draft-ietf-tram-stun-pmtud-13.txt   draft-ietf-tram-stun-pmtud-14.txt 
TRAM M. Petit-Huguenin TRAM M. Petit-Huguenin
Internet-Draft Impedance Mismatch Internet-Draft Impedance Mismatch
Intended status: Standards Track G. Salgueiro Intended status: Standards Track G. Salgueiro
Expires: March 13, 2020 F. Garrido Expires: May 7, 2020 F. Garrido
Cisco Cisco
September 10, 2019 November 4, 2019
Path MTU Discovery Using Session Traversal Utilities for NAT (STUN) Path MTU Discovery Using Session Traversal Utilities for NAT (STUN)
draft-ietf-tram-stun-pmtud-13 draft-ietf-tram-stun-pmtud-14
Abstract Abstract
This document describes a Session Traversal Utilities for NAT (STUN) This document describes a Session Traversal Utilities for NAT (STUN)
Usage for Path MTU Discovery (PMTUD) between a client and a server. Usage for Path MTU Discovery (PMTUD) between a client and a server.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
skipping to change at page 1, line 33 skipping to change at page 1, line 33
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 13, 2020. This Internet-Draft will expire on May 7, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 13 skipping to change at page 2, line 13
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Overview of Operations . . . . . . . . . . . . . . . . . . . 4 2. Overview of Operations . . . . . . . . . . . . . . . . . . . 4
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Probing Mechanisms . . . . . . . . . . . . . . . . . . . . . 5 4. Probing Mechanisms . . . . . . . . . . . . . . . . . . . . . 5
4.1. Simple Probing Mechanism . . . . . . . . . . . . . . . . 6 4.1. Simple Probing Mechanism . . . . . . . . . . . . . . . . 6
4.1.1. Sending a Probe Request . . . . . . . . . . . . . . . 6 4.1.1. Sending a Probe Request . . . . . . . . . . . . . . . 6
4.1.2. Receiving a Probe Request . . . . . . . . . . . . . . 6 4.1.2. Receiving a Probe Request . . . . . . . . . . . . . . 7
4.1.3. Receiving a Probe Response . . . . . . . . . . . . . 7 4.1.3. Receiving a Probe Response . . . . . . . . . . . . . 7
4.2. Complete Probing Mechanism . . . . . . . . . . . . . . . 7 4.2. Complete Probing Mechanism . . . . . . . . . . . . . . . 7
4.2.1. Sending a Probe Indications and Report Request . . . 8 4.2.1. Sending a Probe Indications and Report Request . . . 8
4.2.2. Receiving an ICMP Packet . . . . . . . . . . . . . . 8 4.2.2. Receiving an ICMP Packet . . . . . . . . . . . . . . 8
4.2.3. Receiving a Probe Indication and Report Request . . . 8 4.2.3. Receiving a Probe Indication and Report Request . . . 8
4.2.4. Receiving a Report Response . . . . . . . . . . . . . 9 4.2.4. Receiving a Report Response . . . . . . . . . . . . . 9
4.2.5. Using Checksums as Packet Identifiers . . . . . . . . 9 4.2.5. Using Checksums as Packet Identifiers . . . . . . . . 9
4.2.6. Using Sequence Numbers as Packet Identifiers . . . . 10 4.2.6. Using Sequence Numbers as Packet Identifiers . . . . 10
5. Probe Support Signaling Mechanisms . . . . . . . . . . . . . 10 5. Probe Support Signaling Mechanisms . . . . . . . . . . . . . 11
5.1. Explicit Probe Support Signaling Mechanism . . . . . . . 11 5.1. Explicit Probe Support Signaling Mechanism . . . . . . . 11
5.2. Implicit Probe Support Signaling Mechanism . . . . . . . 11 5.2. Implicit Probe Support Signaling Mechanism . . . . . . . 11
6. STUN Attributes . . . . . . . . . . . . . . . . . . . . . . . 11 6. STUN Attributes . . . . . . . . . . . . . . . . . . . . . . . 12
6.1. IDENTIFIERS . . . . . . . . . . . . . . . . . . . . . . . 12 6.1. IDENTIFIERS . . . . . . . . . . . . . . . . . . . . . . . 12
6.2. PMTUD-SUPPORTED . . . . . . . . . . . . . . . . . . . . . 12 6.2. PMTUD-SUPPORTED . . . . . . . . . . . . . . . . . . . . . 12
6.3. PADDING . . . . . . . . . . . . . . . . . . . . . . . . . 12 6.3. PADDING . . . . . . . . . . . . . . . . . . . . . . . . . 12
7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
8.1. New STUN Methods . . . . . . . . . . . . . . . . . . . . 13 8.1. New STUN Methods . . . . . . . . . . . . . . . . . . . . 13
8.2. New STUN Attributes . . . . . . . . . . . . . . . . . . . 13 8.2. New STUN Attributes . . . . . . . . . . . . . . . . . . . 13
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
9.1. Normative References . . . . . . . . . . . . . . . . . . 14 9.1. Normative References . . . . . . . . . . . . . . . . . . 14
9.2. Informative References . . . . . . . . . . . . . . . . . 14 9.2. Informative References . . . . . . . . . . . . . . . . . 14
Appendix A. Release Notes . . . . . . . . . . . . . . . . . . . 15 Appendix A. Release Notes . . . . . . . . . . . . . . . . . . . 15
A.1. Modifications between draft-ietf-tram-stun-pmtud-13 and A.1. Modifications between draft-ietf-tram-stun-pmtud-14 and
draft-ietf-tram-stun-pmtud-13 . . . . . . . . . . . . . . 15
A.2. Modifications between draft-ietf-tram-stun-pmtud-13 and
draft-ietf-tram-stun-pmtud-12 . . . . . . . . . . . . . . 15 draft-ietf-tram-stun-pmtud-12 . . . . . . . . . . . . . . 15
A.2. Modifications between draft-ietf-tram-stun-pmtud-12 and A.3. Modifications between draft-ietf-tram-stun-pmtud-12 and
draft-ietf-tram-stun-pmtud-11 . . . . . . . . . . . . . . 15 draft-ietf-tram-stun-pmtud-11 . . . . . . . . . . . . . . 15
A.3. Modifications between draft-ietf-tram-stun-pmtud-11 and A.4. Modifications between draft-ietf-tram-stun-pmtud-11 and
draft-ietf-tram-stun-pmtud-10 . . . . . . . . . . . . . . 15 draft-ietf-tram-stun-pmtud-10 . . . . . . . . . . . . . . 15
A.4. Modifications between draft-ietf-tram-stun-pmtud-10 and A.5. Modifications between draft-ietf-tram-stun-pmtud-10 and
draft-ietf-tram-stun-pmtud-09 . . . . . . . . . . . . . . 15 draft-ietf-tram-stun-pmtud-09 . . . . . . . . . . . . . . 15
A.5. Modifications between draft-ietf-tram-stun-pmtud-09 and A.6. Modifications between draft-ietf-tram-stun-pmtud-09 and
draft-ietf-tram-stun-pmtud-08 . . . . . . . . . . . . . . 15 draft-ietf-tram-stun-pmtud-08 . . . . . . . . . . . . . . 15
A.6. Modifications between draft-ietf-tram-stun-pmtud-08 and A.7. Modifications between draft-ietf-tram-stun-pmtud-08 and
draft-ietf-tram-stun-pmtud-07 . . . . . . . . . . . . . . 15 draft-ietf-tram-stun-pmtud-07 . . . . . . . . . . . . . . 16
A.7. Modifications between draft-ietf-tram-stun-pmtud-07 and A.8. Modifications between draft-ietf-tram-stun-pmtud-07 and
draft-ietf-tram-stun-pmtud-06 . . . . . . . . . . . . . . 16 draft-ietf-tram-stun-pmtud-06 . . . . . . . . . . . . . . 16
A.8. Modifications between draft-ietf-tram-stun-pmtud-06 and
draft-ietf-tram-stun-pmtud-05 . . . . . . . . . . . . . . 16
A.9. Modifications between draft-ietf-tram-stun-pmtud-05 and A.9. Modifications between draft-ietf-tram-stun-pmtud-06 and
draft-ietf-tram-stun-pmtud-05 . . . . . . . . . . . . . . 16
A.10. Modifications between draft-ietf-tram-stun-pmtud-05 and
draft-ietf-tram-stun-pmtud-04 . . . . . . . . . . . . . . 16 draft-ietf-tram-stun-pmtud-04 . . . . . . . . . . . . . . 16
A.10. Modifications between draft-ietf-tram-stun-pmtud-04 and A.11. Modifications between draft-ietf-tram-stun-pmtud-04 and
draft-ietf-tram-stun-pmtud-03 . . . . . . . . . . . . . . 16 draft-ietf-tram-stun-pmtud-03 . . . . . . . . . . . . . . 16
A.11. Modifications between draft-ietf-tram-stun-pmtud-03 and A.12. Modifications between draft-ietf-tram-stun-pmtud-03 and
draft-ietf-tram-stun-pmtud-02 . . . . . . . . . . . . . . 16 draft-ietf-tram-stun-pmtud-02 . . . . . . . . . . . . . . 16
A.12. Modifications between draft-ietf-tram-stun-pmtud-02 and A.13. Modifications between draft-ietf-tram-stun-pmtud-02 and
draft-ietf-tram-stun-pmtud-01 . . . . . . . . . . . . . . 17 draft-ietf-tram-stun-pmtud-01 . . . . . . . . . . . . . . 17
A.13. Modifications between draft-ietf-tram-stun-pmtud-01 and A.14. Modifications between draft-ietf-tram-stun-pmtud-01 and
draft-ietf-tram-stun-pmtud-00 . . . . . . . . . . . . . . 17 draft-ietf-tram-stun-pmtud-00 . . . . . . . . . . . . . . 17
A.14. Modifications between draft-ietf-tram-stun-pmtud-00 and A.15. Modifications between draft-ietf-tram-stun-pmtud-00 and
draft-petithuguenin-tram-stun-pmtud-01 . . . . . . . . . 17 draft-petithuguenin-tram-stun-pmtud-01 . . . . . . . . . 17
A.15. Modifications between draft-petithuguenin-tram-stun-
pmtud-01 and draft-petithuguenin-tram-stun-pmtud-00 . . . 17
A.16. Modifications between draft-petithuguenin-tram-stun- A.16. Modifications between draft-petithuguenin-tram-stun-
pmtud-01 and draft-petithuguenin-tram-stun-pmtud-00 . . . 17
A.17. Modifications between draft-petithuguenin-tram-stun-
pmtud-00 and draft-petithuguenin-behave-stun-pmtud-03 . . 18 pmtud-00 and draft-petithuguenin-behave-stun-pmtud-03 . . 18
A.17. Modifications between draft-petithuguenin-behave-stun-
pmtud-03 and draft-petithuguenin-behave-stun-pmtud-02 . . 18
A.18. Modifications between draft-petithuguenin-behave-stun- A.18. Modifications between draft-petithuguenin-behave-stun-
pmtud-02 and draft-petithuguenin-behave-stun-pmtud-01 . . 18 pmtud-03 and draft-petithuguenin-behave-stun-pmtud-02 . . 18
A.19. Modifications between draft-petithuguenin-behave-stun- A.19. Modifications between draft-petithuguenin-behave-stun-
pmtud-02 and draft-petithuguenin-behave-stun-pmtud-01 . . 18
A.20. Modifications between draft-petithuguenin-behave-stun-
pmtud-01 and draft-petithuguenin-behave-stun-pmtud-00 . . 18 pmtud-01 and draft-petithuguenin-behave-stun-pmtud-00 . . 18
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 19 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19
1. Introduction 1. Introduction
The Packetization Layer Path MTU Discovery (PMTUD) specification The Packetization Layer Path MTU Discovery (PMTUD) specification
[RFC4821] describes a method to discover the Path MTU but does not [RFC4821] describes a method to discover the Path MTU but does not
describe a practical protocol to do so with UDP. describe a practical protocol to do so with UDP.
skipping to change at page 4, line 9 skipping to change at page 4, line 10
variety of technologies. variety of technologies.
Complementary techniques can be used to discover additional network Complementary techniques can be used to discover additional network
characteristics, such as the network path (using the STUN Traceroute characteristics, such as the network path (using the STUN Traceroute
mechanism described in [I-D.martinsen-tram-stuntrace]) and bandwidth mechanism described in [I-D.martinsen-tram-stuntrace]) and bandwidth
availability (using the mechanism described in availability (using the mechanism described in
[I-D.martinsen-tram-turnbandwidthprobe]). [I-D.martinsen-tram-turnbandwidthprobe]).
2. Overview of Operations 2. Overview of Operations
This section is meant to be informative only. It is not intended as This section is meant to be informative only and is not intended as a
a replacement for [RFC4821]. substitute for [RFC4821].
A UDP endpoint that uses this specification to discover the Path MTU A UDP endpoint that uses this specification to discover the Path MTU
over UDP and knows that the endpoint it is communicating with also over UDP and knows that the endpoint it is communicating with also
supports this specification can choose to use either the Simple supports this specification can choose to use either the Simple
Probing mechanism (as described in Section 4.1) or the Complete Probing mechanism (as described in Section 4.1) or the Complete
Probing mechanism (as described in Section 4.2). The selection of Probing mechanism (as described in Section 4.2). The selection of
which Probing Mechanism to use is dependent on performance and which Probing Mechanism to use is dependent on performance and
security and complexity trade-offs. security and complexity trade-offs.
If the Simple Probing mechanism is chosen, then the Client initiates If the Simple Probing mechanism is chosen, then the Client initiates
Probe transactions, as shown in Figure 1, which increase in size Probe transactions, as shown in Figure 1, which decrease in size
until transactions timeout, indicating that the Path MTU has been until transactions succeed, indicating that the Path MTU has been
exceeded. It then uses that information to update the Path MTU. established. It then uses that information to update the Path MTU.
Client Server Client Server
| | | |
| Probe Request | | Probe Request |
|---------------->| |---------------->|
| | | |
| Probe Response | | Probe Response |
|<----------------| |<----------------|
| | | |
skipping to change at page 5, line 40 skipping to change at page 5, line 42
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119][RFC8174] when, and only when, they appear in all 14 [RFC2119][RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
4. Probing Mechanisms 4. Probing Mechanisms
The Probing mechanism is used to discover the Path MTU in one The Probing mechanism is used to discover the Path MTU in one
direction only: from the client to the server. direction only: from the client to the server. Both endpoints MAY
behave as a client and a server to achieve bi-directional path
discovery.
Two Probing mechanisms are described: a Simple Probing mechanism and Two Probing mechanisms are described: a Simple Probing mechanism and
a more complete mechanism that can converge more quickly and find an a more complete mechanism that can converge more quickly and find an
appropriate Path MTU in the presence of congestion. Additionally, appropriate Path MTU in the presence of congestion. Additionally,
the Simple Probing mechanism does not require authentication except the Simple Probing mechanism does not require authentication except
where used as an implicit signaling mechanism, whereas the complete where used as an implicit signaling mechanism, whereas the complete
mechanism does. mechanism does.
Implementations supporting this specification MUST implement the Implementations supporting this specification MUST implement the
server side of both the Simple Probing mechanism (Section 4.1) and server side of both the Simple Probing mechanism (Section 4.1) and
skipping to change at page 6, line 20 skipping to change at page 6, line 24
The Simple Probing mechanism is implemented by sending a Probe The Simple Probing mechanism is implemented by sending a Probe
Request with a PADDING attribute over UDP with the DF bit set in the Request with a PADDING attribute over UDP with the DF bit set in the
IP header for IPv4 packets and IPv6 packets without the Fragment IP header for IPv4 packets and IPv6 packets without the Fragment
Header included. A router on the path to the server can reject each Header included. A router on the path to the server can reject each
request with an ICMP message or drop it. request with an ICMP message or drop it.
4.1.1. Sending a Probe Request 4.1.1. Sending a Probe Request
A client forms a Probe Request by using the Probe Method and A client forms a Probe Request by using the Probe Method and
following the rules in Section 7.1 of [RFC5389]. following the rules in Section 6.1 of [I-D.ietf-tram-stunbis].
The Probe transaction MUST be authenticated if the Simple Probing The Probe transaction MUST be authenticated if the Simple Probing
mechanism is used in conjunction with the Implicit Probing Support mechanism is used in conjunction with the Implicit Probing Support
mechanism described in Section 5.2. If not, the Probe transaction mechanism described in Section 5.2. If not, the Probe transaction
MAY be authenticated. MAY be authenticated.
The client adds a PADDING attribute with a length that, when added to The client adds a PADDING attribute with a length that, when added to
the IP and UDP headers and the other STUN components, is equal to the the IP and UDP headers and the other STUN components, is equal to the
Selected Probe Size, as defined in [RFC4821] Section 7.3. The Selected Probe Size, as defined in [RFC4821] Section 7.3. The
PADDING bits SHOULD be set to zero. The client MUST add the PADDING bits SHOULD be set to zero. The client MUST add the
FINGERPRINT attribute so the STUN messages are disambiguated from the FINGERPRINT attribute so the STUN messages are disambiguated from the
other protocol packets. other protocol packets as specified in Section 7 of
[I-D.ietf-tram-stunbis].
Then the client sends the Probe Request to the server over UDP with Then the client sends the Probe Request to the server over UDP with
the DF bit set for IPv4 packets and IPv6 packets without the Fragment the DF bit set for IPv4 packets and IPv6 packets without the Fragment
Header included. For the purpose of this transaction, the Rc Header included. For the purpose of this transaction, the Rc
parameter specified in Section 7.2.1 of [RFC5389] is set to 3. The parameter specified in Section 6.2.1 of [I-D.ietf-tram-stunbis] is
initial value for RTO stays at 500 ms. set to 3. The initial value for RTO stays at 500 ms.
A client MUST NOT send a probe if it does not have knowledge that the A client MUST NOT send a probe if it does not have knowledge that the
server supports this specification. This is done either by external server supports this specification. This is done either by external
signalling or by a mechanism specific to the UDP protocol to which signalling or by a mechanism specific to the UDP protocol to which
PMTUD capabilities are added or by one of the mechanisms specified in PMTUD capabilities are added or by one of the mechanisms specified in
Section 5. Section 5.
4.1.2. Receiving a Probe Request 4.1.2. Receiving a Probe Request
A server receiving a Probe Request MUST process it as specified in A server receiving a Probe Request MUST process it as specified in
[RFC5389]. [I-D.ietf-tram-stunbis].
The server then creates a Probe Response. The server MUST add the The server then creates a Probe Response. The server MUST add the
FINGERPRINT attribute so the STUN messages are disambiguated from the FINGERPRINT attribute so the STUN messages are disambiguated from the
other protocol packets. The server then sends the response to the other protocol packets as specified in Section 7 of
[I-D.ietf-tram-stunbis]. The server then sends the response to the
client. client.
4.1.3. Receiving a Probe Response 4.1.3. Receiving a Probe Response
A client receiving a Probe Response MUST process it as specified in A client receiving a Probe Response MUST process it as specified in
[RFC5389] and MUST ignore the PADDING attribute. If a response is section 6.3.1 of [I-D.ietf-tram-stunbis] and MUST ignore the PADDING
received this is interpreted as a Probe Success, as defined in attribute. If a response is received this is interpreted as a Probe
[RFC4821] Section 7.6.1. If an ICMP packet "Fragmentation needed" or Success, as defined in [RFC4821] Section 7.6.1. If an ICMP packet
"Packet Too Big" is received then this is interpreted as a Probe "Fragmentation needed" or "Packet Too Big" is received then this is
Failure, as defined in [RFC4821] Section 7.6.2. If the Probe interpreted as a Probe Failure, as defined in [RFC4821]
transaction times out, then this is interpreted as a Probe Section 7.6.2. If the Probe transaction times out, then this is
Inconclusive, as defined in [RFC4821] Section 7.6.4. interpreted as a Probe Inconclusive, as defined in [RFC4821]
Section 7.6.4.
4.2. Complete Probing Mechanism 4.2. Complete Probing Mechanism
The Complete Probing mechanism is implemented by sending one or more The Complete Probing mechanism is implemented by sending one or more
Probe Indications with a PADDING attribute over UDP with the DF bit Probe Indications with a PADDING attribute over UDP with the DF bit
set in the IP header for IPv4 packets and IPv6 packets without the set in the IP header for IPv4 packets and IPv6 packets without the
Fragment Header included followed by a Report Request to the same Fragment Header included followed by a Report Request to the same
server. A router on the path to the server can reject this server. A router on the path to the server can reject this
Indication with an ICMP message or drop it. The server keeps a Indication with an ICMP message or drop it. The server keeps a
chronologically ordered list of identifiers for all packets received chronologically ordered list of identifiers for all packets received
skipping to change at page 8, line 8 skipping to change at page 8, line 15
list to its own list of checksums. list to its own list of checksums.
In the second packet identification mechanism, the client prepends In the second packet identification mechanism, the client prepends
the UDP data with a header that provides a sequence number. The the UDP data with a header that provides a sequence number. The
server sends back the chronologically ordered list of sequence server sends back the chronologically ordered list of sequence
numbers received that the client then compares with its own list. numbers received that the client then compares with its own list.
4.2.1. Sending a Probe Indications and Report Request 4.2.1. Sending a Probe Indications and Report Request
A client forms a Probe Indication by using the Probe Method and A client forms a Probe Indication by using the Probe Method and
following the rules in [RFC5389] Section 7.1. The client adds to a following the rules in [I-D.ietf-tram-stunbis] Section 6.1. The
Probe Indication a PADDING attribute with a size that, when added to client adds to a Probe Indication a PADDING attribute with a size
the IP and UDP headers and the other STUN components, is equal to the that, when added to the IP and UDP headers and the other STUN
Selected Probe Size, as defined in [RFC4821] Section 7.3. The components, is equal to the Selected Probe Size, as defined in
PADDING bits SHOULD be set to zero. If the authentication mechanism [RFC4821] Section 7.3. The PADDING bits SHOULD be set to zero. If
permits it, then the Indication MUST be authenticated. The client the authentication mechanism permits it, then the Indication MUST be
MUST add the FINGERPRINT attribute so the STUN messages are authenticated. The client MUST add the FINGERPRINT attribute so the
disambiguated from the other protocol packets. STUN messages are disambiguated from the other protocol packets.
Then the client sends a Probe Indication to the server over UDP with Then the client sends a Probe Indication to the server over UDP with
the DF bit set for IPv4 packets and IPv6 packets without the Fragment the DF bit set for IPv4 packets and IPv6 packets without the Fragment
Header included. Header included.
Then the client forms a Report Request by following the rules in Then the client forms a Report Request by following the rules in
[RFC5389] Section 7.1. The Report transaction MUST be authenticated [I-D.ietf-tram-stunbis] Section 6.1. The Report transaction MUST be
to prevent amplification attacks. The client MUST add the authenticated to prevent amplification attacks. The client MUST add
FINGERPRINT attribute so the STUN messages are disambiguated from the the FINGERPRINT attribute so the STUN messages are disambiguated from
other protocol packets. the other protocol packets.
Then the client waits half the RTO after sending the last Probe Then the client waits half the RTO after sending the last Probe
Indication and then sends the Report Request to the server over UDP. Indication and then sends the Report Request to the server over UDP.
4.2.2. Receiving an ICMP Packet 4.2.2. Receiving an ICMP Packet
If an ICMP packet "Fragmentation needed" or "Packet Too Big" is If an ICMP packet "Fragmentation needed" or "Packet Too Big" is
received then this is interpreted as a Probe Failure, as defined in received then this is interpreted as a Probe Failure, as defined in
[RFC4821] Section 7.5. [RFC4821] Section 7.5.
4.2.3. Receiving a Probe Indication and Report Request 4.2.3. Receiving a Probe Indication and Report Request
A server supporting this specification will keep the identifiers of A server supporting this specification will keep the identifiers of
all packets received in a chronologically ordered list. The packets all packets received in a chronologically ordered list. The packets
that are to be associated to a given flow's identifier are selected that are to be associated to a given flow's identifier are selected
according to Section 5.2 of [RFC4821]. The same identifier can according to Section 5.2 of [RFC4821]. The same identifier can
appear multiple times in the list because of retransmissions. The appear multiple times in the list because of retransmissions. The
maximum size of this list is calculated such that when the list is maximum size of this list is calculated such that when the list is
added to the Report Response, the total size of the packet does not added to the Report Response, the total size of the packet does not
exceed the unknown Path MTU, as defined in [RFC5389] Section 7.1. exceed the unknown Path MTU, as defined in [I-D.ietf-tram-stunbis]
Older identifiers are removed when new identifiers are added to a Section 6.1. Older identifiers are removed when new identifiers are
list that is already full. added to a list that is already full.
A server receiving a Report Request MUST process it as specified in A server receiving a Report Request MUST process it as specified in
[RFC5389] and MUST ignore the PADDING attribute. [I-D.ietf-tram-stunbis] and MUST ignore the PADDING attribute.
The server creates a Report Response and adds an IDENTIFIERS The server creates a Report Response and adds an IDENTIFIERS
attribute that contains the chronologically ordered list of all attribute that contains the chronologically ordered list of all
identifiers received so far. The server MUST add the FINGERPRINT identifiers received so far. The server MUST add the FINGERPRINT
attribute. The server then sends the response to the client. attribute. The server then sends the response to the client.
The exact content of the IDENTIFIERS attribute depends on what type The exact content of the IDENTIFIERS attribute depends on what type
of identifiers have been chosen for the protocol. Each protocol of identifiers have been chosen for the protocol. Each protocol
adding PMTUD capabilities as specified by this specification MUST adding PMTUD capabilities as specified by this specification MUST
describe the format of the contents of the IDENTIFIERS attribute, describe the format of the contents of the IDENTIFIERS attribute,
unless it is using one of the formats described in this unless it is using one of the formats described in this
specification. See Section 6.1 for details about the IDENTIFIERS specification. See Section 6.1 for details about the IDENTIFIERS
attribute. attribute.
4.2.4. Receiving a Report Response 4.2.4. Receiving a Report Response
A client receiving a Report Response processes it as specified in A client receiving a Report Response processes it as specified in
[RFC5389]. If the response IDENTIFIERS attribute contains the [I-D.ietf-tram-stunbis]. If the response IDENTIFIERS attribute
identifier of a Probe Indication, then this is interpreted as a Probe contains the identifier of a Probe Indication, then this is
Success for this probe, as defined in [RFC4821] Section 7.5. If a interpreted as a Probe Success for this probe, as defined in
Probe Indication identifier cannot be found in the Report Response, [RFC4821] Section 7.5. If a Probe Indication identifier cannot be
this is interpreted as a Probe Failure, as defined in [RFC4821] found in the Report Response, this is interpreted as a Probe Failure,
Section 7.5. If a Probe Indication identifier cannot be found in the as defined in [RFC4821] Section 7.5. If a Probe Indication
Report Response but identifiers for other packets sent before or identifier cannot be found in the Report Response but identifiers for
after the Probe Indication can all be found, this is interpreted as a other packets sent before or after the Probe Indication can all be
Probe Failure as defined in [RFC4821] Section 7.5. If the Report found, this is interpreted as a Probe Failure as defined in [RFC4821]
Transaction times out, this is interpreted as a Full-Stop Timeout, as Section 7.5. If the Report Transaction times out, this is
defined in [RFC4821] Section 3. interpreted as a Full-Stop Timeout, as defined in [RFC4821]
Section 3.
4.2.5. Using Checksums as Packet Identifiers 4.2.5. Using Checksums as Packet Identifiers
When using a checksum as a packet identifier, the client keeps a When using a checksum as a packet identifier, the client keeps a
chronologically ordered list of the packets it transmits, along with chronologically ordered list of the packets it transmits, along with
an associated checksum value. For STUN Probe Indication or Request an associated checksum value. For STUN Probe Indication or Request
packets, the associated checksum value is the FINGERPRINT value from packets, the associated checksum value is the FINGERPRINT value from
the packet; for other packets a checksum value is computed using a the packet; for other packets a checksum value is computed using a
similar algorithm to the FINGERPRINT calculation. (i.e., the CRC-32 similar algorithm to the FINGERPRINT calculation. (i.e., the CRC-32
calculated per the algorithm defined in [ITU.V42.2002], such as calculated per the algorithm defined in [ITU.V42.2002], such as
skipping to change at page 13, line 4 skipping to change at page 13, line 11
The attacks described in Section 11 of [RFC4821] apply equally to the The attacks described in Section 11 of [RFC4821] apply equally to the
mechanism described in this document. mechanism described in this document.
The amplification attacks introduced by the signalling mechanism The amplification attacks introduced by the signalling mechanism
described in Section 5.1 can be prevented by using one of the described in Section 5.1 can be prevented by using one of the
techniques described in that section. techniques described in that section.
The Simple Probing mechanism may be used without authentication The Simple Probing mechanism may be used without authentication
because this usage by itself cannot trigger an amplification attack because this usage by itself cannot trigger an amplification attack
as the Probe Response is smaller than the Probe Request. An as the Probe Response is smaller than the Probe Request except when
unauthenticated Simple Probing mechanism cannot be used in used in conjunction with the Implicit Probing Support Signaling
conjunction with the Implicit Probing Support Signaling mechanism in mechanism.
order to prevent amplification attacks.
8. IANA Considerations 8. IANA Considerations
This specification defines two new STUN methods and two new STUN This specification defines two new STUN methods and two new STUN
attributes. attributes.
8.1. New STUN Methods 8.1. New STUN Methods
IANA is requested to add the following methods to the STUN Method IANA is requested to add the following methods to the STUN Method
Registry: Registry:
skipping to change at page 14, line 9 skipping to change at page 14, line 9
NOTE: TO BE DELETED BEFORE PUBLICATION. PLEASE NOTE THAT THE PADDING NOTE: TO BE DELETED BEFORE PUBLICATION. PLEASE NOTE THAT THE PADDING
ATTRIBUTE ENTRY IS REPLACING THE ENTRY MADE BY RFC5780 ATTRIBUTE ENTRY IS REPLACING THE ENTRY MADE BY RFC5780
(EXPERIMENTAL). THE SAME VALUE AND NAME ARE USED BUT THE REFERENCE (EXPERIMENTAL). THE SAME VALUE AND NAME ARE USED BUT THE REFERENCE
SHOULD BE CHANGED TO THIS STANDARDS TRACK DOCUMENT. SHOULD BE CHANGED TO THIS STANDARDS TRACK DOCUMENT.
9. References 9. References
9.1. Normative References 9.1. Normative References
[I-D.ietf-tram-stunbis]
Petit-Huguenin, M., Salgueiro, G., Rosenberg, J., Wing,
D., Mahy, R., and P. Matthews, "Session Traversal
Utilities for NAT (STUN)", draft-ietf-tram-stunbis-21
(work in progress), March 2019.
[ITU.V42.2002] [ITU.V42.2002]
International Telecommunications Union, "Error-correcting International Telecommunications Union, "Error-correcting
Procedures for DCEs Using Asynchronous-to-Synchronous Procedures for DCEs Using Asynchronous-to-Synchronous
Conversion", ITU-T Recommendation V.42, 2002. Conversion", ITU-T Recommendation V.42, 2002.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
[RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU [RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU
Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007, Discovery", RFC 4821, DOI 10.17487/RFC4821, March 2007,
<http://www.rfc-editor.org/info/rfc4821>. <http://www.rfc-editor.org/info/rfc4821>.
[RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. Wing,
"Session Traversal Utilities for NAT (STUN)", RFC 5389,
DOI 10.17487/RFC5389, October 2008,
<http://www.rfc-editor.org/info/rfc5389>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <http://www.rfc-editor.org/info/rfc8174>. May 2017, <http://www.rfc-editor.org/info/rfc8174>.
9.2. Informative References 9.2. Informative References
[I-D.martinsen-tram-stuntrace] [I-D.martinsen-tram-stuntrace]
Martinsen, P. and D. Wing, "STUN Traceroute", draft- Martinsen, P. and D. Wing, "STUN Traceroute", draft-
martinsen-tram-stuntrace-01 (work in progress), June 2015. martinsen-tram-stuntrace-01 (work in progress), June 2015.
skipping to change at page 15, line 15 skipping to change at page 15, line 15
[RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using [RFC5766] Mahy, R., Matthews, P., and J. Rosenberg, "Traversal Using
Relays around NAT (TURN): Relay Extensions to Session Relays around NAT (TURN): Relay Extensions to Session
Traversal Utilities for NAT (STUN)", RFC 5766, Traversal Utilities for NAT (STUN)", RFC 5766,
DOI 10.17487/RFC5766, April 2010, DOI 10.17487/RFC5766, April 2010,
<https://www.rfc-editor.org/info/rfc5766>. <https://www.rfc-editor.org/info/rfc5766>.
Appendix A. Release Notes Appendix A. Release Notes
This section must be removed before publication as an RFC. This section must be removed before publication as an RFC.
A.1. Modifications between draft-ietf-tram-stun-pmtud-13 and draft- A.1. Modifications between draft-ietf-tram-stun-pmtud-14 and draft-
ietf-tram-stun-pmtud-13
o Modifications to address COMMENTS from IESG review
A.2. Modifications between draft-ietf-tram-stun-pmtud-13 and draft-
ietf-tram-stun-pmtud-12 ietf-tram-stun-pmtud-12
o Modifications to address nits o Modifications to address nits
A.2. Modifications between draft-ietf-tram-stun-pmtud-12 and draft- A.3. Modifications between draft-ietf-tram-stun-pmtud-12 and draft-
ietf-tram-stun-pmtud-11 ietf-tram-stun-pmtud-11
o Modifications following IESG review. Incorporated RFC5780 PADDING o Modifications following IESG review. Incorporated RFC5780 PADDING
attribute (Adam's Discuss) and added IPv6 language (Suresh's attribute (Adam's Discuss) and added IPv6 language (Suresh's
Discuss). Discuss).
A.3. Modifications between draft-ietf-tram-stun-pmtud-11 and draft- A.4. Modifications between draft-ietf-tram-stun-pmtud-11 and draft-
ietf-tram-stun-pmtud-10 ietf-tram-stun-pmtud-10
o Modifications following IESG review. o Modifications following IESG review.
A.4. Modifications between draft-ietf-tram-stun-pmtud-10 and draft- A.5. Modifications between draft-ietf-tram-stun-pmtud-10 and draft-
ietf-tram-stun-pmtud-09 ietf-tram-stun-pmtud-09
o Modifications following reviews for gen-art (Roni Even) and secdir o Modifications following reviews for gen-art (Roni Even) and secdir
(Carl Wallace). (Carl Wallace).
A.5. Modifications between draft-ietf-tram-stun-pmtud-09 and draft- A.6. Modifications between draft-ietf-tram-stun-pmtud-09 and draft-
ietf-tram-stun-pmtud-08 ietf-tram-stun-pmtud-08
o Add 3 ways of preventing amplification attacks. o Add 3 ways of preventing amplification attacks.
A.6. Modifications between draft-ietf-tram-stun-pmtud-08 and draft- A.7. Modifications between draft-ietf-tram-stun-pmtud-08 and draft-
ietf-tram-stun-pmtud-07 ietf-tram-stun-pmtud-07
o Updates following Spencer's review. o Updates following Spencer's review.
A.7. Modifications between draft-ietf-tram-stun-pmtud-07 and draft- A.8. Modifications between draft-ietf-tram-stun-pmtud-07 and draft-
ietf-tram-stun-pmtud-06 ietf-tram-stun-pmtud-06
o Updates following Shepherd review. o Updates following Shepherd review.
A.8. Modifications between draft-ietf-tram-stun-pmtud-06 and draft- A.9. Modifications between draft-ietf-tram-stun-pmtud-06 and draft-
ietf-tram-stun-pmtud-05 ietf-tram-stun-pmtud-05
o Nits. o Nits.
o Restore missing changelog for previous version. o Restore missing changelog for previous version.
A.9. Modifications between draft-ietf-tram-stun-pmtud-05 and draft- A.10. Modifications between draft-ietf-tram-stun-pmtud-05 and draft-
ietf-tram-stun-pmtud-04 ietf-tram-stun-pmtud-04
o Modifications following Brandon Williams review. o Modifications following Brandon Williams review.
A.10. Modifications between draft-ietf-tram-stun-pmtud-04 and draft- A.11. Modifications between draft-ietf-tram-stun-pmtud-04 and draft-
ietf-tram-stun-pmtud-03 ietf-tram-stun-pmtud-03
o Modifications following Simon Perreault and Brandon Williams o Modifications following Simon Perreault and Brandon Williams
reviews. reviews.
A.11. Modifications between draft-ietf-tram-stun-pmtud-03 and draft- A.12. Modifications between draft-ietf-tram-stun-pmtud-03 and draft-
ietf-tram-stun-pmtud-02 ietf-tram-stun-pmtud-02
o Add new Overview of Operations section with ladder diagrams. o Add new Overview of Operations section with ladder diagrams.
o Authentication is mandatory for the Complete Probing mechanism, o Authentication is mandatory for the Complete Probing mechanism,
optional for the Simple Probing mechanism. optional for the Simple Probing mechanism.
o All the ICE specific text moves to a separate draft to be o All the ICE specific text moves to a separate draft to be
discussed in the ICE WG. discussed in the ICE WG.
skipping to change at page 17, line 21 skipping to change at page 17, line 26
o Each usage of this specification must the format of the o Each usage of this specification must the format of the
IDENTIFIERS attribute contents. IDENTIFIERS attribute contents.
o Better define the implicit signaling mechanism. o Better define the implicit signaling mechanism.
o Extend the Security Consideration section. o Extend the Security Consideration section.
o Tons of nits. o Tons of nits.
A.12. Modifications between draft-ietf-tram-stun-pmtud-02 and draft- A.13. Modifications between draft-ietf-tram-stun-pmtud-02 and draft-
ietf-tram-stun-pmtud-01 ietf-tram-stun-pmtud-01
o Cleaned up references. o Cleaned up references.
A.13. Modifications between draft-ietf-tram-stun-pmtud-01 and draft- A.14. Modifications between draft-ietf-tram-stun-pmtud-01 and draft-
ietf-tram-stun-pmtud-00 ietf-tram-stun-pmtud-00
o Added Security Considerations Section. o Added Security Considerations Section.
o Added IANA Considerations Section. o Added IANA Considerations Section.
A.14. Modifications between draft-ietf-tram-stun-pmtud-00 and draft- A.15. Modifications between draft-ietf-tram-stun-pmtud-00 and draft-
petithuguenin-tram-stun-pmtud-01 petithuguenin-tram-stun-pmtud-01
o Adopted by WG - Text unchanged. o Adopted by WG - Text unchanged.
A.15. Modifications between draft-petithuguenin-tram-stun-pmtud-01 and A.16. Modifications between draft-petithuguenin-tram-stun-pmtud-01 and
draft-petithuguenin-tram-stun-pmtud-00 draft-petithuguenin-tram-stun-pmtud-00
o Moved some Introduction text to the Probing Mechanism section. o Moved some Introduction text to the Probing Mechanism section.
o Added cross-reference to the other two STUN troubleshooting o Added cross-reference to the other two STUN troubleshooting
mechanism drafts. mechanism drafts.
o Updated references. o Updated references.
o Added Gonzalo Salgueiro as co-author. o Added Gonzalo Salgueiro as co-author.
A.16. Modifications between draft-petithuguenin-tram-stun-pmtud-00 and A.17. Modifications between draft-petithuguenin-tram-stun-pmtud-00 and
draft-petithuguenin-behave-stun-pmtud-03 draft-petithuguenin-behave-stun-pmtud-03
o General refresh for republication. o General refresh for republication.
A.17. Modifications between draft-petithuguenin-behave-stun-pmtud-03 A.18. Modifications between draft-petithuguenin-behave-stun-pmtud-03
and draft-petithuguenin-behave-stun-pmtud-02 and draft-petithuguenin-behave-stun-pmtud-02
o Changed author address. o Changed author address.
o Changed the IPR to trust200902. o Changed the IPR to trust200902.
A.18. Modifications between draft-petithuguenin-behave-stun-pmtud-02 A.19. Modifications between draft-petithuguenin-behave-stun-pmtud-02
and draft-petithuguenin-behave-stun-pmtud-01 and draft-petithuguenin-behave-stun-pmtud-01
o Defined checksum and sequential numbers as possible packet o Defined checksum and sequential numbers as possible packet
identifiers. identifiers.
o Updated the reference to RFC 5389 o Updated the reference to RFC 5389
o The FINGERPRINT attribute is now mandatory. o The FINGERPRINT attribute is now mandatory.
o Changed the delay between Probe indication and Report request to o Changed the delay between Probe indication and Report request to
be RTO/2 or 50 milliseconds. be RTO/2 or 50 milliseconds.
o Added ICMP packet processing. o Added ICMP packet processing.
o Added Full-Stop Timeout detection. o Added Full-Stop Timeout detection.
o Stated that Binding request with PMTUD-SUPPORTED does not start o Stated that Binding request with PMTUD-SUPPORTED does not start
the PMTUD process if already started. the PMTUD process if already started.
A.19. Modifications between draft-petithuguenin-behave-stun-pmtud-01 A.20. Modifications between draft-petithuguenin-behave-stun-pmtud-01
and draft-petithuguenin-behave-stun-pmtud-00 and draft-petithuguenin-behave-stun-pmtud-00
o Removed the use of modified STUN transaction but shorten the o Removed the use of modified STUN transaction but shorten the
retransmission for the simple probing mechanism. retransmission for the simple probing mechanism.
o Added a complete probing mechanism. o Added a complete probing mechanism.
o Removed the PADDING-RECEIVED attribute. o Removed the PADDING-RECEIVED attribute.
o Added release notes. o Added release notes.
 End of changes. 61 change blocks. 
103 lines changed or deleted 116 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/