TRAM                                                   M. Petit-Huguenin
Internet-Draft                                        Impedance Mismatch
Intended status: Standards Track                            G. Salgueiro
Expires: January 26, April 30, 2017                                            Cisco
                                                           July 25,
                                                        October 27, 2016

  Path MTU Discovery Using Session Traversal Utilities for NAT (STUN)
                     draft-ietf-tram-stun-pmtud-02
                     draft-ietf-tram-stun-pmtud-03

Abstract

   This document describes a Session Traversal Utilities for NAT (STUN)
   usage
   Usage for Path MTU Discovery (PMTUD) between a client and a server.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 26, April 30, 2017.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Overview of Operations  . . . . . . . . . . . . . . . . . . .   3
   3.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.   5
   4.  Probing Mechanisms  . . . . . . . . . . . . . . . . . . . . .   3
   4.   5
     4.1.  Simple Probing Mechanism  . . . . . . . . . . . . . . . . . .   4
     4.1.   6
       4.1.1.  Sending a Probe Request . . . . . . . . . . . . . . . . .   4
     4.2.   6
       4.1.2.  Receiving a Probe Request . . . . . . . . . . . . . . . .   4
     4.3.   6
       4.1.3.  Receiving a Probe Response  . . . . . . . . . . . . . . .   5
   5.   7
     4.2.  Complete Probing Mechanism  . . . . . . . . . . . . . . . . .   5
     5.1.   7
       4.2.1.  Sending the Probe Indications and Report Request  . . . .   5
     5.2.   7
       4.2.2.  Receiving an ICMP packet  . . Packet  . . . . . . . . . . . . . .   5
     5.3.   7
       4.2.3.  Receiving a Probe Indication and Report Request . . . . .   5
     5.4.   7
       4.2.4.  Receiving a Report Response . . . . . . . . . . . . . . .   6
     5.5.   8
       4.2.5.  Using Checksum Checksums as Packet Identifiers . . . . . . . . . .   6
     5.6.   8
       4.2.6.  Using Sequential Sequence Numbers as Packet Identifiers  . . . . .   6
   6.   9
   5.  Probe Support Discovery Signaling Mechanisms  . . . . . . . . . . . . .   7
     6.1.   9
     5.1.  Explicit Probe Support Signaling Mechanism  . . . . . . .   9
     5.2.  Implicit Probe Support Signaling Mechanism  . . . . . . .  10
   6.  STUN Attributes . . . . . . . . . . . .   7
     6.2.  Probe Support Discovery with TURN . . . . . . . . . . .  10
     6.1.  IDENTIFIERS .   7
     6.3.  Probe Support Discovery with ICE . . . . . . . . . . . .   7
   7.  Security Considerations . . . . . . . . . .  10
     6.2.  PMTUD-SUPPORTED . . . . . . . . .   8
   8.  IANA Considerations . . . . . . . . . . . .  10
   7.  Security Considerations . . . . . . . . .   8
     8.1.  New STUN Methods . . . . . . . . . .  10
   8.  IANA Considerations . . . . . . . . . . . . .   8
     8.2.  New STUN Attributes . . . . . . . .  11
     8.1.  New STUN Methods  . . . . . . . . . . .   8
   9.  Acknowledgements . . . . . . . . .  11
     8.2.  New STUN Attributes . . . . . . . . . . . . .   8
   10. . . . . . .  11
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   8
     10.1.  11
     9.1.  Normative References  . . . . . . . . . . . . . . . . . .   9
     10.2.  11
     9.2.  Informative References  . . . . . . . . . . . . . . . . .   9  12
   Appendix A.  Release Notes  . . . . . . . . . . . . . . . . . . .   9  12
     A.1.  Modifications between draft-ietf-tram-stun-pmtud-03 and
           draft-ietf-tram-stun-pmtud-02 . . . . . . . . . . . . . .  12
     A.2.  Modifications between draft-ietf-tram-stun-pmtud-02 and
           draft-ietf-tram-stun-pmtud-01 . . . . . . . . . . . . . .  10
     A.2.  13
     A.3.  Modifications between draft-ietf-tram-stun-pmtud-01 and
           draft-ietf-tram-stun-pmtud-00 . . . . . . . . . . . . . .  10
     A.3.  13
     A.4.  Modifications between draft-ietf-tram-stun-pmtud-00 and
           draft-petithuguenin-tram-stun-pmtud-01  . . . . . . . . .  10
     A.4.  13
     A.5.  Modifications between draft-petithuguenin-tram-stun-
           pmtud-01 and draft-petithuguenin-tram-stun-pmtud-00 . . .  10
     A.5.  13
     A.6.  Modifications between draft-petithuguenin-tram-stun-
           pmtud-00 and draft-petithuguenin-behave-stun-pmtud-03 . .  10
     A.6.  14
     A.7.  Modifications between draft-petithuguenin-behave-stun-
           pmtud-03 and draft-petithuguenin-behave-stun-pmtud-02 . .  10
     A.7.  14
     A.8.  Modifications between draft-petithuguenin-behave-stun-
           pmtud-02 and draft-petithuguenin-behave-stun-pmtud-01 . .  10
     A.8.  14
     A.9.  Modifications between draft-petithuguenin-behave-stun-
           pmtud-01 and draft-petithuguenin-behave-stun-pmtud-00 . .  11  14
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  15
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  11  15

1.  Introduction

   The Packetization Layer Path MTU Discovery (PMTUD) specification
   [RFC4821] describes a method to discover the path Path MTU but does not
   describe a practical protocol to do so with UDP.

   This document only describes how probing mechanisms are implemented
   with Session Traversal Utilities for NAT (STUN).  The algorithm to
   find the path Path MTU is described in [RFC4821].

   The STUN usage defined in this document for Path MTU Discovery
   (PMTUD) between a client and a server permits proper operations of
   UDP-based applications in the network.  It also simplifies
   troubleshooting and has multiple other applications across a wide
   variety of technologies.

   Additional network characteristics like the network path (using the
   STUN Traceroute mechanism described in
   [I-D.martinsen-tram-stuntrace]) and bandwidth availability (using the
   mechanism described in [I-D.martinsen-tram-turnbandwidthprobe]) can
   be discovered using complementary techniques.

2.  Overview of Operations

   This section is meant to be informative only.  It is not intended as
   a replacement for [RFC4821].

   A UDP endpoint that uses this specification to discover the Path MTU
   over UDP and knows that the endpoint it is communicating with also
   supports this specification can choose to use either the Simple
   Probing mechanism (as described in Section 4.1) or the Complete
   Probing mechanism (as described in Section 4.2).  The selection of
   which Probing Mechanism to use is dependent on performance and
   security and complexity trade-offs.

   If the Simple Probing mechanism is chosen, then it initiates Probe
   transactions, as shown in Figure 1, which increase in size until
   transactions timeout, indicating that the Path MTU has been exceeded.
   It then uses that information to update the Path MTU.

                          Client           Server
                            |                 |
                            | Probe Request   |
                            |---------------->|
                            |                 |
                            |  Probe Response |
                            |<----------------|
                            |                 |

                     Figure 1: Simple Probing Example

   If the Complete Probing mechanism (as described in Section 4.2) is
   chosen, then it sends Probe Indications of various sizes interleaved
   with UDP packets sent by the UDP protocol.  The Client then sends a
   Report Request for the ordered list of identifiers for the UDP
   packets and Probe Indications received by the Server.  The Client
   then compares the list returned in the Report Response with its own
   list of identifiers for the UDP packets and Probe Indications it
   sent.  The Client then uses that comparison to find which Probe
   Indications were dropped by the network as a result of their size.
   It then uses that information to update the Path MTU.

                        Client              Server
                           | UDP Packet        |
                           |------------------>|
                           |                   |
                           | UDP Packet        |
                           |------------------>|
                           |                   |
                           | Probe Indication  |
                           |------------------>|
                           |                   |
                           | UDP Packet        |
                           |------------------>|
                           |                   |
                           | Probe Indication  |
                           |------------------>|
                           |                   |
                           | Report Request    |
                           |------------------>|
                           |   Report Response |
                           |<------------------|
                           |                   |

                    Figure 2: Complete Probing Example

3.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].  When these
   words are not in ALL CAPS (such as "must" or "Must"), they have their
   usual English meanings, and are not to be interpreted as RFC 2119 key
   words.

3.

4.  Probing Mechanisms

   A client MUST NOT send a probe if it does not have knowledge that the
   server supports this specification.  This is done either by an external
   signalling or by a mechanism specific to each the UDP protocol.  Section 6 describes some protocol to which
   PMTUD capabilities are added or by one of
   this mechanisms. the mechanisms specified in
   Section 5.

   The probe Probing mechanism is used to discover the path Path MTU in one
   direction only, from the client to the server.

   Two probing Probing mechanisms are described, a simple probing Simple Probing mechanism and
   a more complete mechanism that can converge quicker. quicker and find an
   appropriate PMTU in the presence of congestion.  Additionally, the
   Simple Probing mechanism does not require authentication, whereas the
   complete mechanism does.

   Implementations supporting this specification MUST implement the
   server side of both the Simple Probing mechanism (Section 4.1) and
   the Complete Probing mechanism (Section 4.2).

   Implementations supporting this specification MUST implement the
   client side of the Complete Probing mechanism.  They MAY implement
   the client side of the Simple Probing mechanism.

   The simple probing Simple Probing mechanism is implemented by sending a Probe
   Request with a PADDING [RFC5780] attribute and the DF bit set over
   UDP.  A router on the path to the server can reject this request with
   an ICMP message or drop it.  The client SHOULD cease retransmissions
   after 3 missing responses.

   The complete probing Complete Probing mechanism is implemented by sending one or more
   Probe Indication Indications with a PADDING attribute and the DF bit set over
   UDP
   then followed by a Report Request to the same server.  A router on the
   path to the server can reject this indication Indication with an ICMP message or
   drop it.  The server keeps a time chronologically ordered list of
   identifiers of for all packets received (including retransmitted
   packets) and sends this list back to the client in the Report
   Response.  The client analyzes this list to find which packets were
   not received.  Because UDP packets does do not contain an identifier, the complete probing
   Complete Probing mechanism needs a way to identify each packet
   received.

   Some protocols may already have a way of identifying each individual
   UDP packet, in which case these identifiers SHOULD be used in the
   IDENTIFIERS attribute of the Report Response.  While there are other
   possible packet identification schemes, this document describes two
   different ways to identify a specific packet.

   In the first packet identifier identification mechanism, the server computes a
   checksum over each packet received and sends back to the sender the
   ordered
   list of checksums. checksums ordered chronologically.  The client compares this
   list to its own list of checksums.

   In the second packet identifier identification mechanism, the client adds a
   sequential
   sequence number in front of each UDP packet sent.  The server sends
   back the chronologically ordered list of sequential sequence numbers received
   that the client then compares to with its own list

4. list.

4.1.  Simple Probing Mechanism

4.1.

4.1.1.  Sending a Probe Request

   A client forms a Probe Request by following the rules in Section 7.1
   of [RFC5389].  No authentication method is used.  The Probe transaction MAY be authenticated.  The
   client adds a PADDING [RFC5780] attribute with a length that, when
   added to the IP and UDP headers and the other STUN components, is
   equal to the Selected Probe Size, as defined in [RFC4821] section
   Section 7.3.  The client MUST add the FINGERPRINT attribute.

   Then the client sends the Probe Request to the server over UDP with
   the DF bit set.  For the purpose of this transaction, the Rc
   parameter specified in Section 7.2.1 of [RFC5389] is set to 3.  The client SHOULD stop retransmitting after 3
   missing responses.

4.2.
   initial value for RTO stays at 500 ms.

4.1.2.  Receiving a Probe Request

   A server receiving a Probe Request MUST process it as specified in
   [RFC5389].

   The server MUST NOT challenge the client.

   The server then creates a Probe Response.  The server MUST add the
   FINGERPRINT attribute.  The server then sends the response to the
   client.

4.3.

4.1.3.  Receiving a Probe Response

   A client receiving a Probe Response MUST process it as specified in
   [RFC5389].  If a response is received this is interpreted as a Probe
   Success
   Success, as defined in [RFC4821] section Section 7.6.1.  If an ICMP packet
   "Fragmentation needed" is received then this is interpreted as a
   Probe Failure Failure, as defined in [RFC4821] section Section 7.6.2.  If the Probe
   transactions fails in timeout, times out, then this is interpreted as a Probe
   Inconclusive
   Inconclusive, as defined in [RFC4821] section Section 7.6.4.

5.

4.2.  Complete Probing Mechanism

5.1.

4.2.1.  Sending the Probe Indications and Report Request

   A client forms a Probe Indication by following the rules in [RFC5389]
   section
   Section 7.1.  The client adds to the Probe Indication a PADDING
   attribute with a size that, when added to the IP and UDP headers and
   the other STUN components, is equal to the Selected Probe Size, as
   defined in [RFC4821] section Section 7.3.  If the authentication mechanism
   permits it, then the Indication MUST be authenticated.  The client
   MUST add the FINGERPRINT attribute.

   Then the client sends the Probe Indication to the server over UDP
   with the DF bit set.

   Then the client forms a Report Request by following the rules in
   [RFC5389] section Section 7.1.  No authentication method is used.  The Report transaction MUST be authenticated.
   The client MUST add the FINGERPRINT attribute.

   Then the client waits half the RTO RTO, if it is known known, or 50 milliseconds 250 ms after
   sending the last Probe Indication and then sends the Report Request
   to the server over UDP.

5.2.

4.2.2.  Receiving an ICMP packet Packet

   If an ICMP packet "Fragmentation needed" is received then this is
   interpreted as a Probe Failure Failure, as defined in [RFC4821] section Section 7.5.

5.3.

4.2.3.  Receiving a Probe Indication and Report Request

   A server supporting this specification and knowing that the client
   also supports it will keep the identifiers of
   all packets received in a list chronologically ordered by receiving time. list.  The same
   identifier can appear multiple times in the list because of retransmission.
   retransmissions.  The maximum size of this list is calculated so such
   that when the list is added to the Report Response, the total size of
   the packet does not exceed the unknown path MTU Path MTU, as defined in
   [RFC5389] section Section 7.1.  Older identifiers are removed when new
   identifiers are added to a list that is already full.

   A server receiving a Report Request MUST process it as specified in
   [RFC5389].

   The server MUST NOT challenge the client.

   The server creates a Report Response and adds an IDENTIFIERS
   attribute that contains the list of all identifiers received so far.
   The server MUST add the FINGERPRINT attribute.  The server then sends
   the response to the client.

5.4.

   The exact content of the IDENTIFIERS attribute depends on what type
   of identifiers have been chosen for the protocol.  Each protocol
   adding PMTUD capabilities as specified by this specification MUST
   describe the format of the contents of the IDENTIFIERS attribute,
   unless it is using one of the formats described in this
   specification.

4.2.4.  Receiving a Report Response

   A client receiving a Report Response processes it as specified in
   [RFC5389].  If the response IDENTIFIERS attribute contains the
   identifier of the Probe Indication, then this is interpreted as a
   Probe Success for this probe probe, as defined in [RFC4821] Section 7.5.
   If the Probe Indication identifier cannot be found in the Report
   Response, this is interpreted as a Probe Failure Failure, as defined in
   [RFC4821] Section 7.5.  If the Probe Indication identifier cannot be
   found in the Report Response but identifiers for other packets identifier sent
   before or after the Probe Indication cannot also be found, this is
   interpreted as a Probe Inconclusive Inconclusive, as defined in [RFC4821]
   Section 7.5.  If the Report Transaction fails in timeout, times out, this is
   interpreted as a Full-Stop Timeout Timeout, as defined in [RFC4821]
   Section 3.

5.5.

4.2.5.  Using Checksum Checksums as Packet Identifiers

   When using a checksum as a packet identifiers, identifier, the client calculate calculates
   the checksum for each packet sent over UDP and keep keeps this checksum in
   an ordered list.  The server does the same thing and send sends back this
   list in the Report Response.

   The algorithm used to calculate the checksum is the same as the
   algorithm used for the FINGERPRINT attribute.  The contents of the
   IDENTIFIERS attribute is a list of 4 byte numbers, each using the
   same encoding that is used for the contents of the FINGERPRINT
   attribute.

   It could have been possible to use the checksum generated in the UDP
   checksum for this, but this value is generally not accessible to
   applications.  Also  Also, sometimes the checksum is not calculated or off-
   loaded is
   off-loaded to the network card.

5.6. hardware.

4.2.6.  Using Sequential Sequence Numbers as Packet Identifiers

   When using sequential sequence numbers, a small header similar to the TURN
   ChannelData header is added in front of all non-STUN packets.  The
   sequential
   sequence number is monotonically incremented by one for each packet
   sent.  The server collects the sequence number of the packets sent.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |         Channel Number        |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Sequence number                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   /                       Application Data                        /
   /                                                               /
   |                                                               |
   |                               +-------------------------------+
   |                               |
   +-------------------------------+

   The Channel Number is always 0xFFFF.

6.  The header values are encoded
   using network order.

   The contents of the IDENTIFIERS attribute is a list of 4 byte
   numbers, each containing a sequence number encoded using network
   order.

5.  Probe Support Discovery Signaling Mechanisms

6.1.  Implicit Mechanism

   An endpoint acting as a client for the STUN usage

   The PMTUD mechanism described in this
   specification MUST also act as a server for this STUN usage.  This
   means document is intended to be used
   by any UDP-based protocols that do not have built-in PMTUD
   capabilities, irrespective of whether those UDP-based protocols are
   STUN-based or not.  So the manner in which a server receiving a probe can assumes specific protocol
   discovers that it can acts as
   a client is safe to discover send PMTUD probes is largely dependent
   on the path MTU to details of that specific protocol, with the IP address and port from
   which it received exception of the probe.

6.2.
   Implicit Mechanism described below, which applies to any protocol.

5.1.  Explicit Probe Support Discovery with TURN

   A TURN client supporting this STUN usage will add Signaling Mechanism

   Some of these mechanisms can use a PMTUD-SUPPORTED separate signalling mechanism (for
   instance, an SDP attribute to in an Offer/Answer exchange [RFC3264]), or
   an optional flag that can be set in the Allocate Request sent to the TURN server.  The TURN
   server can immediately start to send probes to the TURN client on
   reception of an Allocation Request protocol that is augmented
   with PMTUD capabilities.  STUN Usages that can benefit from PMTUD
   capabilities can signal in-band that they support probing by
   inserting a PMTUD-SUPPORTED attribute. attribute in some STUN methods.  The TURN client will then
   decision of which methods support this attribute is left to each
   specific STUN Usage.

   UDP-based protocols that want to use any of these mechanisms,
   including the Implicit Mechanism described above PMTUD-SUPPORTED attribute, to send probes.

6.3. signal PMTUD capabilities
   MUST ensure that it cannot be used to launch an amplification attack.
   For example, using authentication can ensure this.

5.2.  Implicit Probe Support Discovery with ICE

   An ICE [RFC5245] client supporting Signaling Mechanism

   As a result of the fact that all endpoints implementing this STUN usage will add
   specification are both clients and servers, a PMTUD-
   SUPPORTED attribute Probe Request or
   Indication received by an endpoint implicitly signals that its sender
   MAY be used to probe the Binding Request sent during a connectivity
   check. Path MTU in the reverse direction.

   The ICE server can immediately start Probe Request or Indication that are used to send probes implicitly signal
   probing support in the reverse direction MUST be authenticated to
   prevent amplification attacks.

6.  STUN Attributes

6.1.  IDENTIFIERS

   The IDENTIFIERS attribute carries a chronologically ordered list of
   UDP packet identifiers.  Each protocol has to define how these
   identifiers are acquired and formatted, therefore the
   ICE client on reception contents of a Binding Request with a PMTUD-SUPPORTED
   attributed.  Local candidates receiving Binding Request with the
   IDENTIFIERS attribute is opaque.

6.2.  PMTUD-SUPPORTED flag must not start PMTUD with the remote candidate
   if already done so.

   The ICE client will then use the Implicit
   Mechanism described above to send probes. PMTUD-SUPPORTED attribute indicates that its sender supports this
   specification.  This attribute is empty.

7.  Security Considerations

   The PMTUD mechanism described in this document does not introduce any
   specific security considerations beyond those described in [RFC4821].

   The attack attacks described in Section 11 of [RFC4821] applies apply equally to the
   mechanism described in this document.

   The Simple Probing mechanism may be used without authentication
   because this usage by itself cannot trigger an amplification attack
   because the Probe Response is smaller than the Probe Request.  An
   unauthenticated Simple Probing mechanism cannot be used in
   conjunction with the Implicit Probing Support Signaling mechanism in
   order to prevent amplification attacks.

8.  IANA Considerations

   This specification defines two new STUN method methods and two new STUN
   attributes.  IANA added these new protocol elements to the "STUN
   Parameters Registry" created by [RFC5389].

8.1.  New STUN Methods

   This section lists the codepoints for the new STUN methods defined in
   this specification.  See Sections Section 4 4.1 and Section 5 4.2 for the
   semantics of these new methods.

      0xXXX : Probe

      0xXXX : Report

8.2.  New STUN Attributes

   This document defines the IDENTIFIERS STUN attribute, described in
   Section 5. 6.1.  IANA has allocated the comprehension-required codepoint
   0xXXXX for this attribute.

   This document also defines the PMTUD-SUPPORTED STUN attribute,
   described in Section 6.  IANA has allocated the comprehension-
   optional codepoint 0xXXXX for this attribute.

9.  Acknowledgements

   Thanks to Eilon Yardeni, Geir Sandbakken and Paal-Erik Martinsen for
   their review comments, suggestions and questions that helped to
   improve this document.

   Special thanks to Dan Wing, who supported for this attribute.

   This document since its
   first publication back also defines the PMTUD-SUPPORTED STUN attribute,
   described in 2008.

10. Section 6.2.  IANA has allocated the comprehension-
   optional codepoint 0xXXXX for this attribute.

9.  References
10.1.

9.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC4821]  Mathis, M. and J. Heffner, "Packetization Layer Path MTU
              Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007,
              <http://www.rfc-editor.org/info/rfc4821>.

   [RFC5245]  Rosenberg, J., "Interactive Connectivity Establishment
              (ICE): A Protocol for Network Address Translator (NAT)
              Traversal for Offer/Answer Protocols", RFC 5245,
              DOI 10.17487/RFC5245, April 2010,
              <http://www.rfc-editor.org/info/rfc5245>.

   [RFC5389]  Rosenberg, J., Mahy, R., Matthews, P., and D. Wing,
              "Session Traversal Utilities for NAT (STUN)", RFC 5389,
              DOI 10.17487/RFC5389, October 2008,
              <http://www.rfc-editor.org/info/rfc5389>.

10.2.

9.2.  Informative References

   [I-D.martinsen-tram-stuntrace]
              Martinsen, P. and D. Wing, "STUN Traceroute", draft-
              martinsen-tram-stuntrace-01 (work in progress), June 2015.

   [I-D.martinsen-tram-turnbandwidthprobe]
              Martinsen, P., Andersen, T., Salgueiro, G., and M. Petit-
              Huguenin, "Traversal Using Relays around NAT (TURN)
              Bandwidth Probe", draft-martinsen-tram-
              turnbandwidthprobe-00 (work in progress), May 2015.

   [RFC3264]  Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model
              with Session Description Protocol (SDP)", RFC 3264,
              DOI 10.17487/RFC3264, June 2002,
              <http://www.rfc-editor.org/info/rfc3264>.

   [RFC5780]  MacDonald, D. and B. Lowekamp, "NAT Behavior Discovery
              Using Session Traversal Utilities for NAT (STUN)",
              RFC 5780, DOI 10.17487/RFC5780, May 2010,
              <http://www.rfc-editor.org/info/rfc5780>.

Appendix A.  Release Notes

   This section must be removed before publication as an RFC.

A.1.  Modifications between draft-ietf-tram-stun-pmtud-03 and draft-
      ietf-tram-stun-pmtud-02

   o  Add new Overview of Operations secion with ladder diagrams.

   o  Authentication is mandatory for the Complete Probing mechanism,
      optional for the Simple Probing mechanism.

   o  All the ICE specific text moves to a separate draft to be
      discussed in the ICE WG.

   o  The TURN usage is removed because probing between a TURN server
      and TURN client is not useful.

   o  Any usage of PMTUD-SUPPORTED or other signaling mechanisms
      (formerly knows as discovery mechanisms) must now be
      authenticated.

   o  Both probing mechanisms are MTI in the server, the complete
      probing mechanism is MTI in the client.

   o  Make clear that stopping after 3 retransmission is done by
      changing the STUN parameter.

   o  Define the format of the attributes.

   o  Make clear that the specification is for any UDP protocol that
      does not already have PMTUD capabilities, not just STUN based
      protocols.

   o  Change the default delay to send the Report Request to 250 ms
      after the last Indication if the RTO is unknown.

   o  Each usage of this specification must the format of the
      IDENTIFIERS attribute contents.

   o  Better define the implicit signaling mechanism.

   o  Extend the Security Consideration section.

   o  Tons of nits.

A.2.  Modifications between draft-ietf-tram-stun-pmtud-02 and draft-
      ietf-tram-stun-pmtud-01

   o  Cleaned up references.

A.2.

A.3.  Modifications between draft-ietf-tram-stun-pmtud-01 and draft-
      ietf-tram-stun-pmtud-00

   o  Added Security Considerations Section.

   o  Added IANA Considerations Section.

A.3.

A.4.  Modifications between draft-ietf-tram-stun-pmtud-00 and draft-
      petithuguenin-tram-stun-pmtud-01

   o  Adopted by WG - Text unchanged.

A.4.

A.5.  Modifications between draft-petithuguenin-tram-stun-pmtud-01 and
      draft-petithuguenin-tram-stun-pmtud-00

   o  Moved some Introduction text to the Probing Mechanism section.

   o  Added cross-reference to the other two STUN troubleshooting
      mechanism drafts.

   o  Updated references.

   o  Added Gonzalo Salgueiro as co-author.

A.5.

A.6.  Modifications between draft-petithuguenin-tram-stun-pmtud-00 and
      draft-petithuguenin-behave-stun-pmtud-03

   o  General refresh for republication.

A.6.

A.7.  Modifications between draft-petithuguenin-behave-stun-pmtud-03 and
      draft-petithuguenin-behave-stun-pmtud-02

   o  Changed author address.

   o  Changed the IPR to trust200902.

A.7.

A.8.  Modifications between draft-petithuguenin-behave-stun-pmtud-02 and
      draft-petithuguenin-behave-stun-pmtud-01

   o  Replaced the transactions identifiers by packet identifiers

   o  Defined checksum and sequential numbers as possible packet
      identifiers.

   o  Updated the reference to RFC 5389

   o  The FINGERPRINT attribute is now mandatory.

   o  Changed the delay between Probe indication and Report request to
      be RTO/2 or 50 milliseconds.

   o  Added ICMP packet processing.

   o  Added Full-Stop Timeout detection.

   o  Stated that Binding request with PMTUD-SUPPORTED does not start
      the PMTUD process if already started.

A.8.

A.9.  Modifications between draft-petithuguenin-behave-stun-pmtud-01 and
      draft-petithuguenin-behave-stun-pmtud-00

   o  Removed the use of modified STUN transaction but shorten the
      retransmission for the simple probing mechanism.

   o  Added a complete probing mechanism.

   o  Removed the PADDING-RECEIVED attribute.

   o  Added release notes.

Acknowledgements

   Thanks to Eilon Yardeni, Geir Sandbakken, Paal-Erik Martinsen,
   Tirumaleswar Reddy, and Ram Mohan R for their review comments,
   suggestions and questions that helped to improve this document.

   Special thanks to Dan Wing, who supported this document since its
   first publication back in 2008.

Authors' Addresses

   Marc Petit-Huguenin
   Impedance Mismatch

   Email: marc@petit-huguenin.org

   Gonzalo Salgueiro
   Cisco Systems, Inc.
   7200-12 Kit Creek Road
   Research Triangle Park, NC  27709
   United States

   Email: gsalguei@cisco.com