draft-ietf-tram-stun-pmtud-03.txt   draft-ietf-tram-stun-pmtud-04.txt 
TRAM M. Petit-Huguenin TRAM M. Petit-Huguenin
Internet-Draft Impedance Mismatch Internet-Draft Impedance Mismatch
Intended status: Standards Track G. Salgueiro Intended status: Standards Track G. Salgueiro
Expires: April 30, 2017 Cisco Expires: August 20, 2017 Cisco
October 27, 2016 February 16, 2017
Path MTU Discovery Using Session Traversal Utilities for NAT (STUN) Path MTU Discovery Using Session Traversal Utilities for NAT (STUN)
draft-ietf-tram-stun-pmtud-03 draft-ietf-tram-stun-pmtud-04
Abstract Abstract
This document describes a Session Traversal Utilities for NAT (STUN) This document describes a Session Traversal Utilities for NAT (STUN)
Usage for Path MTU Discovery (PMTUD) between a client and a server. Usage for Path MTU Discovery (PMTUD) between a client and a server.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 32 skipping to change at page 1, line 32
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 30, 2017. This Internet-Draft will expire on August 20, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Overview of Operations . . . . . . . . . . . . . . . . . . . 3 2. Overview of Operations . . . . . . . . . . . . . . . . . . . 3
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Probing Mechanisms . . . . . . . . . . . . . . . . . . . . . 5 4. Probing Mechanisms . . . . . . . . . . . . . . . . . . . . . 5
4.1. Simple Probing Mechanism . . . . . . . . . . . . . . . . 6 4.1. Simple Probing Mechanism . . . . . . . . . . . . . . . . 5
4.1.1. Sending a Probe Request . . . . . . . . . . . . . . . 6 4.1.1. Sending a Probe Request . . . . . . . . . . . . . . . 5
4.1.2. Receiving a Probe Request . . . . . . . . . . . . . . 6 4.1.2. Receiving a Probe Request . . . . . . . . . . . . . . 6
4.1.3. Receiving a Probe Response . . . . . . . . . . . . . 7 4.1.3. Receiving a Probe Response . . . . . . . . . . . . . 6
4.2. Complete Probing Mechanism . . . . . . . . . . . . . . . 7 4.2. Complete Probing Mechanism . . . . . . . . . . . . . . . 6
4.2.1. Sending the Probe Indications and Report Request . . 7 4.2.1. Sending the Probe Indications and Report Request . . 7
4.2.2. Receiving an ICMP Packet . . . . . . . . . . . . . . 7 4.2.2. Receiving an ICMP Packet . . . . . . . . . . . . . . 7
4.2.3. Receiving a Probe Indication and Report Request . . . 7 4.2.3. Receiving a Probe Indication and Report Request . . . 8
4.2.4. Receiving a Report Response . . . . . . . . . . . . . 8 4.2.4. Receiving a Report Response . . . . . . . . . . . . . 8
4.2.5. Using Checksums as Packet Identifiers . . . . . . . . 8 4.2.5. Using Checksums as Packet Identifiers . . . . . . . . 9
4.2.6. Using Sequence Numbers as Packet Identifiers . . . . 9 4.2.6. Using Sequence Numbers as Packet Identifiers . . . . 9
5. Probe Support Signaling Mechanisms . . . . . . . . . . . . . 9 5. Probe Support Signaling Mechanisms . . . . . . . . . . . . . 10
5.1. Explicit Probe Support Signaling Mechanism . . . . . . . 9 5.1. Explicit Probe Support Signaling Mechanism . . . . . . . 10
5.2. Implicit Probe Support Signaling Mechanism . . . . . . . 10 5.2. Implicit Probe Support Signaling Mechanism . . . . . . . 11
6. STUN Attributes . . . . . . . . . . . . . . . . . . . . . . . 10 6. STUN Attributes . . . . . . . . . . . . . . . . . . . . . . . 11
6.1. IDENTIFIERS . . . . . . . . . . . . . . . . . . . . . . . 10 6.1. IDENTIFIERS . . . . . . . . . . . . . . . . . . . . . . . 11
6.2. PMTUD-SUPPORTED . . . . . . . . . . . . . . . . . . . . . 10 6.2. PMTUD-SUPPORTED . . . . . . . . . . . . . . . . . . . . . 11
7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
8.1. New STUN Methods . . . . . . . . . . . . . . . . . . . . 11 8.1. New STUN Methods . . . . . . . . . . . . . . . . . . . . 12
8.2. New STUN Attributes . . . . . . . . . . . . . . . . . . . 11 8.2. New STUN Attributes . . . . . . . . . . . . . . . . . . . 12
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
9.1. Normative References . . . . . . . . . . . . . . . . . . 11 9.1. Normative References . . . . . . . . . . . . . . . . . . 12
9.2. Informative References . . . . . . . . . . . . . . . . . 12 9.2. Informative References . . . . . . . . . . . . . . . . . 13
Appendix A. Release Notes . . . . . . . . . . . . . . . . . . . 12 Appendix A. Release Notes . . . . . . . . . . . . . . . . . . . 13
A.1. Modifications between draft-ietf-tram-stun-pmtud-03 and A.1. Modifications between draft-ietf-tram-stun-pmtud-04 and
draft-ietf-tram-stun-pmtud-02 . . . . . . . . . . . . . . 12 draft-ietf-tram-stun-pmtud-03 . . . . . . . . . . . . . . 13
A.2. Modifications between draft-ietf-tram-stun-pmtud-02 and A.2. Modifications between draft-ietf-tram-stun-pmtud-03 and
draft-ietf-tram-stun-pmtud-01 . . . . . . . . . . . . . . 13 draft-ietf-tram-stun-pmtud-02 . . . . . . . . . . . . . . 13
A.3. Modifications between draft-ietf-tram-stun-pmtud-01 and A.3. Modifications between draft-ietf-tram-stun-pmtud-02 and
draft-ietf-tram-stun-pmtud-00 . . . . . . . . . . . . . . 13 draft-ietf-tram-stun-pmtud-01 . . . . . . . . . . . . . . 14
A.4. Modifications between draft-ietf-tram-stun-pmtud-00 and A.4. Modifications between draft-ietf-tram-stun-pmtud-01 and
draft-petithuguenin-tram-stun-pmtud-01 . . . . . . . . . 13 draft-ietf-tram-stun-pmtud-00 . . . . . . . . . . . . . . 14
A.5. Modifications between draft-petithuguenin-tram-stun- A.5. Modifications between draft-ietf-tram-stun-pmtud-00 and
pmtud-01 and draft-petithuguenin-tram-stun-pmtud-00 . . . 13 draft-petithuguenin-tram-stun-pmtud-01 . . . . . . . . . 14
A.6. Modifications between draft-petithuguenin-tram-stun- A.6. Modifications between draft-petithuguenin-tram-stun-
pmtud-00 and draft-petithuguenin-behave-stun-pmtud-03 . . 14 pmtud-01 and draft-petithuguenin-tram-stun-pmtud-00 . . . 15
A.7. Modifications between draft-petithuguenin-behave-stun- A.7. Modifications between draft-petithuguenin-tram-stun-
pmtud-03 and draft-petithuguenin-behave-stun-pmtud-02 . . 14 pmtud-00 and draft-petithuguenin-behave-stun-pmtud-03 . . 15
A.8. Modifications between draft-petithuguenin-behave-stun- A.8. Modifications between draft-petithuguenin-behave-stun-
pmtud-02 and draft-petithuguenin-behave-stun-pmtud-01 . . 14 pmtud-03 and draft-petithuguenin-behave-stun-pmtud-02 . . 15
A.9. Modifications between draft-petithuguenin-behave-stun- A.9. Modifications between draft-petithuguenin-behave-stun-
pmtud-01 and draft-petithuguenin-behave-stun-pmtud-00 . . 14 pmtud-02 and draft-petithuguenin-behave-stun-pmtud-01 . . 15
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 15 A.10. Modifications between draft-petithuguenin-behave-stun-
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 pmtud-01 and draft-petithuguenin-behave-stun-pmtud-00 . . 16
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
The Packetization Layer Path MTU Discovery (PMTUD) specification The Packetization Layer Path MTU Discovery (PMTUD) specification
[RFC4821] describes a method to discover the Path MTU but does not [RFC4821] describes a method to discover the Path MTU but does not
describe a practical protocol to do so with UDP. describe a practical protocol to do so with UDP.
This document only describes how probing mechanisms are implemented Not all UDP-based protocols implement the Path MTU discovery
with Session Traversal Utilities for NAT (STUN). The algorithm to mechanism described in [RFC4821]. These protocols can make use of
find the Path MTU is described in [RFC4821]. the probing mechanisms described in this document instead of
designing their own adhoc extension. These probing mechanisms are
implemented with Session Traversal Utilities for NAT (STUN), but
their usage is not limited to STUN-based protocols.
The STUN usage defined in this document for Path MTU Discovery The STUN usage defined in this document for Path MTU Discovery
(PMTUD) between a client and a server permits proper operations of (PMTUD) between a client and a server permits proper operations of
UDP-based applications in the network. It also simplifies UDP-based applications in the network. It also simplifies
troubleshooting and has multiple other applications across a wide troubleshooting and has multiple other applications across a wide
variety of technologies. variety of technologies.
Additional network characteristics like the network path (using the Complementary techniques can be used to discover additional network
STUN Traceroute mechanism described in characteristics, such as the network path (using the STUN Traceroute
[I-D.martinsen-tram-stuntrace]) and bandwidth availability (using the mechanism described in [I-D.martinsen-tram-stuntrace]) and bandwidth
mechanism described in [I-D.martinsen-tram-turnbandwidthprobe]) can availability (using the mechanism described in
be discovered using complementary techniques. [I-D.martinsen-tram-turnbandwidthprobe]).
2. Overview of Operations 2. Overview of Operations
This section is meant to be informative only. It is not intended as This section is meant to be informative only. It is not intended as
a replacement for [RFC4821]. a replacement for [RFC4821].
A UDP endpoint that uses this specification to discover the Path MTU A UDP endpoint that uses this specification to discover the Path MTU
over UDP and knows that the endpoint it is communicating with also over UDP and knows that the endpoint it is communicating with also
supports this specification can choose to use either the Simple supports this specification can choose to use either the Simple
Probing mechanism (as described in Section 4.1) or the Complete Probing mechanism (as described in Section 4.1) or the Complete
Probing mechanism (as described in Section 4.2). The selection of Probing mechanism (as described in Section 4.2). The selection of
which Probing Mechanism to use is dependent on performance and which Probing Mechanism to use is dependent on performance and
security and complexity trade-offs. security and complexity trade-offs.
If the Simple Probing mechanism is chosen, then it initiates Probe If the Simple Probing mechanism is chosen, then the Client initiates
transactions, as shown in Figure 1, which increase in size until Probe transactions, as shown in Figure 1, which increase in size
transactions timeout, indicating that the Path MTU has been exceeded. until transactions timeout, indicating that the Path MTU has been
It then uses that information to update the Path MTU. exceeded. It then uses that information to update the Path MTU.
Client Server Client Server
| | | |
| Probe Request | | Probe Request |
|---------------->| |---------------->|
| | | |
| Probe Response | | Probe Response |
|<----------------| |<----------------|
| | | |
Figure 1: Simple Probing Example Figure 1: Simple Probing Example
If the Complete Probing mechanism (as described in Section 4.2) is If the Complete Probing mechanism (as described in Section 4.2) is
chosen, then it sends Probe Indications of various sizes interleaved chosen, then the Client sends Probe Indications of various sizes
with UDP packets sent by the UDP protocol. The Client then sends a interleaved with UDP packets sent by the UDP protocol. The Client
Report Request for the ordered list of identifiers for the UDP then sends a Report Request for the ordered list of identifiers for
packets and Probe Indications received by the Server. The Client the UDP packets and Probe Indications received by the Server. The
then compares the list returned in the Report Response with its own Client then compares the list returned in the Report Response with
list of identifiers for the UDP packets and Probe Indications it its own list of identifiers for the UDP packets and Probe Indications
sent. The Client then uses that comparison to find which Probe it sent. The Client then uses that comparison to find which Probe
Indications were dropped by the network as a result of their size. Indications were dropped by the network as a result of their size.
It then uses that information to update the Path MTU. It then uses that information to update the Path MTU.
Client Server Client Server
| UDP Packet | | UDP Packet |
|------------------>| |------------------>|
| | | |
| UDP Packet | | UDP Packet |
|------------------>| |------------------>|
| | | |
skipping to change at page 5, line 39 skipping to change at page 5, line 39
complete mechanism does. complete mechanism does.
Implementations supporting this specification MUST implement the Implementations supporting this specification MUST implement the
server side of both the Simple Probing mechanism (Section 4.1) and server side of both the Simple Probing mechanism (Section 4.1) and
the Complete Probing mechanism (Section 4.2). the Complete Probing mechanism (Section 4.2).
Implementations supporting this specification MUST implement the Implementations supporting this specification MUST implement the
client side of the Complete Probing mechanism. They MAY implement client side of the Complete Probing mechanism. They MAY implement
the client side of the Simple Probing mechanism. the client side of the Simple Probing mechanism.
4.1. Simple Probing Mechanism
The Simple Probing mechanism is implemented by sending a Probe The Simple Probing mechanism is implemented by sending a Probe
Request with a PADDING [RFC5780] attribute and the DF bit set over Request with a PADDING [RFC5780] attribute and the DF bit set over
UDP. A router on the path to the server can reject this request with UDP. A router on the path to the server can reject this request with
an ICMP message or drop it. The client SHOULD cease retransmissions an ICMP message or drop it.
after 3 missing responses.
The Complete Probing mechanism is implemented by sending one or more
Probe Indications with a PADDING attribute and the DF bit set over
UDP followed by a Report Request to the same server. A router on the
path to the server can reject this Indication with an ICMP message or
drop it. The server keeps a chronologically ordered list of
identifiers for all packets received (including retransmitted
packets) and sends this list back to the client in the Report
Response. The client analyzes this list to find which packets were
not received. Because UDP packets do not contain an identifier, the
Complete Probing mechanism needs a way to identify each packet
received.
Some protocols may already have a way of identifying each individual
UDP packet, in which case these identifiers SHOULD be used in the
IDENTIFIERS attribute of the Report Response. While there are other
possible packet identification schemes, this document describes two
different ways to identify a specific packet.
In the first packet identification mechanism, the server computes a
checksum over each packet received and sends back to the sender the
list of checksums ordered chronologically. The client compares this
list to its own list of checksums.
In the second packet identification mechanism, the client adds a 4.1.1. Sending a Probe Request
sequence number in front of each UDP packet sent. The server sends
back the chronologically ordered list of sequence numbers received
that the client then compares with its own list.
4.1. Simple Probing Mechanism A client forms a Probe Request by using the Probe Method and
following the rules in Section 7.1 of [RFC5389].
4.1.1. Sending a Probe Request The Probe transaction MUST be authenticated if the Simple Probing
mechanism is used in conjunction with the Implicit Probing Support
mechanism described in Section 5.2 If not, the Probe transctaion MAY
be authenticated.
A client forms a Probe Request by following the rules in Section 7.1 The client adds a PADDING [RFC5780] attribute with a length that,
of [RFC5389]. The Probe transaction MAY be authenticated. The when added to the IP and UDP headers and the other STUN components,
client adds a PADDING [RFC5780] attribute with a length that, when is equal to the Selected Probe Size, as defined in [RFC4821]
added to the IP and UDP headers and the other STUN components, is
equal to the Selected Probe Size, as defined in [RFC4821]
Section 7.3. The client MUST add the FINGERPRINT attribute. Section 7.3. The client MUST add the FINGERPRINT attribute.
Then the client sends the Probe Request to the server over UDP with Then the client sends the Probe Request to the server over UDP with
the DF bit set. For the purpose of this transaction, the Rc the DF bit set. For the purpose of this transaction, the Rc
parameter specified in Section 7.2.1 of [RFC5389] is set to 3. The parameter specified in Section 7.2.1 of [RFC5389] is set to 3. The
initial value for RTO stays at 500 ms. initial value for RTO stays at 500 ms.
4.1.2. Receiving a Probe Request 4.1.2. Receiving a Probe Request
A server receiving a Probe Request MUST process it as specified in A server receiving a Probe Request MUST process it as specified in
[RFC5389]. [RFC5389].
The server then creates a Probe Response. The server MUST add the The server then creates a Probe Response. The server MUST add the
FINGERPRINT attribute. The server then sends the response to the FINGERPRINT attribute so the STUN messages are disambiguated from the
other protocol packets. The server then sends the response to the
client. client.
4.1.3. Receiving a Probe Response 4.1.3. Receiving a Probe Response
A client receiving a Probe Response MUST process it as specified in A client receiving a Probe Response MUST process it as specified in
[RFC5389]. If a response is received this is interpreted as a Probe [RFC5389]. If a response is received this is interpreted as a Probe
Success, as defined in [RFC4821] Section 7.6.1. If an ICMP packet Success, as defined in [RFC4821] Section 7.6.1. If an ICMP packet
"Fragmentation needed" is received then this is interpreted as a "Fragmentation needed" is received then this is interpreted as a
Probe Failure, as defined in [RFC4821] Section 7.6.2. If the Probe Probe Failure, as defined in [RFC4821] Section 7.6.2. If the Probe
transactions times out, then this is interpreted as a Probe transaction times out, then this is interpreted as a Probe
Inconclusive, as defined in [RFC4821] Section 7.6.4. Inconclusive, as defined in [RFC4821] Section 7.6.4.
4.2. Complete Probing Mechanism 4.2. Complete Probing Mechanism
The Complete Probing mechanism is implemented by sending one or more
Probe Indications with a PADDING attribute and the DF bit set over
UDP followed by a Report Request to the same server. A router on the
path to the server can reject this Indication with an ICMP message or
drop it. The server keeps a chronologically ordered list of
identifiers for all packets received (including retransmitted
packets) and sends this list back to the client in the Report
Response. The client analyzes this list to find which packets were
not received. Because UDP packets do not contain an identifier, the
Complete Probing mechanism needs a way to identify each packet
received.
Some protocols may already have a way of identifying each individual
UDP packet, in which case these identifiers SHOULD be used in the
IDENTIFIERS attribute of the Report Response. While there are other
possible packet identification schemes, this document describes two
different ways to identify a specific packet.
In the first packet identification mechanism, the server computes a
checksum over each packet received and sends back to the sender the
list of checksums ordered chronologically. The client compares this
list to its own list of checksums.
In the second packet identification mechanism, the client prepends
the UDP data with a header that provides a sequence number. The
server sends back the chronologically ordered list of sequence
numbers received that the client then compares with its own list.
4.2.1. Sending the Probe Indications and Report Request 4.2.1. Sending the Probe Indications and Report Request
A client forms a Probe Indication by following the rules in [RFC5389] A client forms a Probe Indication by using the Probe Method and
Section 7.1. The client adds to the Probe Indication a PADDING following the rules in [RFC5389] Section 7.1. The client adds to the
attribute with a size that, when added to the IP and UDP headers and Probe Indication a PADDING attribute with a size that, when added to
the other STUN components, is equal to the Selected Probe Size, as the IP and UDP headers and the other STUN components, is equal to the
defined in [RFC4821] Section 7.3. If the authentication mechanism Selected Probe Size, as defined in [RFC4821] Section 7.3. If the
permits it, then the Indication MUST be authenticated. The client authentication mechanism permits it, then the Indication MUST be
MUST add the FINGERPRINT attribute. authenticated. The server MUST add the FINGERPRINT attribute so the
STUN messages are disambiguated from the other protocol packets.
Then the client sends the Probe Indication to the server over UDP Then the client sends the Probe Indication to the server over UDP
with the DF bit set. with the DF bit set.
Then the client forms a Report Request by following the rules in Then the client forms a Report Request by following the rules in
[RFC5389] Section 7.1. The Report transaction MUST be authenticated. [RFC5389] Section 7.1. The Report transaction MUST be authenticated
The client MUST add the FINGERPRINT attribute. to prevent amplification attacks. The client MUST add the
FINGERPRINT attribute so the STUN messages are disambiguated from the
other protocol packets.
Then the client waits half the RTO, if it is known, or 250 ms after Then the client waits half the RTO, if it is known, or 250 ms after
sending the last Probe Indication and then sends the Report Request sending the last Probe Indication and then sends the Report Request
to the server over UDP. to the server over UDP.
4.2.2. Receiving an ICMP Packet 4.2.2. Receiving an ICMP Packet
If an ICMP packet "Fragmentation needed" is received then this is If an ICMP packet "Fragmentation needed" is received then this is
interpreted as a Probe Failure, as defined in [RFC4821] Section 7.5. interpreted as a Probe Failure, as defined in [RFC4821] Section 7.5.
4.2.3. Receiving a Probe Indication and Report Request 4.2.3. Receiving a Probe Indication and Report Request
A server supporting this specification will keep the identifiers of A server supporting this specification will keep the identifiers of
all packets received in a chronologically ordered list. The same all packets received in a chronologically ordered list. The packets
identifier can appear multiple times in the list because of that are to be associated to a list are selected according to
retransmissions. The maximum size of this list is calculated such Section 5.2 of [RFC4821]. The same identifier can appear multiple
that when the list is added to the Report Response, the total size of times in the list because of retransmissions. The maximum size of
the packet does not exceed the unknown Path MTU, as defined in this list is calculated such that when the list is added to the
[RFC5389] Section 7.1. Older identifiers are removed when new Report Response, the total size of the packet does not exceed the
identifiers are added to a list that is already full. unknown Path MTU, as defined in [RFC5389] Section 7.1. Older
identifiers are removed when new identifiers are added to a list that
is already full.
A server receiving a Report Request MUST process it as specified in A server receiving a Report Request MUST process it as specified in
[RFC5389]. [RFC5389].
The server creates a Report Response and adds an IDENTIFIERS The server creates a Report Response and adds an IDENTIFIERS
attribute that contains the list of all identifiers received so far. attribute that contains the chronologically ordered list of all
The server MUST add the FINGERPRINT attribute. The server then sends identifiers received so far. The server MUST add the FINGERPRINT
the response to the client. attribute. The server then sends the response to the client.
The exact content of the IDENTIFIERS attribute depends on what type The exact content of the IDENTIFIERS attribute depends on what type
of identifiers have been chosen for the protocol. Each protocol of identifiers have been chosen for the protocol. Each protocol
adding PMTUD capabilities as specified by this specification MUST adding PMTUD capabilities as specified by this specification MUST
describe the format of the contents of the IDENTIFIERS attribute, describe the format of the contents of the IDENTIFIERS attribute,
unless it is using one of the formats described in this unless it is using one of the formats described in this
specification. specification. See Section 6.1 for details about the IDENTIFIERS
attribute.
4.2.4. Receiving a Report Response 4.2.4. Receiving a Report Response
A client receiving a Report Response processes it as specified in A client receiving a Report Response processes it as specified in
[RFC5389]. If the response IDENTIFIERS attribute contains the [RFC5389]. If the response IDENTIFIERS attribute contains the
identifier of the Probe Indication, then this is interpreted as a identifier of the Probe Indication, then this is interpreted as a
Probe Success for this probe, as defined in [RFC4821] Section 7.5. Probe Success for this probe, as defined in [RFC4821] Section 7.5.
If the Probe Indication identifier cannot be found in the Report If the Probe Indication identifier cannot be found in the Report
Response, this is interpreted as a Probe Failure, as defined in Response, this is interpreted as a Probe Failure, as defined in
[RFC4821] Section 7.5. If the Probe Indication identifier cannot be [RFC4821] Section 7.5. If the Probe Indication identifier cannot be
found in the Report Response but identifiers for other packets sent found in the Report Response but identifiers for other packets sent
before or after the Probe Indication cannot also be found, this is before or after the Probe Indication can all be found, this is
interpreted as a Probe Inconclusive, as defined in [RFC4821] interpreted as a Probe Failure as defined in [RFC4821] Section 7.5.
Section 7.5. If the Report Transaction times out, this is If the Report Transaction times out, this is interpreted as a Full-
interpreted as a Full-Stop Timeout, as defined in [RFC4821] Stop Timeout, as defined in [RFC4821] Section 3.
Section 3.
4.2.5. Using Checksums as Packet Identifiers 4.2.5. Using Checksums as Packet Identifiers
When using a checksum as a packet identifier, the client calculates When using a checksum as a packet identifier, the client calculates
the checksum for each packet sent over UDP and keeps this checksum in the checksum for each packet sent over UDP that is not a STUN Probe
an ordered list. The server does the same thing and sends back this Indication or Request and keeps this checksum in a chronologically
list in the Report Response. ordered list. The client also keeps the checksum of the STUN Probe
Indication or Request sent in that same chronologically ordered list.
The algorithm used to calculate the checksum is the same as the The algorithm used to calculate the checksum is the same as the
algorithm used for the FINGERPRINT attribute. The contents of the algorithm used for the FINGERPRINT attribute (i.e., the CRC-32 of the
IDENTIFIERS attribute is a list of 4 byte numbers, each using the payload XOR'ed with the 32-bit value 0x5354554e).
same encoding that is used for the contents of the FINGERPRINT
attribute. The server calculates the checksum for each received packet that is
not a STUN Probe Indication or Request and retrieve the FINGERPRINT
attribute value if the packet is a STUN Probe Indication or Request.
It puts these checksums in a chronologically ordered list that is
sent back in the Report Response.
The contents of the IDENTIFIERS attribute is a list of 4 byte
numbers, each using the same encoding that is used for the contents
of the FINGERPRINT attribute.
It could have been possible to use the checksum generated in the UDP It could have been possible to use the checksum generated in the UDP
checksum for this, but this value is generally not accessible to checksum for this, but this value is generally not accessible to
applications. Also, sometimes the checksum is not calculated or is applications. Also, sometimes the checksum is not calculated or is
off-loaded to network hardware. off-loaded to network hardware.
4.2.6. Using Sequence Numbers as Packet Identifiers 4.2.6. Using Sequence Numbers as Packet Identifiers
When using sequence numbers, a small header similar to the TURN When using sequence numbers, a small header similar to the TURN
ChannelData header is added in front of all non-STUN packets. The ChannelData header is added in front of all packets that are not a
sequence number is monotonically incremented by one for each packet STUN Probe Indication or Request. The sequence number is
sent. The server collects the sequence number of the packets sent. monotonically incremented by one for each packet sent. The most
significant bit of the sequence number is always 0. The server
collects the sequence number of the packets sent, or the 4 first
bytes of the transaction ID if a STUN Probe Indication or Request is
sent. In that case, the most significant bit of the 4 first bytes is
set to 1.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Channel Number | Length | | Channel Number | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence number | |0| Sequence number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
/ Application Data / / Application Data /
/ / / /
| | | |
| +-------------------------------+ | +-------------------------------+
| | | |
+-------------------------------+ +-------------------------------+
The Channel Number is always 0xFFFF. The header values are encoded The Channel Number is always 0xFFFF. The header values are encoded
using network order. using network order.
The contents of the IDENTIFIERS attribute is a list of 4 byte The contents of the IDENTIFIERS attribute is a chronologically
numbers, each containing a sequence number encoded using network ordered list of 4 byte numbers, each containing either a sequence
order. number, if the packet was not a STUN Probe Indication or Request, or
the 4 first bytes of the transaction ID, with the most significant
bit forced to 1, if the packet is a STUN Probe Indication or Request.
5. Probe Support Signaling Mechanisms 5. Probe Support Signaling Mechanisms
The PMTUD mechanism described in this document is intended to be used The PMTUD mechanism described in this document is intended to be used
by any UDP-based protocols that do not have built-in PMTUD by any UDP-based protocols that do not have built-in PMTUD
capabilities, irrespective of whether those UDP-based protocols are capabilities, irrespective of whether those UDP-based protocols are
STUN-based or not. So the manner in which a specific protocol STUN-based or not. So the manner in which a specific protocol
discovers that it is safe to send PMTUD probes is largely dependent discovers that it is safe to send PMTUD probes is largely dependent
on the details of that specific protocol, with the exception of the on the details of that specific protocol, with the exception of the
Implicit Mechanism described below, which applies to any protocol. Implicit Mechanism described below, which applies to any protocol.
skipping to change at page 10, line 28 skipping to change at page 11, line 23
The Probe Request or Indication that are used to implicitly signal The Probe Request or Indication that are used to implicitly signal
probing support in the reverse direction MUST be authenticated to probing support in the reverse direction MUST be authenticated to
prevent amplification attacks. prevent amplification attacks.
6. STUN Attributes 6. STUN Attributes
6.1. IDENTIFIERS 6.1. IDENTIFIERS
The IDENTIFIERS attribute carries a chronologically ordered list of The IDENTIFIERS attribute carries a chronologically ordered list of
UDP packet identifiers. Each protocol has to define how these UDP packet identifiers.
identifiers are acquired and formatted, therefore the contents of the
IDENTIFIERS attribute is opaque. Each protocol has to define how these identifiers are acquired and
formatted, therefore the contents of the IDENTIFIERS attribute is
opaque.
6.2. PMTUD-SUPPORTED 6.2. PMTUD-SUPPORTED
The PMTUD-SUPPORTED attribute indicates that its sender supports this The PMTUD-SUPPORTED attribute indicates that its sender supports this
specification. This attribute is empty. specification. This attribute has no value part and thus the
attribute length field is 0.
7. Security Considerations 7. Security Considerations
The PMTUD mechanism described in this document does not introduce any The PMTUD mechanism described in this document does not introduce any
specific security considerations beyond those described in [RFC4821]. specific security considerations beyond those described in [RFC4821].
The attacks described in Section 11 of [RFC4821] apply equally to the The attacks described in Section 11 of [RFC4821] apply equally to the
mechanism described in this document. mechanism described in this document.
The Simple Probing mechanism may be used without authentication The Simple Probing mechanism may be used without authentication
skipping to change at page 12, line 31 skipping to change at page 13, line 31
[RFC5780] MacDonald, D. and B. Lowekamp, "NAT Behavior Discovery [RFC5780] MacDonald, D. and B. Lowekamp, "NAT Behavior Discovery
Using Session Traversal Utilities for NAT (STUN)", Using Session Traversal Utilities for NAT (STUN)",
RFC 5780, DOI 10.17487/RFC5780, May 2010, RFC 5780, DOI 10.17487/RFC5780, May 2010,
<http://www.rfc-editor.org/info/rfc5780>. <http://www.rfc-editor.org/info/rfc5780>.
Appendix A. Release Notes Appendix A. Release Notes
This section must be removed before publication as an RFC. This section must be removed before publication as an RFC.
A.1. Modifications between draft-ietf-tram-stun-pmtud-03 and draft- A.1. Modifications between draft-ietf-tram-stun-pmtud-04 and draft-
ietf-tram-stun-pmtud-03
o Modifications following Simon Perreault and Brandon Williams
reviews.
A.2. Modifications between draft-ietf-tram-stun-pmtud-03 and draft-
ietf-tram-stun-pmtud-02 ietf-tram-stun-pmtud-02
o Add new Overview of Operations secion with ladder diagrams. o Add new Overview of Operations section with ladder diagrams.
o Authentication is mandatory for the Complete Probing mechanism, o Authentication is mandatory for the Complete Probing mechanism,
optional for the Simple Probing mechanism. optional for the Simple Probing mechanism.
o All the ICE specific text moves to a separate draft to be o All the ICE specific text moves to a separate draft to be
discussed in the ICE WG. discussed in the ICE WG.
o The TURN usage is removed because probing between a TURN server o The TURN usage is removed because probing between a TURN server
and TURN client is not useful. and TURN client is not useful.
skipping to change at page 13, line 26 skipping to change at page 14, line 33
o Each usage of this specification must the format of the o Each usage of this specification must the format of the
IDENTIFIERS attribute contents. IDENTIFIERS attribute contents.
o Better define the implicit signaling mechanism. o Better define the implicit signaling mechanism.
o Extend the Security Consideration section. o Extend the Security Consideration section.
o Tons of nits. o Tons of nits.
A.2. Modifications between draft-ietf-tram-stun-pmtud-02 and draft- A.3. Modifications between draft-ietf-tram-stun-pmtud-02 and draft-
ietf-tram-stun-pmtud-01 ietf-tram-stun-pmtud-01
o Cleaned up references. o Cleaned up references.
A.3. Modifications between draft-ietf-tram-stun-pmtud-01 and draft- A.4. Modifications between draft-ietf-tram-stun-pmtud-01 and draft-
ietf-tram-stun-pmtud-00 ietf-tram-stun-pmtud-00
o Added Security Considerations Section. o Added Security Considerations Section.
o Added IANA Considerations Section. o Added IANA Considerations Section.
A.4. Modifications between draft-ietf-tram-stun-pmtud-00 and draft- A.5. Modifications between draft-ietf-tram-stun-pmtud-00 and draft-
petithuguenin-tram-stun-pmtud-01 petithuguenin-tram-stun-pmtud-01
o Adopted by WG - Text unchanged. o Adopted by WG - Text unchanged.
A.5. Modifications between draft-petithuguenin-tram-stun-pmtud-01 and A.6. Modifications between draft-petithuguenin-tram-stun-pmtud-01 and
draft-petithuguenin-tram-stun-pmtud-00 draft-petithuguenin-tram-stun-pmtud-00
o Moved some Introduction text to the Probing Mechanism section. o Moved some Introduction text to the Probing Mechanism section.
o Added cross-reference to the other two STUN troubleshooting o Added cross-reference to the other two STUN troubleshooting
mechanism drafts. mechanism drafts.
o Updated references. o Updated references.
o Added Gonzalo Salgueiro as co-author. o Added Gonzalo Salgueiro as co-author.
A.6. Modifications between draft-petithuguenin-tram-stun-pmtud-00 and A.7. Modifications between draft-petithuguenin-tram-stun-pmtud-00 and
draft-petithuguenin-behave-stun-pmtud-03 draft-petithuguenin-behave-stun-pmtud-03
o General refresh for republication. o General refresh for republication.
A.7. Modifications between draft-petithuguenin-behave-stun-pmtud-03 and A.8. Modifications between draft-petithuguenin-behave-stun-pmtud-03 and
draft-petithuguenin-behave-stun-pmtud-02 draft-petithuguenin-behave-stun-pmtud-02
o Changed author address. o Changed author address.
o Changed the IPR to trust200902. o Changed the IPR to trust200902.
A.8. Modifications between draft-petithuguenin-behave-stun-pmtud-02 and A.9. Modifications between draft-petithuguenin-behave-stun-pmtud-02 and
draft-petithuguenin-behave-stun-pmtud-01 draft-petithuguenin-behave-stun-pmtud-01
o Defined checksum and sequential numbers as possible packet o Defined checksum and sequential numbers as possible packet
identifiers. identifiers.
o Updated the reference to RFC 5389 o Updated the reference to RFC 5389
o The FINGERPRINT attribute is now mandatory. o The FINGERPRINT attribute is now mandatory.
o Changed the delay between Probe indication and Report request to o Changed the delay between Probe indication and Report request to
be RTO/2 or 50 milliseconds. be RTO/2 or 50 milliseconds.
o Added ICMP packet processing. o Added ICMP packet processing.
o Added Full-Stop Timeout detection. o Added Full-Stop Timeout detection.
o Stated that Binding request with PMTUD-SUPPORTED does not start o Stated that Binding request with PMTUD-SUPPORTED does not start
the PMTUD process if already started. the PMTUD process if already started.
A.9. Modifications between draft-petithuguenin-behave-stun-pmtud-01 and A.10. Modifications between draft-petithuguenin-behave-stun-pmtud-01
draft-petithuguenin-behave-stun-pmtud-00 and draft-petithuguenin-behave-stun-pmtud-00
o Removed the use of modified STUN transaction but shorten the o Removed the use of modified STUN transaction but shorten the
retransmission for the simple probing mechanism. retransmission for the simple probing mechanism.
o Added a complete probing mechanism. o Added a complete probing mechanism.
o Removed the PADDING-RECEIVED attribute. o Removed the PADDING-RECEIVED attribute.
o Added release notes. o Added release notes.
Acknowledgements Acknowledgements
Thanks to Eilon Yardeni, Geir Sandbakken, Paal-Erik Martinsen, Thanks to Eilon Yardeni, Geir Sandbakken, Paal-Erik Martinsen,
Tirumaleswar Reddy, and Ram Mohan R for their review comments, Tirumaleswar Reddy, Ram Mohan R, Simon Perreault, and Brandon
suggestions and questions that helped to improve this document. Williams for their review comments, suggestions and questions that
helped to improve this document.
Special thanks to Dan Wing, who supported this document since its Special thanks to Dan Wing, who supported this document since its
first publication back in 2008. first publication back in 2008.
Authors' Addresses Authors' Addresses
Marc Petit-Huguenin Marc Petit-Huguenin
Impedance Mismatch Impedance Mismatch
Email: marc@petit-huguenin.org Email: marc@petit-huguenin.org
 End of changes. 49 change blocks. 
156 lines changed or deleted 197 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/