---------------+                                   +---------------+
   |    DISABLED   |                                   |     ERROR     |
   +---------------+               PROBE_TIMER expiry: +---------------+
           | PL indicates     PROBE_COUNT = MAX_PROBES or ^         |
           | connectivity       PTB: PTB_SIZE < BASE_PMTU |         |
           +--------------------+         +---------------+         |
                                |         |                         |
                                v         |         BASE_PMTU Probe |
                             +---------------+            acked     |
                             |      BASE     |----------------------+
                             +---------------+                      |
         Black hole detected or ^ |    ^  ^ Black hole detected or  |
         PTB: PTB_SIZE < PLPMTU | |    |  | PTB: PTB_SIZE < PLPMTU  |
           +--------------------+ |    |  +--------------------+    |
           |                      +----+                       |    |
           |                PROBE_TIMER expiry:                |    |
           |             PROBE_COUNT < MAX_PROBES              |    |
           |                                                   |    |
           |               PMTU_RAISE_TIMER expiry             |    |
           |    +-----------------------------------------+    |    |
           |    |                                         |    |    |
           |    |                                         v    |    v
   +---------------+                                   +---------------+
   |SEARCH_COMPLETE|                                   |   SEARCHING   |
   +---------------+                                   +---------------+
      |    ^    ^                                         |    |    ^
      |    |    |                                         |    |    |
      |    |    +-----------------------------------------+    |    |
      |    |        MAX_PMTU Probe acked or PROBE_TIMER        |    |
      |    |        expiry: PROBE_COUNT = MAX_PROBES or        |    |
      +----+               PTB: PTB_SIZE = PLPMTU              +----+
   CONFIRMATION_TIMER expiry:                        PROBE_TIMER expiry:
   PROBE_COUNT < MAX_PROBES or               PROBE_COUNT < MAX_PROBES or
        PLPMTU Probe acked                           Probe acked or PTB:
                                         PLPMTU < PTB_SIZE is less than the current
   probed size (see Section 4.4.2).  A validated PTB message MAY be used
   as input to the DPLPMTUD algorithm, but MUST NOT be used directly to
   set the PLPMTU.

6.2.  DPLPMTUD with UDP Options

   UDP Options[I-D.ietf-tsvwg-udp-options] can supply the additional
   functionality required to implement DPLPMTUD within the UDP transport
   service.  Implementing DPLPMTUD using UDP Options avoids the need < PROBED_SIZE

                Figure 4: State machine for
   each application to implement the DPLPMTUD method.

   Section 5.6 of[I-D.ietf-tsvwg-udp-options] defines Datagram PLPMTUD

   The following states are defined:

   DISABLED:         The DISABLED state is the Maximum
   Segment Size (MSS) option, which allows initial state before
                     probing has started.  It is also entered from any
                     other state, when the local sender to indicate PL indicates loss of
                     connectivity.  This state is left, once the EMTU_R PL
                     indicates connectivity to the peer. remote PL.

   BASE:             The value received in this option can be BASE state is used to initialise MAX_PMTU.

   UDP Options enables padding to be added to UDP datagrams confirm that are
   used as Probe Packets.  Feedback confirming reception of each Probe
   Packet the
                     BASE_PMTU size is provided supported by two new UDP Options:

   o  The Probe Request Option (Section 6.2.1) the network path and
                     is set by a sending PL designed to
      solicit a response from a remote endpoint.  A four-byte token
      identifies each request.

   o  The Probe Response Option (Section 6.2.2 is generated by the UDP
      Options receiver in response allow an application to reception of a previously received
      Probe Request Option.  Each Probe Response Option echoes a
      previously received four-byte token.

   The token value allows implementations continue
                     working when there are transient reductions in the
                     actual PMTU.  It also seeks to be distinguish between
   acknowledgements avoid long periods
                     where traffic is black holed while searching for initial probe packets and acknowledgements
   confirming receipt of subsequent probe packets (e.g., travelling
   along alternate paths with a
                     larger RTT). PLPMTU.

                     On entry, the PROBED_SIZE is set to the BASE_PMTU
                     size and the PROBE_COUNT is set to zero.

                     Each time a probe packet needs to
   be uniquely identifiable by is sent, the UDP Options PROBE_TIMER
                     is started.  The state is exited when the probe
                     packet is acknowledged, and the PL sender within enters
                     the Maximum
   Segment Lifetime (MSL). SEARCHING state.

                     The UDP Options sender therefore needs to
   not recycle token values until they have expired state is also left when the PROBE_COUNT reaches
                     MAX_PROBES or have been
   acknowledged.  A 4 byte value for a received PTB message is validated.
                     This causes the token field provides sufficient
   space for multiple unique probes PL sender to be made within enter the MSL. ERROR state.

   SEARCHING:        The initial value of SEARCHING state is the four byte token field SHOULD be assigned to
   a randomised value, as described in section 5.1 of [RFC8085]) to
   enhance protection from off-path attacks.

   Implementations ought to only send a probe packet with a Request
   Probe Option when required by their local main probing state.
                     This state machine, i.e., is entered when probing to grow the PLPMTU or to confirm for the current PLPMTU.
                     BASE_PMTU was successful.

                     The
   procedure PROBE_COUNT is set to handle zero when the loss of first probe
                     packet is sent for each probe size.  Each time a response
                     probe packet is acknowledged, the
   responsibility of the sender of the request.  Implementations are
   allowed PLPMTU is set to track multiple requests
                     the PROBED_SIZE, and respond to them with a single
   packet.

   A PL needs to determine that then the path can still support PROBED_SIZE is
                     increased using the search algorithm.

                     When a probe packet is sent and not acknowledged
                     within the size period of
   datagram that the application PROBE_TIMER, the
                     PROBE_COUNT is currently sending in incremented and the DPLPMTUD
   search_done probe packet is
                     retransmitted.  The state (i.e., to detect black-holing of data).  One way to
   achieve this is to send exited when the
                     PROBE_COUNT reaches MAX_PROBES, a received PTB
                     message is validated, a probe packets of size PLPMTU MAX_PMTU is
                     acknowledged, or to utilise a
   higher-layer method that provides explicit feedback indicating any
   packet loss.  Another possibility black hole is to utilise data packets that
   carry a Timestamp Option.  Reception of detected.

   SEARCH_COMPLETE:  The SEARCH_COMPLETE state indicates a valid timestamp that was
   echoed by the remote endpoint can be used successful
                     end to infer connectivity.
   This can provide useful feedback even over paths with asymmetric
   capacity and/or that carry UDP Option flows that have very asymmetric
   datagram rates, because an echo of the most recent timestamp still
   indicates reception of at least one packet of SEARCHING state.  DPLPMTUD remains in
                     this state until either the transmitted size.
   This is sufficient to confirm there PMTU_RAISE_TIMER
                     expires, a received PTB message is no black hole.

   In contrast, when sending validated, or a probe to increase
                     black hole is detected.

                     When DPLPMTUD uses an unacknowledged PL and is in
                     the PLPMTU, SEARCH_COMPLETE state, a timestamp
   might be unable to unambiguously identify that CONFIRMATION_TIMER
                     periodically resets the PROBE_COUNT and schedules a specific
                     probe packet has been received.  Timestamp mechanisms cannot be used to
   confirm with the reception size of individual the PLPMTU.  If the
                     probe messages and cannot be used packet fails to stimulate a response from be acknowledged after
                     MAX_PROBES attempts, the remote peer.

6.2.1.  UDP Probe Request Option

   The Probe Request Option allows a sending endpoint method enters the BASE
                     state.  When used with an acknowledged PL (e.g.,
                     SCTP), DPLPMTUD SHOULD NOT continue to solicit a
   response from a destination endpoint. generate
                     PLPMTU probes in this state.

   ERROR:            The Probe Request Option carries a four byte token set by ERROR state represents the sender.
   This token can be set to a value that case where either
                     the network path is likely to be not known only to support a PLPMTU
                     of at least the sender (and BASE_PMTU size or when there is sent along the end-to-end path).  The initial
   value of
                     contradictory information about the token SHOULD be assigned to a randomised value, as
   described network path
                     that would otherwise result in section 5.1 of [RFC8085]) excessive variation
                     in the MPS signalled to enhance protection from
   off-path attacks. the higher layer.  The sender needs
                     state implements a method to then check the value returned mitigate oscillation
                     in the UDP Probe
   Response Option.  The state-event engine.  It signals a
                     conservative value of the Token field, uniquely identifies a
   probe within the maximum segment lifetime.

                       +----------+--------+-----------------+
                       | Kind=9*  | Len=6  |     Token       |
                       +----------+--------+-----------------+
                         1 byte    1 byte       4 bytes

                          * To be confirmed by IANA.

                   Figure 5: UDP Probe REQ Option Format

6.2.2.  UDP Probe Response Option

   The Probe Response Option is generated in response MPS to reception of a
   previously received Probe Request Option.  This response is generated the higher layer
                     by the UDP Option processing.

   The Probe Response Option carries a four byte token field. PL.  The Token
   field associates state is exited when packet probes
                     no longer detect the response with error or when the Token value carried in PL indicates
                     that connectivity has been lost.

                     Implementations are permitted to enable endpoint
                     fragmentation if the
   most recently-received Echo Request.  The rate of generation of UDP
   packets carrying a Probe Response Option DPLPMTUD is expected unable to be less than
   once per RTT and SHOULD be rate-limited (see Section 9).

                       +----------+--------+-----------------+
                       | Kind=10* | Len=6  |     Token       |
                       +----------+--------+-----------------+
                         1 byte    1 byte       4 bytes

                         * To be confirmed validate
                     MIN_PMTU within PROBE_COUNT probes.  If DPLPMTUD is
                     unable to validate MIN_PMTU the implementation
                     should transition to the DISABLED state.

5.3.  Search to Increase the PLPMTU

   This section describes the algorithms used by IANA.

                   Figure 6: UDP Probe RES Option Format

6.3. DPLPMTUD to search for SCTP

   Section 10.2 of [RFC4821] specifies
   a recommended PLPMTUD probing
   method larger PLPMTU.

5.3.1.  Probing for SCTP.  It recommends the a larger PLPMTU

   Implementations use of a search algorithm across the PAD chunk, defined in
   [RFC4820] to be attached search range to
   determine whether a minimum length HEARTBEAT chunk to build larger PLPMTU can be supported across a probe packet.  This enables probing without affecting network
   path.

   The method discovers the transfer
   of user messages search range by confirming the minimum
   PLPMTU and without interfering with congestion control.
   This is preferred to then using DATA chunks (with padding as required) as
   path probes.

   XXX Author Note: Future versions of this document might define a
   parameter contained in the INIT and INIT ACK chunk probe method to indicate the
   remote peer MTU select a PROBED_SIZE less
   than or equal to MAX_PMTU.  MAX_PMTU is the minimum of the local peer.  However, multihoming makes this a
   bit complex, so it might not be worth doing.  XXX

6.3.1.  SCTP/IPv4 MTU
   and SCTP/IPv6 EMTU_R (learned from the remote endpoint).  The base protocol is specified in [RFC4960].  This provides MAX_PMTU MAY be
   reduced by an
   acknowledged PL.  A sender can therefore enter application that sets a maximum to the PROBE_BASE state
   as soon as connectivity has been confirmed.

6.3.1.1.  Sending SCTP Probe Packets

   Probe packets consist size of an SCTP common header followed by a
   HEARTBEAT chunk and a PAD chunk.
   datagrams it will send.

   The PAD chunk PROBE_COUNT is used initialized to control
   the length of the zero when a probe packet.  The HEARTBEAT chunk packet is first
   sent with a particular size.  A timer is used by the search algorithm
   to trigger the sending of a HEARTBEAT ACK chunk.  The reception probe packets of size PROBED_SIZE, larger
   than the
   HEARTBEAT ACK chunk acknowledges reception of PLPMTU.  Each probe packet successfully sent to the remote
   peer is confirmed by acknowledgement at the PL, see Section 4.1.

   Each time a successful probe. probe packet is sent to the destination, the PROBE_TIMER
   is started.  The HEARTBEAT chunk carries a Heartbeat Information parameter which
   should include, besides timer is canceled when the information suggested in [RFC4960], PL receives
   acknowledgment that the probe size, which packet has been successfully sent
   across the path Section 4.1.  This confirms that the PROBED_SIZE is
   supported, and the size of PROBED_SIZE value is then assigned to the complete datagram. PLPMTU.
   The size search algorithm can continue to send subsequent probe packets of
   an increasing size.

   If the PAD chunk timer expires before a probe packet is therefore computed by reducing acknowledged, the probing size by probe
   has failed to confirm the IPv4 or IPv6 header size, PROBED_SIZE.  Each time the SCTP common header, PROBE_TIMER
   expires, the HEARTBEAT
   request PROBE_COUNT is incremented, the PROBE_TIMER is
   reinitialized, and a probe packet of the PAD chunk header. same size is retransmitted
   (the replicated probe improve the resilience to loss).  The payload maximum
   number of retransmissions for a particular size is configured
   (MAX_PROBES).  If the value of the PROBE_COUNT reaches MAX_PROBES,
   probing will stop, and the PL sender enters the SEARCH_COMPLETE
   state.

5.3.2.  Selection of Probe Sizes

   The search algorithm needs to determine a minimum useful gain in
   PLPMTU.  It would not be constructive for a PL sender to attempt to
   probe for all sizes.  This would incur unnecessary load on the PAD chunk
   contains arbitrary data.

   To avoid fragmentation of retransmitted data, probing starts right
   after path
   and has the handshake, before data is sent.  Assuming normal behaviour
   (i.e., undesirable effect of slowing the PMTU is smaller than or equal time to the interface MTU), this
   process will take reach a few round trip time periods depending on more
   optimal MPS.  Implementations SHOULD select the
   number set of PMTU probe packet
   sizes probed.  The Heartbeat timer can be used to
   implement the PROBE_TIMER.

6.3.1.2.  Validating the Path with SCTP

   Since SCTP provides an acknowledged PL, a sender MUST NOT implement maximize the CONFIRMATION_TIMER while gain in PLPMTU from each search step.

   Implementations could optimize the SEARCH_COMPLETE state.

6.3.1.3.  PTB Message Handling search procedure by SCTP

   Normal ICMP validation MUST selecting step
   sizes from a table of common PMTU sizes.  When selecting the
   appropriate next size to search, an implementor ought to also
   consider that there can be performed as specified in Appendix C common sizes of [RFC4960].  This requires MPS that the first 8 bytes applications seek
   to use, and their could be common sizes of MTU used within the SCTP
   common header
   network.

5.3.3.  Resilience to Inconsistent Path Information

   A decision to increase the PLPMTU needs to be resilient to the
   possibility that information learned about the network path is
   inconsistent.  A path is inconsistent, when, for example, probe
   packets are quoted in lost due to other reasons (i. e. not packet size) or due
   to frequent path changes.  Frequent path changes could occur by
   unexpected "flapping" - where some packets from a flow pass along one
   path, but other packets follow a different path with different
   properties.

   A PL sender is able to detect inconsistency from the payload sequence of
   PLPMTU probes that it sends or the sequence of PTB message, which can
   be the case for ICMPv4 and messages that it
   receives.  When inconsistent path information is normally detected, a PL
   sender could use an alternate search mode that clamps the case offered MPS
   to a smaller value for ICMPv6.

   When a PTB message has been validated, the PTB_SIZE reported in period of time.  This avoids unnecessary
   loss of packets due to MTU limitation.

5.4.  Robustness to Inconsistent Paths

   Some paths could be unable to sustain packets of the
   PTB message SHOULD BASE_PMTU size.
   To be used with robust to these paths an implementation could implement the DPLPMTUD algorithm, providing
   that
   Error State.  This allows fallback to a smaller than desired PLPMTU,
   rather than suffer connectivity failure.  This could utilize methods
   such as endpoint IP fragmentation to enable the reported PTB_SIZE is less PL sender to
   communicate using packets smaller than the current probe size.

6.3.2.  DPLPMTUD for SCTP/UDP

   The UDP encapsulation BASE_PMTU.

6.  Specification of SCTP is specified in [RFC6951].

6.3.2.1.  Sending SCTP/UDP Probe Packets

   Packet probing can be performed as specified in Section 6.3.1.1. Protocol-Specific Methods

   This section specifies protocol-specific details for datagram PLPMTUD
   for IETF-specified transports.

   The
   maximum payload is reduced by 8 bytes, which has first subsection provides guidance on how to be considered
   when filling the PAD chunk.

6.3.2.2.  Validating implement the Path with SCTP/UDP

   Since SCTP provides
   DPLPMTUD method as a part of an acknowledged PL, application using UDP or UDP-Lite.
   The guidance also applies to other datagram services that do not
   include a specific transport protocol (such as a tunnel
   encapsulation).  The following subsections describe how DPLPMTUD can
   be implemented as a sender MUST NOT implement part of the CONFIRMATION_TIMER while in transport service, allowing
   applications using the SEARCH_COMPLETE state.

6.3.2.3.  Handling service to benefit from discovery of PTB Messages by SCTP/UDP

   Normal ICMP validation MUST be performed the
   PLPMTU without themselves needing to implement this method.

6.1.  Application support for PTB messages as
   specified in Appendix C DPLPMTUD with UDP or UDP-Lite

   The current specifications of [RFC4960].  This requires that UDP [RFC0768] and UDP-Lite [RFC3828] do
   not define a method in the first 8
   bytes of RFC-series that supports PLPMTUD.  In
   particular, the SCTP common header are contained in UDP transport does not provide the PTB message,
   which transport layer
   features needed to implement datagram PLPMTUD.

   The DPLPMTUD method can be the case for ICMPv4 (but note the UDP header also
   consumes implemented as a part of an application
   built directly or indirectly on UDP or UDP-Lite, but relies on
   higher-layer protocol features to implement the quoted packet header) and is normally the case
   for ICMPv6.  When the validation is completed, the PTB_SIZE indicated
   in the PTB message SHOULD be method [RFC8085].

   Some primitives used with the by DPLPMTUD providing that
   the reported PTB_SIZE is less than might not be available via the current probe size.

6.3.3.  DPLPMTUD for SCTP/DTLS

   The
   Datagram Transport Layer Security (DTLS) encapsulation of SCTP API (e.g., the ability to access the PLPMTU cache, or
   interpret received PTB messages).

   In addition, it is
   specified in [RFC8261].  It desirable that PMTU discovery is used for data channels in WebRTC
   implementations.

6.3.3.1.  Sending SCTP/DTLS Probe Packets

   Packet probing can be done as specified in Section 6.3.1.1.

6.3.3.2.  Validating not performed by
   multiple protocol layers.  An application SHOULD avoid using DPLPMTUD
   when the Path with SCTP/DTLS

   Since SCTP underlying transport system provides this capability.  To
   use common method for managing the PLPMTU has benefits, both in the
   ability to share state between different processes and opportunities
   to coordinate probing.

6.1.1.  Application Request

   An application needs an acknowledged PL, application-layer protocol mechanism (such as
   a message acknowledgement method) that solicits a response from a
   destination endpoint.  The method SHOULD allow the sender MUST NOT implement to check
   the CONFIRMATION_TIMER while value returned in the SEARCH_COMPLETE state.

6.3.3.3.  Handling response to provide additional protection
   from off-path insertion of PTB Messages by SCTP/DTLS

   It is not possible data [RFC8085], suitable methods include a
   parameter known only to perform normal ICMP validation the two endpoints, such as specified in
   [RFC4960], since even if a session ID or
   initialized sequence number.

6.1.2.  Application Response

   An application needs an application-layer protocol mechanism to
   communicate the ICMP message payload contains sufficient
   information, response from the reflected SCTP common header would be encrypted.
   Therefore it is not possible to process PTB messages at destination endpoint.  This
   response may indicate successful reception of the PL.

6.4.  DPLPMTUD for QUIC

   Quick UDP Internet Connection (QUIC) [I-D.ietf-quic-transport] is a
   UDP-based transport probe across the
   path, but could also indicate that provides reception feedback.  The UDP
   payload includes some (or all packets) have failed
   to reach the QUIC destination.

6.1.3.  Sending Application Probe Packets

   A probe packet header, protected payload, and any
   authentication fields.  QUIC depends on a PMTU of at least 1280
   bytes.

   Section 9.2 of [I-D.ietf-quic-transport] describes the path
   considerations when sending QUIC packets.  It recommends that may carry an application data block, but the use
   successful transmission of
   PADDING frames to build the probe packet.  Pure probe-only packets
   are constructed with PADDING frames and PING frames this data is at risk when used for
   probing.  Some applications may prefer to create use a
   padding only probe packet that will elicit
   does not carry an acknowledgement.  Padding
   only frames enable probing application data block to avoid disruption to data
   transfer.

6.1.4.  Validating the without affecting Path

   An application that does not have other higher-layer information
   confirming correct delivery of datagrams SHOULD implement the transfer
   CONFIRMATION_TIMER to periodically send probe packets while in the
   SEARCH_COMPLETE state.

6.1.5.  Handling of
   other QUIC frames.

   The recommendation for QUIC endpoints implementing DPLPMTUD is
   therefore PTB Messages

   An application that a MPS is maintained for each combination of local able and
   remote IP addresses [I-D.ietf-quic-transport].  If a QUIC endpoint
   determines wishes to receive PTB messages MUST
   perform ICMP validation as specified in Section 5.2 of [RFC8085].
   This requires that the PMTU between any pair of local and remote IP
   addresses has fallen below an acceptable MPS, application to check each received PTB
   messages to validate it needs is received in response to immediately
   cease sending QUIC packets on transmitted
   traffic and that the affected path.  This could result
   in termination of reported PTB_SIZE is less than the connection if an alternative path cannot be
   found [I-D.ietf-quic-transport].

6.4.1.  Sending QUIC Probe Packets current
   probed size (see Section 4.4.2).  A probe packet consists validated PTB message MAY be used
   as input to the DPLPMTUD algorithm, but MUST NOT be used directly to
   set the PLPMTU.

6.2.  DPLPMTUD for SCTP

   Section 10.2 of [RFC4821] specifies a recommended PLPMTUD probing
   method for SCTP.  It recommends the use of the PAD chunk, defined in
   [RFC4820] to be attached to a QUIC Header and minimum length HEARTBEAT chunk to build
   a payload containing
   PADDING Frames probe packet.  This enables probing without affecting the transfer
   of user messages and without interfering with congestion control.
   This is preferred to using DATA chunks (with padding as required) as
   path probes.

   XXX Author Note: Future versions of this document might define a PING Frame.  PADDING Frames are a single octet
   (0x00)
   parameter contained in the INIT and several of these can be used INIT ACK chunk to create indicate the
   remote peer MTU to the local peer.  However, multihoming makes this a probe packet of
   size PROBED_SIZE.  QUIC
   bit complex, so it might not be worth doing.  XXX

6.2.1.  SCTP/IPv4 and SCTP/IPv6

   The base protocol is specified in [RFC4960].  This provides an
   acknowledged PL, PL.  A sender can therefore enter the PROBE_BASE BASE state as soon
   as connectivity has been confirmed.

6.2.1.1.  Sending SCTP Probe Packets

   Probe packets consist of an SCTP common header followed by a
   HEARTBEAT chunk and a PAD chunk.  The PAD chunk is used to control
   the length of the probe packet.  The HEARTBEAT chunk is used to
   trigger the sending of a HEARTBEAT ACK chunk.  The reception of the
   HEARTBEAT ACK chunk acknowledges reception of a successful probe.

   The HEARTBEAT chunk carries a Heartbeat Information parameter which
   should include, besides the information suggested in [RFC4960], the
   probe size, which is the size of the complete datagram.  The size of
   the PAD chunk is therefore computed by reducing the probing size by
   the IPv4 or IPv6 header size, the SCTP common header, the HEARTBEAT
   request and the PAD chunk header.  The current specification payload of QUIC sets the following:

   o  BASE_PMTU: 1200.  A QUIC sender needs to pad initial packets to
      1200 bytes PAD chunk
   contains arbitrary data.

   To avoid fragmentation of retransmitted data, probing starts right
   after the PL handshake, before data is sent.  Assuming this behavior
   (i.e., the PMTU is smaller than or equal to confirm the path can support packets of interface MTU), this
   process will take a useful
      size.

   o  MIN_PMTU: 1200 bytes.  A QUIC sender that determines few round trip time periods depending on the
   number of PMTU has
      fallen below 1200 bytes MUST immediately stop sending on sizes probed.  The Heartbeat timer can be used to
   implement the
      affected path.

6.4.2. PROBE_TIMER.

6.2.1.2.  Validating the Path with QUIC

   QUIC SCTP

   Since SCTP provides an acknowledged PL.  A PL, a sender therefore MUST NOT implement
   the CONFIRMATION_TIMER while in the SEARCH_COMPLETE state.

6.4.3.  Handling of

6.2.1.3.  PTB Messages by QUIC

   QUIC operates over the UDP transport, and the guidelines on ICMP
   validation as specified in Section 5.2 of [RFC8085] therefore apply.
   In addition to UDP Port validation QUIC can validate an ICMP message
   by looking for valid Connection IDs in the quoted packet.

7.  Acknowledgements

   This work was partially funded by the European Union's Horizon 2020
   research and innovation programme under grant agreement No. 644334
   (NEAT).  The views expressed are solely those of the author(s).

8.  IANA Considerations

   This memo includes no request to IANA.

   XXX If new UDP Options are specified in this document, a request to
   IANA will be included here.  XXX

   If there are no requirements for IANA, the section will be removed
   during conversion into an RFC by the RFC Editor.

9.  Security Considerations

   The security considerations for Message Handling by SCTP

   Normal ICMP validation MUST be performed as specified in Appendix C
   of [RFC4960].  This requires that the use first 8 bytes of UDP and the SCTP
   common header are provided quoted in the references RFCs.  Security guidance for applications using UDP
   is provided in payload of the UDP Usage Guidelines [RFC8085], specifically PTB message, which can
   be the
   generation of probe packets case for ICMPv4 and is regarded as normally the case for ICMPv6.

   When a "Low Data-Volume
   Application", described PTB message has been validated, the PTB_SIZE reported in section 3.1.3 of this document.  This
   recommends the
   PTB message SHOULD be used with the DPLPMTUD algorithm, providing
   that sender limits generation of probe packets to an
   average rate lower the reported PTB_SIZE is less than one probe per 3 seconds.

   A PL sender needs to ensure that the method used to confirm reception
   of current probe packets offers protection from off-path attackers injecting
   packets into the path.  This protection if provided in IETF-defined
   protocols (e.g., TCP, SCTP) using a randomly-initialised sequence
   number.  A description of one way to do this when using size (see
   Section 4.4).

6.2.2.  DPLPMTUD for SCTP/UDP

   The UDP encapsulation of SCTP is
   provided specified in section 5.1 of [RFC8085]).

   There are cases where ICMP [RFC6951].

6.2.2.1.  Sending SCTP/UDP Probe Packets

   Packet Too Big (PTB) messages are not
   delivered due to policy, configuration or equipment design (see probing can be performed as specified in Section 1.1), this method therefore does not rely upon PTB messages
   being received, but 6.2.1.1.  The
   maximum payload is able to utilise these when they are received reduced by the sender.  PTB messages could potentially be used to cause a
   node 8 bytes, which has to inappropriately reduce be considered
   when filling the PLPMTU.  A node supporting
   DPLPMTUD PAD chunk.

6.2.2.2.  Validating the Path with SCTP/UDP

   Since SCTP provides an acknowledged PL, a sender MUST therefore appropriately validate NOT implement
   the payload CONFIRMATION_TIMER while in the SEARCH_COMPLETE state.

6.2.2.3.  Handling of PTB Messages by SCTP/UDP

   ICMP validation MUST be performed for PTB messages to ensure these are received as specified in response to transmitted
   traffic (i.e., a reported error condition
   Appendix C of [RFC4960].  This requires that corresponds to a
   datagram actually sent by the path layer, see Section 4.4.1).

   An on-path attacker, able to create a PTB message could forge first 8 bytes of the
   SCTP common header are contained in the PTB
   messages that include message, which can be the
   case for ICMPv4 (but note the UDP header also consumes a valid part of the
   quoted IP packet.  Such an attack could packet header) and is normally the case for ICMPv6.  When the
   validation is completed, the PTB_SIZE indicated in the PTB message
   SHOULD be used to drive down with the PLPMTU.  There are two ways this method can
   be mitigated against such attacks: First, by ensuring DPLPMTUD providing that a PL
   sender never reduces the PLPMTU below reported PTB_SIZE
   is less than the base size, solely current probe size.

6.2.3.  DPLPMTUD for SCTP/DTLS

   The Datagram Transport Layer Security (DTLS) encapsulation of SCTP is
   specified in
   response to receiving [RFC8261].  It is used for data channels in WebRTC
   implementations.

6.2.3.1.  Sending SCTP/DTLS Probe Packets

   Packet probing can be done as specified in Section 6.2.1.1.

6.2.3.2.  Validating the Path with SCTP/DTLS

   Since SCTP provides an acknowledged PL, a sender MUST NOT implement
   the CONFIRMATION_TIMER while in the SEARCH_COMPLETE state.

6.2.3.3.  Handling of PTB message.  This is achieved Messages by first
   entering SCTP/DTLS

   It is not possible to perform ICMP validation as specified in
   [RFC4960], since even if the PROBE_BASE state when such a ICMP message is received.
   Second, payload contains sufficient
   information, the design does reflected SCTP common header would be encrypted.
   Therefore it is not require processing of PTB messages, a PL
   sender could therefore suspend processing of possible to process PTB messages (e.g., in at the PL.

6.3.  DPLPMTUD for QUIC

   Quick UDP Internet Connection (QUIC) [I-D.ietf-quic-transport] is a
   robustness mode after detecting that subsequent probes actually
   confirm
   UDP-based transport that a size larger than provides reception feedback.  The UDP
   payload includes the PTB_SIZE is supported by QUIC packet header, protected payload, and any
   authentication fields.  QUIC depends on a path).

   Parallel forwarding paths SHOULD be considered. PMTU of at least 1280
   bytes.

   Section 5.2.5.1
   identifies the need for robustness in 14.1 of [I-D.ietf-quic-transport] describes the method path
   considerations when sending QUIC packets.  It recommends the path
   information may be inconsistent.

   A node performing use of
   PADDING frames to build the probe packet.  Pure probe-only packets
   are constructed with PADDING frames and PING frames to create a
   padding only packet that will elicit an acknowledgement.  Such
   padding only packets enable probing without affecting the transfer of
   other QUIC frames.

   The recommendation for QUIC endpoints implementing DPLPMTUD could experience conflicting information
   about is that a
   MPS is maintained for each combination of local and remote IP
   addresses [I-D.ietf-quic-transport].  If a QUIC endpoint determines
   that the PMTU between any pair of local and remote IP addresses has
   fallen below an acceptable MPS, it needs to immediately cease sending
   QUIC packets on the size of supported probe packets. affected path.  This could occur when
   there are multiple paths are concurrently in use and these exhibit a
   different PMTU.  If not considered, this could result in data being
   black holed when the PLPMTU is larger than the smallest PMTU across termination
   of the current paths.

10.  References

10.1.  Normative References

   [I-D.ietf-quic-transport]
              Iyengar, J. and M. Thomson, "QUIC: connection if an alternative path cannot be found
   [I-D.ietf-quic-transport].

6.3.1.  Sending QUIC Probe Packets

   A UDP-Based Multiplexed
              and Secure Transport", draft-ietf-quic-transport-16 (work
              in progress), October 2018.

   [I-D.ietf-tsvwg-udp-options]
              Touch, J., "Transport Options for UDP", draft-ietf-tsvwg-
              udp-options-05 (work in progress), July 2018.

   [RFC0768]  Postel, J., "User Datagram Protocol", STD 6, RFC 768,
              DOI 10.17487/RFC0768, August 1980,
              <https://www.rfc-editor.org/info/rfc768>.

   [RFC1191]  Mogul, J. and S. Deering, "Path MTU discovery", RFC 1191,
              DOI 10.17487/RFC1191, November 1990,
              <https://www.rfc-editor.org/info/rfc1191>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
              December 1998, <https://www.rfc-editor.org/info/rfc2460>.

   [RFC3828]  Larzon, L-A., Degermark, M., Pink, S., Jonsson, L-E., Ed.,
              and G. Fairhurst, Ed., "The Lightweight User Datagram
              Protocol (UDP-Lite)", RFC 3828, DOI 10.17487/RFC3828, July
              2004, <https://www.rfc-editor.org/info/rfc3828>.

   [RFC4820]  Tuexen, M., Stewart, R., probe packet consists of a QUIC Header and P. Lei, "Padding Chunk a payload containing
   PADDING Frames and
              Parameter for the Stream Control Transmission Protocol
              (SCTP)", RFC 4820, DOI 10.17487/RFC4820, March 2007,
              <https://www.rfc-editor.org/info/rfc4820>.

   [RFC4960]  Stewart, R., Ed., "Stream Control Transmission Protocol",
              RFC 4960, DOI 10.17487/RFC4960, September 2007,
              <https://www.rfc-editor.org/info/rfc4960>.

   [RFC6951]  Tuexen, M. a PING Frame.  PADDING Frames are a single octet
   (0x00) and R. Stewart, "UDP Encapsulation several of Stream
              Control Transmission Protocol (SCTP) Packets for End-Host these can be used to End-Host Communication", RFC 6951,
              DOI 10.17487/RFC6951, May 2013,
              <https://www.rfc-editor.org/info/rfc6951>.

   [RFC8085]  Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage
              Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085,
              March 2017, <https://www.rfc-editor.org/info/rfc8085>.

   [RFC8174]  Leiba, B., "Ambiguity create a probe packet of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8201]  McCann, J., Deering, S., Mogul, J., and R. Hinden, Ed.,
              "Path MTU Discovery for IP version 6", STD 87, RFC 8201,
              DOI 10.17487/RFC8201, July 2017,
              <https://www.rfc-editor.org/info/rfc8201>.

   [RFC8261]  Tuexen, M., Stewart, R., Jesup, R., and S. Loreto,
              "Datagram Transport Layer Security (DTLS) Encapsulation
   size PROBED_SIZE.  QUIC provides an acknowledged PL, a sender can
   therefore enter the BASE state as soon as connectivity has been
   confirmed.

   The current specification of
              SCTP Packets", RFC 8261, DOI 10.17487/RFC8261, November
              2017, <https://www.rfc-editor.org/info/rfc8261>.

10.2.  Informative References

   [I-D.ietf-intarea-tunnels]
              Touch, J. and M. Townsley, "IP Tunnels QUIC sets the following:

   *  BASE_PMTU: 1200.  A QUIC sender needs to pad initial packets to
      1200 bytes to confirm the path can support packets of a useful
      size.

   *  MIN_PMTU: 1200 bytes.  A QUIC sender that determines the PMTU has
      fallen below 1200 bytes MUST immediately stop sending on the
      affected path.

6.3.2.  Validating the Path with QUIC

   QUIC provides an acknowledged PL.  A sender therefore MUST NOT
   implement the CONFIRMATION_TIMER while in the Internet
              Architecture", draft-ietf-intarea-tunnels-09 (work SEARCH_COMPLETE state.

6.3.3.  Handling of PTB Messages by QUIC

   QUIC operates over the UDP transport, and the guidelines on ICMP
   validation as specified in
              progress), July 2018.

   [RFC0792]  Postel, J., "Internet Control Message Protocol", STD 5,
              RFC 792, DOI 10.17487/RFC0792, September 1981,
              <https://www.rfc-editor.org/info/rfc792>.

   [RFC1122]  Braden, R., Ed., "Requirements Section 5.2 of [RFC8085] therefore apply.
   In addition to UDP Port validation QUIC can validate an ICMP message
   by looking for Internet Hosts -
              Communication Layers", STD 3, RFC 1122,
              DOI 10.17487/RFC1122, October 1989,
              <https://www.rfc-editor.org/info/rfc1122>.

   [RFC1812]  Baker, F., Ed., "Requirements valid Connection IDs in the quoted packet.

6.4.  DPLPMTUD for IP Version 4 Routers",
              RFC 1812, DOI 10.17487/RFC1812, June 1995,
              <https://www.rfc-editor.org/info/rfc1812>.

   [RFC2923]  Lahey, K., "TCP Problems UDP-Options

   UDP Options [I-D.ietf-tsvwg-udp-options] provides a way to extend UDP
   to provide new transport mechanisms.

   Support for using DPLPMTUD with Path MTU Discovery",
              RFC 2923, DOI 10.17487/RFC2923, September 2000,
              <https://www.rfc-editor.org/info/rfc2923>.

   [RFC4340]  Kohler, E., Handley, M., and S. Floyd, "Datagram
              Congestion Control Protocol (DCCP)", RFC 4340,
              DOI 10.17487/RFC4340, March 2006,
              <https://www.rfc-editor.org/info/rfc4340>.

   [RFC4443]  Conta, A., Deering, S., UDP-Options is defined in the UDP-
   Options specification [I-D.ietf-tsvwg-udp-options].

7.  Acknowledgements

   This work was partially funded by the European Union's Horizon 2020
   research and M. Gupta, Ed., "Internet
              Control Message Protocol (ICMPv6) innovation programme under grant agreement No. 644334
   (NEAT).  The views expressed are solely those of the author(s).

8.  IANA Considerations

   This memo includes no request to IANA.

   If there are no requirements for IANA, the Internet
              Protocol Version 6 (IPv6) Specification", STD 89,
              RFC 4443, DOI 10.17487/RFC4443, March 2006,
              <https://www.rfc-editor.org/info/rfc4443>.

   [RFC4821]  Mathis, M. and J. Heffner, "Packetization Layer Path MTU
              Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007,
              <https://www.rfc-editor.org/info/rfc4821>.

   [RFC4890]  Davies, E. section will be removed
   during conversion into an RFC by the RFC Editor.

9.  Security Considerations

   The security considerations for the use of UDP and J. Mohacsi, "Recommendations SCTP are provided
   in the references RFCs.  Security guidance for Filtering
              ICMPv6 Messages applications using UDP
   is provided in Firewalls", RFC 4890,
              DOI 10.17487/RFC4890, May 2007,
              <https://www.rfc-editor.org/info/rfc4890>.

Appendix A.  Event-driven state changes the UDP Usage Guidelines [RFC8085], specifically the
   generation of probe packets is regarded as a "Low Data-Volume
   Application", described in section 3.1.3 of this document.  This appendix contains
   recommends that sender limits generation of probe packets to an informative description
   average rate lower than one probe per 3 seconds.

   A PL sender needs to ensure that the method used to confirm reception
   of key events:

   Path Setup:  When probe packets offers protection from off-path attackers injecting
   packets into the path.  This protection if provided in IETF-defined
   protocols (e.g., TCP, SCTP) using a new path randomly-initialized sequence
   number.  A description of one way to do this when using UDP is initiated, the state
   provided in section 5.1 of [RFC8085]).

   There are cases where ICMP Packet Too Big (PTB) messages are not
   delivered due to policy, configuration or equipment design (see
   Section 1.1), this method therefore does not rely upon PTB messages
   being received, but is set able to
      PROBE_START.  This sends utilize these when they are received
   by the sender.  PTB messages could potentially be used to cause a probe packet with
   node to inappropriately reduce the size of PLPMTU.  A node supporting
   DPLPMTUD MUST therefore appropriately validate the
      BASE_PMTU.  As soon as payload of PTB
   messages to ensure these are received in response to transmitted
   traffic (i.e., a reported error condition that corresponds to a
   datagram actually sent by the path is confirmed, the state changes layer, see Section 4.4.1).

   An on-path attacker, able to
      PROBE_SEARCH.

   Arrival of create a PTB message could forge PTB
   messages that include a valid quoted IP packet.  Such an Acknowledgment:  Depending on attack could
   be used to drive down the probing state, PLPMTU.  There are two ways this method can
   be mitigated against such attacks: First, by ensuring that a PL
   sender never reduces the
      reaction differs according PLPMTU below the base size, solely in
   response to Figure 7, which is receiving a simplification
      of Figure 4 focusing on this event.

  +--------------+                                    +----------------+
  | PROBE_START  | --3------------------------------> | PROBE_DISABLED |
  +--------------+ --4----------------  ------------> +----------------+
                                      \/
  +--------------+                    /\              +--------------+
  | PROBE_ERROR  | -------------------- \ ----------> |  PROBE_BASE  |
  +--------------+ --4--------------/    \            +--------------+
                                          \
  +--------------+ --1 --------            \          +--------------+
  |  PROBE_BASE  |             \        --- \ ------> | PROBE_ERROR  |
  +--------------+ --3--------- \ -----/     \       +--------------+
                                 \            \
  +--------------+                \            -----> +--------------+
  | PROBE_SEARCH | --2---          -----------------> | PROBE_SEARCH |
  +--------------+       \        ------------------> +--------------+
                          \ ---- /
  +---------------+      / \                          +---------------+
  |SEARCH_COMPLETE| -1---   \                         |SEARCH_COMPLETE|
  +---------------+ -5--     -----------------------> +---------------+
                        \
                         \                            +--------------+
                          --------------------------> |  PROBE_BASE  |
                                                      +--------------+

   Condition 1: The maximum PMTU size has not yet been reached.
   Condition 2: The maximum PMTU size has been reached.  Condition 3:
   Probe Timer expires and PROBE_COUNT = MAX_PROBEs.  Condition 4:
   PROBE_ACK received.  Condition 5: Black hole detected.

        Figure 7: State changes at PTB message.  This is achieved by first
   entering the arrival of an acknowledgment

   Probing timeout:  The PROBE_COUNT BASE state when such a message is initialised to zero each time received.  Second, the value
   design does not require processing of PROBED_SIZE is changed and when PTB messages, a acknowledgment
      confirming delivery PL sender could
   therefore suspend processing of PTB messages (e.g., in a probe packet.  The PROBE_TIMER is started
      each time robustness
   mode after detecting that subsequent probes actually confirm that a probe packet is sent.  It
   size larger than the PTB_SIZE is stopped supported by a path).

   Parallel forwarding paths SHOULD be considered.  Section 5.4
   identifies the need for robustness in the method when an
      acknowledgment arrives that confirms delivery the path
   information may be inconsistent.

   A node performing DPLPMTUD could experience conflicting information
   about the size of supported probe packets.  This could occur when
   there are multiple paths are concurrently in use and these exhibit a probe packet of
      PROBED_SIZE.
   different PMTU.  If the probe packet is not acknowledged before the
      PROBE_TIMER expires, considered, this could result in data being
   black holed when the PROBE_COUNT PLPMTU is incremented.  When the
      PROBE_COUNT equals the value MAX_PROBES, larger than the state is changed,
      otherwise a new probe packet of smallest PMTU across
   the same size (PROBED_SIZE) is
      resent.  The state transitions are illustrated current paths.

10.  References

10.1.  Normative References

   [I-D.ietf-quic-transport]
              Iyengar, J. and M. Thomson, "QUIC: A UDP-Based Multiplexed
              and Secure Transport", draft-ietf-quic-transport-20 (work
              in Figure 8.  This
      shows a simplification of Figure 4 with a focus only on this
      event.

  +--------------+                                    +----------------+
  |  PROBE_START | --2------------------------------->| PROBE_DISABLED |
  +--------------+                                    +----------------+

  +--------------+                                    +--------------+
  | PROBE_ERROR  |                 -----------------> | PROBE_ERROR  |
  +--------------+                /                   +--------------+
                                 /
  +--------------+ --2----------/                     +--------------+
  |  PROBE_BASE  | --1------------------------------> |  PROBE_BASE  |
  +--------------+                                    +--------------+

  +--------------+                                    +--------------+
  | PROBE_SEARCH | --1------------------------------> | PROBE_SEARCH |
  +--------------+ --2---------                       +--------------+
                               \
  +---------------+             \                     +---------------+
  |SEARCH_COMPLETE|              -------------------> |SEARCH_COMPLETE|
  +---------------+                                   +---------------+

   Condition 1: The maximum number of probe packets has not been
   reached.  Condition 2: The maximum number of probe packets has been
   reached.  XXX This diagram has not been validated.

       Figure 8: State changes at progress), 23 April 2019,
              <http://www.ietf.org/internet-drafts/draft-ietf-quic-
              transport-20.txt>.

   [RFC0768]  Postel, J., "User Datagram Protocol", STD 6, RFC 768,
              DOI 10.17487/RFC0768, August 1980,
              <https://www.rfc-editor.org/info/rfc768>.

   [RFC1191]  Mogul, J.C. and S.E. Deering, "Path MTU discovery",
              RFC 1191, DOI 10.17487/RFC1191, November 1990,
              <https://www.rfc-editor.org/info/rfc1191>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
              December 1998, <https://www.rfc-editor.org/info/rfc2460>.

   [RFC3828]  Larzon, L-A., Degermark, M., Pink, S., Jonsson, L-E., Ed.,
              and G. Fairhurst, Ed., "The Lightweight User Datagram
              Protocol (UDP-Lite)", RFC 3828, DOI 10.17487/RFC3828, July
              2004, <https://www.rfc-editor.org/info/rfc3828>.

   [RFC4820]  Tuexen, M., Stewart, R., and P. Lei, "Padding Chunk and
              Parameter for the expiration Stream Control Transmission Protocol
              (SCTP)", RFC 4820, DOI 10.17487/RFC4820, March 2007,
              <https://www.rfc-editor.org/info/rfc4820>.

   [RFC4960]  Stewart, R., Ed., "Stream Control Transmission Protocol",
              RFC 4960, DOI 10.17487/RFC4960, September 2007,
              <https://www.rfc-editor.org/info/rfc4960>.

   [RFC6951]  Tuexen, M. and R. Stewart, "UDP Encapsulation of the probe timer

   PMTU raise timer timeout:  DPLPMTUD periodically sends a probe packet Stream
              Control Transmission Protocol (SCTP) Packets for End-Host
              to detect whether a larger PMTU is possible.  This probe packet is
      generated by the PMTU_RAISE_TIMER.

   Arrival of a PTB message:  The active probing End-Host Communication", RFC 6951,
              DOI 10.17487/RFC6951, May 2013,
              <https://www.rfc-editor.org/info/rfc6951>.

   [RFC8085]  Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage
              Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085,
              March 2017, <https://www.rfc-editor.org/info/rfc8085>.

   [RFC8174]  Leiba, B., "Ambiguity of the path can be
      supported by the arrival Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8201]  McCann, J., Deering, S., Mogul, J., and R. Hinden, Ed.,
              "Path MTU Discovery for IP version 6", STD 87, RFC 8201,
              DOI 10.17487/RFC8201, July 2017,
              <https://www.rfc-editor.org/info/rfc8201>.

   [RFC8261]  Tuexen, M., Stewart, R., Jesup, R., and S. Loreto,
              "Datagram Transport Layer Security (DTLS) Encapsulation of a PTB message indicating the PTB_SIZE.
      Two examples are:

      1.  The PTB_SIZE is between the PLPMTU
              SCTP Packets", RFC 8261, DOI 10.17487/RFC8261, November
              2017, <https://www.rfc-editor.org/info/rfc8261>.

10.2.  Informative References

   [I-D.ietf-intarea-tunnels]
              Touch, J. and M. Townsley, "IP Tunnels in the probe that
          triggered the PTB message.

      2.  The PTB_SIZE is smaller than the PLPMTU.

      In first case, the PROBE_BASE state transitions to the PROBE_ERROR
      state.  In the PROBE_SEARCH state, a new probe packet is sent Internet
              Architecture", draft-ietf-intarea-tunnels-09 (work in
              progress), 19 July 2018,
              <http://www.ietf.org/internet-drafts/draft-ietf-intarea-
              tunnels-09.txt>.

   [I-D.ietf-tsvwg-udp-options]
              Touch, J., "Transport Options for UDP", draft-ietf-tsvwg-
              udp-options-07 (work in progress), 8 March 2019,
              <http://www.ietf.org/internet-drafts/draft-ietf-tsvwg-udp-
              options-07.txt>.

   [RFC0792]  Postel, J., "Internet Control Message Protocol", STD 5,
              RFC 792, DOI 10.17487/RFC0792, September 1981,
              <https://www.rfc-editor.org/info/rfc792>.

   [RFC1122]  Braden, R., Ed., "Requirements for Internet Hosts -
              Communication Layers", STD 3, RFC 1122,
              DOI 10.17487/RFC1122, October 1989,
              <https://www.rfc-editor.org/info/rfc1122>.

   [RFC1812]  Baker, F., Ed., "Requirements for IP Version 4 Routers",
              RFC 1812, DOI 10.17487/RFC1812, June 1995,
              <https://www.rfc-editor.org/info/rfc1812>.

   [RFC2923]  Lahey, K., "TCP Problems with Path MTU Discovery",
              RFC 2923, DOI 10.17487/RFC2923, September 2000,
              <https://www.rfc-editor.org/info/rfc2923>.

   [RFC4340]  Kohler, E., Handley, M., and S. Floyd, "Datagram
              Congestion Control Protocol (DCCP)", RFC 4340,
              DOI 10.17487/RFC4340, March 2006,
              <https://www.rfc-editor.org/info/rfc4340>.

   [RFC4443]  Conta, A., Deering, S., and M. Gupta, Ed., "Internet
              Control Message Protocol (ICMPv6) for the size reported by the PTB message.

      In second case, the probing starts again with a value of
      PROBE_BASE. Internet
              Protocol Version 6 (IPv6) Specification", STD 89,
              RFC 4443, DOI 10.17487/RFC4443, March 2006,
              <https://www.rfc-editor.org/info/rfc4443>.

   [RFC4821]  Mathis, M. and J. Heffner, "Packetization Layer Path MTU
              Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007,
              <https://www.rfc-editor.org/info/rfc4821>.

   [RFC4890]  Davies, E. and J. Mohacsi, "Recommendations for Filtering
              ICMPv6 Messages in Firewalls", RFC 4890,
              DOI 10.17487/RFC4890, May 2007,
              <https://www.rfc-editor.org/info/rfc4890>.

Appendix B. A.  Revision Notes

   Note to RFC-Editor: please remove this entire section prior to
   publication.

   Individual draft -00:

   o

   *  Comments and corrections are welcome directly to the authors or
      via the IETF TSVWG working group mailing list.

   o

   *  This update is proposed for WG comments.

   Individual draft -01:

   o

   *  Contains the first representation of the algorithm, showing the
      states and timers

   o

   *  This update is proposed for WG comments.

   Individual draft -02:

   o

   *  Contains updated representation of the algorithm, and textual
      corrections.

   o

   *  The text describing when to set the effective PMTU has not yet
      been validated by the authors

   o

   *  To determine security to off-path-attacks: We need to decide
      whether a received PTB message SHOULD/MUST be validated?  The text
      on how to handle a PTB message indicating a link MTU larger than
      the probe has yet not been validated by the authors

   o

   *  No text currently describes how to handle inconsistent results
      from arbitrary re-routing along different parallel paths

   o

   *  This update is proposed for WG comments.

   Working Group draft -00:

   o

   *  This draft follows a successful adoption call for TSVWG

   o

   *  There is still work to complete, please comment on this draft.

   Working Group draft -01:

   o

   *  This draft includes improved introduction.

   o

   *  The draft is updated to require ICMP validation prior to accepting
      PTB messages - this to be confirmed by WG

   o

   *  Section added to discuss Selection of Probe Size - methods to be
      evlauated and recommendations to be considered

   o

   *  Section added to align with work proposed in the QUIC WG.

   Working Group draft -02:

   o

   *  The draft was updated based on feedback from the WG, and a
      detailed review by Magnus Westerlund.

   o

   *  The document updates RFC 4821.

   o

   *  Requirements list updated.

   o

   *  Added more explicit discussion of a simpler black-hole detection
      mode.

   o

   *  This draft includes reorganisation of the section on IETF
      protocols.

   o

   *  Added more discussion of implementation within an application.

   o

   *  Added text on flapping paths.

   o

   *  Replaced 'effective MTU' with new term PLPMTU.

   Working Group draft -03:

   o

   *  Updated figures

   o

   *  Added more discussion on blackhole detection

   o

   *  Added figure describing just blackhole detection

   o

   *  Added figure relating MPS sizes

   Working Group draft -04:

   o

   *  Described phases and named these consistently.

   o

   *  Corrected transition from confirmation directly to the search
      phase (Base has been checked).

   o

   *  Redrawn state diagrams.

   o

   *  Renamed BASE_MTU to BASE_PMTU (because it is a base for the PMTU).

   o

   *  Clarified Error state.

   o

   *  Clarified supsending DPLPMTUD.

   o

   *  Verified normative text in requirements section.

   o

   *  Removed duplicate text.

   o

   *  Changed all text to refer to /packet probe/probe packet/
      /validation/verification/ added term /Probe Confirmation/ and
      clarified BlackHole detection.

   Working Group draft -05:

   o

   *  Updated security considerations.

   o

   *  Feedback after speaking with Joe Touch helped improve UDP-Options
      description.

   Working Group draft -06:

   o

   *  Updated description of ICMP issues in section 1.1

   o

   *  Update to description of QUIC.

   Working group draft -07:

   o

   *  Moved description of the PTB processing method from the PTB
      requirements section.

   o

   *  Clarified what is performed in the PTB validation check.

   o

   *  Updated security consideration to explain PTB security without
      needing to read the rest of the document.

   o

   *  Reformatted state machine diagram

   Working group draft -08:

   *  Moved to rfcxml v3+

   *  Rendered diagrams to svg in html version.

   *  Removed Appendix A.  Event-driven state changes.

   *  Removed section on DPLPMTUD with UDP Options.

   *  Shortened the dsecription of phases.

Authors' Addresses

   Godred Fairhurst
   University of Aberdeen
   School of Engineering Engineering, Fraser Noble Building
   Aberdeen
   AB24 3UE
   UK
   United Kingdom

   Email: gorry@erg.abdn.ac.uk

   Tom Jones
   University of Aberdeen
   School of Engineering Engineering, Fraser Noble Building
   Aberdeen
   AB24 3UE
   UK
   United Kingdom

   Email: tom@erg.abdn.ac.uk

   Michael Tuexen
   Muenster University of Applied Sciences
   Stegerwaldstrasse 39
   Steinfurt
   48565
   DE Steinfurt
   Germany

   Email: tuexen@fh-muenster.de
   Irene Ruengeler
   Muenster University of Applied Sciences
   Stegerwaldstrasse 39
   Steinfurt
   48565
   DE Steinfurt
   Germany

   Email: i.ruengeler@fh-muenster.de

   Timo Voelker
   Muenster University of Applied Sciences
   Stegerwaldstrasse 39
   Steinfurt
   48565
   DE Steinfurt
   Germany

   Email: timo.voelker@fh-muenster.de