One document matched: draft-ietf-6man-rfc1981bis-02.xml
<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc1191 PUBLIC "" "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.1191.xml">
<!ENTITY rfc4821 PUBLIC "" "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4821.xml">
<!ENTITY I-D.ietf-6man-rfc2460bis SYSTEM "http://xml2rfc.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-6man-rfc2460bis.xml">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?><?rfc strict="yes" ?>
<?rfc toc="yes"?>
<?rfc tocdepth="4"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes" ?>
<?rfc compact="yes" ?>
<?rfc subcompact="no" ?>
<rfc category="std" docName="draft-ietf-6man-rfc1981bis-02" obsoletes="1981" ipr="pre5378Trust200902">
<front>
<title abbrev="IPv6 Path MTU Discovery">Path MTU Discovery for IP version 6</title>
<author fullname="Jack McCann" initials="J"
surname="McCann">
<organization>Digital Equipment Corporation</organization>
<address>
<postal>
<street></street>
<!-- Reorder these if your country does things differently -->
<city></city>
<region></region>
<code></code>
<country></country>
</postal>
<phone></phone>
<facsimile></facsimile>
<email></email>
<!-- uri and facsimile elements may also be added -->
</address>
</author>
<author fullname="Stephen E. Deering" initials="S"
surname="Deering">
<organization>Retired</organization>
<address>
<postal>
<street></street>
<!-- Reorder these if your country does things differently -->
<city>Vancouver</city>
<region>British Columbia</region>
<code></code>
<country>Canada</country>
</postal>
<phone></phone>
<facsimile></facsimile>
<email></email>
<!-- uri and facsimile elements may also be added -->
</address>
</author>
<author fullname="Jeffrey Mogul" initials="J"
surname="Mogul">
<organization>Digital Equipment Corporation</organization>
<address>
<postal>
<street></street>
<!-- Reorder these if your country does things differently -->
<city></city>
<region></region>
<code></code>
<country></country>
</postal>
<phone></phone>
<facsimile></facsimile>
<email></email>
<!-- uri and facsimile elements may also be added -->
</address>
</author>
<author fullname="Robert M. Hinden" initials="R"
surname="Hinden" role="editor">
<organization>Check Point Software</organization>
<address>
<postal>
<street>959 Skyway Road</street>
<!-- Reorder these if your country does things differently -->
<city>San Carlos</city>
<region>CA</region>
<code>94070</code>
<country>USA</country>
</postal>
<phone></phone>
<facsimile></facsimile>
<email>bob.hinden@gmail.com</email>
<!-- uri and facsimile elements may also be added -->
</address>
</author>
<date day="" month="" year="" />
<abstract>
<t>
This document describes Path MTU Discovery for IP version 6. It is
largely derived from RFC 1191, which describes Path MTU Discovery for
IP version 4. It obsoletes RFC1981.</t>
</abstract>
</front>
<middle>
<section title=" Introduction">
<t>When one IPv6 node has a large amount of data to send to another
node, the data is transmitted in a series of IPv6 packets. It is
usually preferable that these packets be of the largest size that can
successfully traverse the path from the source node to the destination
node. This packet size is referred to as the Path MTU (PMTU), and it
is equal to the minimum link MTU of all the links in a path. IPv6
defines a standard mechanism for a node to discover the PMTU of an
arbitrary path.
</t>
<t>IPv6 nodes SHOULD implement Path MTU Discovery in order to discover
and take advantage of paths with PMTU greater than the IPv6 minimum
link MTU <xref target="I-D.ietf-6man-rfc2460bis"/>. A minimal IPv6
implementation (e.g., in a boot ROM) may choose to omit implementation
of Path MTU Discovery.
</t>
<t>Nodes not implementing Path MTU Discovery use the IPv6 minimum link
MTU defined in <xref target="I-D.ietf-6man-rfc2460bis"/> as the
maximum packet size. In most cases, this will result in the use of
smaller packets than necessary, because most paths have a PMTU greater
than the IPv6 minimum link MTU. A node sending packets much smaller
than the Path MTU allows is wasting network resources and probably
getting suboptimal throughput.
</t>
<t>An extension to Path MTU Discovery defined in this document can be
found in <xref target="RFC4821"/>.
It defines a method for Packetization Layer Path MTU Discovery
(PLPMTUD) designed for use over paths where delivery of ICMP messages
to a host is not assured.
In this algorithm, the proper MTU is determined by starting
with small packets and probing with successively larger packets. The
bulk of the algorithm is implemented above IP, in the transport layer
(e.g., TCP) or other "Packetization Protocol" that is responsible for
determining packet boundaries.</t>
</section>
<section title="Terminology">
<t><list hangIndent="20" style="hanging">
<t hangText="node">a device that implements IPv6.</t>
<t hangText="router">a node that forwards IPv6 packets not
explicitly addressed to itself.</t>
<t hangText="host">any node that is not a router.</t>
<t hangText="upper layer">a protocol layer immediately above IPv6.
Examples are transport protocols such as TCP and UDP, control
protocols such as ICMP, routing protocols such as OSPF, and internet
or lower-layer protocols being "tunneled" over (i.e., encapsulated in)
IPv6 such as IPX, AppleTalk, or IPv6 itself.</t>
<t hangText="link">a communication facility or medium over which nodes
can communicate at the link layer, i.e., the layer immediately below
IPv6. Examples are Ethernets (simple or bridged); PPP links; X.25,
Frame Relay, or ATM networks; and internet (or higher) layer
"tunnels", such as tunnels over IPv4 or IPv6 itself.</t>
<t hangText="interface">a node's attachment to a link.</t>
<t hangText="address">an IPv6-layer identifier for an interface or a
set of interfaces.</t>
<t hangText="packet">an IPv6 header plus payload.</t>
<t hangText="link MTU">the maximum transmission unit, i.e., maximum
packet size in octets, that can be conveyed in one piece over a
link.</t>
<t hangText="path">the set of links traversed by a packet between a
source node and a destination node.</t>
<t hangText="path MTU">the minimum link MTU of all the links in a path
between a source node and a destination node.</t>
<t hangText="PMTU">path MTU</t>
<t hangText="Path MTU Discovery">process by which a node learns the
PMTU of a path</t>
<t hangText="flow">a sequence of packets sent from a particular source
to a particular (unicast or multicast) destination for which the
source desires special handling by the intervening routers.</t>
<t hangText="flow id">a combination of a source address and a non-zero
flow label.</t>
</list></t>
</section>
<section title="Protocol Overview">
<t>This memo describes a technique to dynamically discover the PMTU of
a path. The basic idea is that a source node initially assumes that
the PMTU of a path is the (known) MTU of the first hop in the path.
If any of the packets sent on that path are too large to be forwarded
by some node (regardless of whether it decrements the Hop Limit) along
the path, that node will discard them and return ICMPv6 Packet Too Big
messages <xref target="ICMPv6"/>. Upon receipt of such a message, the
source node reduces its assumed PMTU for the path based on the MTU of
the constricting hop as reported in the Packet Too Big message.
</t>
<t>The Path MTU Discovery process ends when the node's estimate of the
PMTU is less than or equal to the actual PMTU. Note that several
iterations of the packet-sent/Packet-Too-Big-message-received cycle
may occur before the Path MTU Discovery process ends, as there may be
links with smaller MTUs further along the path.
</t>
<t>Alternatively, the node may elect to end the discovery process by
ceasing to send packets larger than the IPv6 minimum link MTU.
</t>
<t>The PMTU of a path may change over time, due to changes in the
routing topology. Reductions of the PMTU are detected by Packet Too
Big messages. To detect increases in a path's PMTU, a node
periodically increases its assumed PMTU. This will almost always
result in packets being discarded and Packet Too Big messages being
generated, because in most cases the PMTU of the path will not have
changed. Therefore, attempts to detect increases in a path's PMTU
should be done infrequently.
</t>
<t>Path MTU Discovery supports multicast as well as unicast
destinations. In the case of a multicast destination, copies of a
packet may traverse many different paths to many different nodes.
Each path may have a different PMTU, and a single multicast packet
may result in multiple Packet Too Big messages, each reporting a
different next-hop MTU. The minimum PMTU value across the set of
paths in use determines the size of subsequent packets sent to the
multicast destination.
</t>
<t>Note that Path MTU Discovery must be performed even in cases where
a node "thinks" a destination is attached to the same link as itself.
In a situation such as when a neighboring router acts as proxy <xref
target="ND"/> for some destination, the destination can to appear
to be directly connected but is in fact more than one hop away.
</t>
</section>
<section title="Protocol Requirements">
<t>As discussed in section 1, IPv6 nodes are not required to implement
Path MTU Discovery. The requirements in this section apply only to
those implementations that include Path MTU Discovery.
</t>
<t>When a node receives a Packet Too Big message, it MUST reduce its
estimate of the PMTU for the relevant path, based on the value of the
MTU field in the message. The precise behavior of a node in this
circumstance is not specified, since different applications may have
different requirements, and since different implementation
architectures may favor different strategies.
</t>
<t>After receiving a Packet Too Big message, a node MUST attempt to
avoid eliciting more such messages in the near future. The node MUST
reduce the size of the packets it is sending along the path. Using a
PMTU estimate larger than the IPv6 minimum link MTU may continue to
elicit Packet Too Big messages. Since each of these messages (and
the dropped packets they respond to) consume network resources, the
node MUST force the Path MTU Discovery process to end.
</t>
<t>Nodes using Path MTU Discovery MUST detect decreases in PMTU as fast
as possible. Nodes MAY detect increases in PMTU, but because doing
so requires sending packets larger than the current estimated PMTU,
and because the likelihood is that the PMTU will not have increased,
this MUST be done at infrequent intervals. An attempt to detect an
increase (by sending a packet larger than the current estimate) MUST
NOT be done less than 5 minutes after a Packet Too Big message has
been received for the given path. The recommended setting for this
timer is twice its minimum value (10 minutes).
</t>
<t>A node MUST NOT reduce its estimate of the Path MTU below the IPv6
minimum link MTU.
</t>
<t>If a node receives a Packet Too Big message reporting a
next-hop MTU that is less than the IPv6 minimum link MTU, it should
discard it.
</t>
<!--
<t><list>
<t>Note: A node may receive a Packet Too Big message reporting a
next-hop MTU that is less than the IPv6 minimum link MTU. In that
case, the node is not required to reduce the size of subsequent
packets sent on the path to less than the IPv6 minimun link MTU, but
rather must include a Fragment header in those packets <xref
target="I-D.ietf-6man-rfc2460bis"/>.
</t>
</list></t>
-->
<t>A node MUST NOT increase its estimate of the Path MTU in response to
the contents of a Packet Too Big message. A message purporting to
announce an increase in the Path MTU might be a stale packet that has
been floating around in the network, a false packet injected as part
of a denial-of-service attack, or the result of having multiple paths
to the destination, each with a different PMTU.
</t>
</section>
<section title="Implementation Issues">
<t>This section discusses a number of issues related to the
implementation of Path MTU Discovery. This is not a specification,
but rather a set of notes provided as an aid for implementors.
</t>
<t>The issues include: </t>
<t><list style="hanging" hangIndent="3">
<t hangText="-">What layer or layers implement Path MTU Discovery?</t>
<t hangText="-">How is the PMTU information cached?</t>
<t hangText="-">How is stale PMTU information removed?</t>
<t hangText="-">What must transport and higher layers do?</t>
</list></t>
<section title="Layering">
<t>In the IP architecture, the choice of what size packet to send is
made by a protocol at a layer above IP. This memo refers to such a
protocol as a "packetization protocol". Packetization protocols are
usually transport protocols (for example, TCP) but can also be
higher-layer protocols (for example, protocols built on top of UDP).
</t>
<t>Implementing Path MTU Discovery in the packetization layers
simplifies some of the inter-layer issues, but has several drawbacks:
the implementation may have to be redone for each packetization
protocol, it becomes hard to share PMTU information between different
packetization layers, and the connection-oriented state maintained by
some packetization layers may not easily extend to save PMTU
information for long periods.
</t>
<t>It is therefore suggested that the IP layer store PMTU information
and that the ICMP layer process received Packet Too Big messages.
The packetization layers may respond to changes in the PMTU, by
changing the size of the messages they send. To support this
layering, packetization layers require a way to learn of changes in
the value of MMS_S, the "maximum send transport-message size". The
MMS_S is derived from the Path MTU by subtracting the size of the
IPv6 header plus space reserved by the IP layer for additional
headers (if any).
</t>
<t>It is possible that a packetization layer, perhaps a UDP application
outside the kernel, is unable to change the size of messages it
sends. This may result in a packet size that exceeds the Path MTU.
To accommodate such situations, IPv6 defines a mechanism that allows
large payloads to be divided into fragments, with each fragment sent
in a separate packet (see <xref target="I-D.ietf-6man-rfc2460bis"/> section "Fragment Header").
However, packetization layers are encouraged to avoid sending
messages that will require fragmentation (for the case against
fragmentation, see <xref target="FRAG"/>).
</t>
</section>
<section title="Storing PMTU information">
<t>Ideally, a PMTU value should be associated with a specific path
traversed by packets exchanged between the source and destination
nodes. However, in most cases a node will not have enough
information to completely and accurately identify such a path.
Rather, a node must associate a PMTU value with some local
representation of a path. It is left to the implementation to select
the local representation of a path.</t>
<t>In the case of a multicast destination address, copies of a packet
may traverse many different paths to reach many different nodes. The
local representation of the "path" to a multicast destination must in
fact represent a potentially large set of paths.</t>
<t>Minimally, an implementation could maintain a single PMTU value to be
used for all packets originated from the node. This PMTU value would
be the minimum PMTU learned across the set of all paths in use by the
node. This approach is likely to result in the use of smaller
packets than is necessary for many paths.</t>
<t>An implementation could use the destination address as the local
representation of a path. The PMTU value associated with a
destination would be the minimum PMTU learned across the set of all
paths in use to that destination. The set of paths in use to a
particular destination is expected to be small, in many cases
consisting of a single path. This approach will result in the use of
optimally sized packets on a per-destination basis. This approach
integrates nicely with the conceptual model of a host as described in
<xref target="ND"/>: a PMTU value could be stored with the
corresponding entry in the destination cache.</t>
<t>If flows <xref target="I-D.ietf-6man-rfc2460bis"/> are in use, an implementation could use the flow
id as the local representation of a path. Packets sent to a
particular destination but belonging to different flows may use
different paths, with the choice of path depending on the flow id.
This approach will result in the use of optimally sized packets on a
per-flow basis, providing finer granularity than PMTU values
maintained on a per-destination basis.</t>
<t>For source routed packets (i.e. packets containing an IPv6 Routing
header <xref target="I-D.ietf-6man-rfc2460bis"/>), the source route may further qualify the local
representation of a path. In particular, a packet containing a type
0 Routing header in which all bits in the Strict/Loose Bit Map are
equal to 1 contains a complete path specification. An implementation
could use source route information in the local representation of a
path.</t>
<t><list>
<t>Note: Some paths may be further distinguished by different
security classifications. The details of such classifications are
beyond the scope of this memo.</t>
</list></t>
<t>Initially, the PMTU value for a path is assumed to be the (known) MTU
of the first-hop link.</t>
<t>When a Packet Too Big message is received, the node determines which
path the message applies to based on the contents of the Packet Too
Big message. For example, if the destination address is used as the
local representation of a path, the destination address from the
original packet would be used to determine which path the message
applies to.</t>
<t><list>
<t>Note: if the original packet contained a Routing header, the
Routing header should be used to determine the location of the
destination address within the original packet. If Segments Left
is equal to zero, the destination address is in the Destination
Address field in the IPv6 header. If Segments Left is greater
than zero, the destination address is the last address
(Address[n]) in the Routing header.</t>
</list></t>
<t>The node then uses the value in the MTU field in the Packet Too Big
message as a tentative PMTU value, and compares the tentative PMTU to
the existing PMTU. If the tentative PMTU is less than the existing
PMTU estimate, the tentative PMTU replaces the existing PMTU as the
PMTU value for the path.</t>
<t>The packetization layers must be notified about decreases in the
PMTU. Any packetization layer instance (for example, a TCP
connection) that is actively using the path must be notified if the
PMTU estimate is decreased.</t>
<t><list>
<t>Note: even if the Packet Too Big message contains an Original
Packet Header that refers to a UDP packet, the TCP layer must be
notified if any of its connections use the given path.</t>
</list></t>
<t>Also, the instance that sent the packet that elicited the Packet Too
Big message should be notified that its packet has been dropped, even
if the PMTU estimate has not changed, so that it may retransmit the
dropped data.</t>
<t><list>
<t>Note: An implementation can avoid the use of an asynchronous
notification mechanism for PMTU decreases by postponing
notification until the next attempt to send a packet larger than
the PMTU estimate. In this approach, when an attempt is made to
SEND a packet that is larger than the PMTU estimate, the SEND
function should fail and return a suitable error indication. This
approach may be more suitable to a connectionless packetization
layer (such as one using UDP), which (in some implementations) may
be hard to "notify" from the ICMP layer. In this case, the normal
timeout-based retransmission mechanisms would be used to recover
from the dropped packets.</t>
</list></t>
<t>It is important to understand that the notification of the
packetization layer instances using the path about the change in the
PMTU is distinct from the notification of a specific instance that a
packet has been dropped. The latter should be done as soon as
practical (i.e., asynchronously from the point of view of the
packetization layer instance), while the former may be delayed until
a packetization layer instance wants to create a packet.
Retransmission should be done for only for those packets that are
known to be dropped, as indicated by a Packet Too Big message.</t>
</section>
<section title="Purging stale PMTU information">
<t>Internetwork topology is dynamic; routes change over time. While the
local representation of a path may remain constant, the actual
path(s) in use may change. Thus, PMTU information cached by a node
can become stale.</t>
<t>If the stale PMTU value is too large, this will be discovered almost
immediately once a large enough packet is sent on the path. No such
mechanism exists for realizing that a stale PMTU value is too small,
so an implementation should "age" cached values. When a PMTU value
has not been decreased for a while (on the order of 10 minutes), the
PMTU estimate should be set to the MTU of the first-hop link, and the
packetization layers should be notified of the change. This will
cause the complete Path MTU Discovery process to take place again.</t>
<t><list>
<t>Note: an implementation should provide a means for changing the
timeout duration, including setting it to "infinity". For
example, nodes attached to an FDDI link which is then attached to
the rest of the Internet via a small MTU serial line are never
going to discover a new non-local PMTU, so they should not have to
put up with dropped packets every 10 minutes.</t>
</list></t>
<t>An upper layer must not retransmit data in response to an increase in
the PMTU estimate, since this increase never comes in response to an
indication of a dropped packet.</t>
<t>One approach to implementing PMTU aging is to associate a timestamp
field with a PMTU value. This field is initialized to a "reserved"
value, indicating that the PMTU is equal to the MTU of the first hop
link. Whenever the PMTU is decreased in response to a Packet Too Big
message, the timestamp is set to the current time.</t>
<t>Once a minute, a timer-driven procedure runs through all cached PMTU
values, and for each PMTU whose timestamp is not "reserved" and is
older than the timeout interval:</t>
<t><list style="hanging" hangIndent="3">
<t hangText="-">The PMTU estimate is set to the MTU of the first hop link.</t>
<t hangText="-">The timestamp is set to the "reserved" value.</t>
<t hangText="-">Packetization layers using this path are notified of the increase.</t>
</list></t>
</section>
<section title="TCP layer actions">
<t>The TCP layer must track the PMTU for the path(s) in use by a
connection; it should not send segments that would result in packets
larger than the PMTU. A simple implementation could ask the IP layer
for this value each time it created a new segment, but this could be
inefficient. Moreover, TCP implementations that follow the "slow-
start" congestion-avoidance algorithm <xref target="CONG"/> typically
calculate and cache several other values derived from the PMTU. It
may be simpler to receive asynchronous notification when the PMTU
changes, so that these variables may be updated.</t>
<t>A TCP implementation must also store the MSS value received from its
peer, and must not send any segment larger than this MSS, regardless
of the PMTU. In 4.xBSD-derived implementations, this may require
adding an additional field to the TCP state record.</t>
<t>The value sent in the TCP MSS option is independent of the PMTU.
This MSS option value is used by the other end of the connection,
which may be using an unrelated PMTU value. See <xref
target="I-D.ietf-6man-rfc2460bis"/> sections "Packet Size Issues" and
"Maximum Upper-Layer Payload Size" for information on selecting a
value for the TCP MSS option.</t>
<t>When a Packet Too Big message is received, it implies that a packet
was dropped by the node that sent the ICMP message. It is sufficient
to treat this as any other dropped segment, and wait until the
retransmission timer expires to cause retransmission of the segment.
If the Path MTU Discovery process requires several steps to find the
PMTU of the full path, this could delay the connection by many
round-trip times.</t>
<t>Alternatively, the retransmission could be done in immediate response
to a notification that the Path MTU has changed, but only for the
specific connection specified by the Packet Too Big message. The
packet size used in the retransmission should be no larger than the
new PMTU.</t>
<t><list>
<t>Note: A packetization layer must not retransmit in response to
every Packet Too Big message, since a burst of several oversized
segments will give rise to several such messages and hence several
retransmissions of the same data. If the new estimated PMTU is
still wrong, the process repeats, and there is an exponential
growth in the number of superfluous segments sent.</t>
<t>This means that the TCP layer must be able to recognize when a
Packet Too Big notification actually decreases the PMTU that it
has already used to send a packet on the given connection, and
should ignore any other notifications.</t>
</list></t>
<t>Many TCP implementations incorporate "congestion avoidance" and
"slow-start" algorithms to improve performance <xref target="CONG"/>.
Unlike a retransmission caused by a TCP retransmission timeout, a
retransmission caused by a Packet Too Big message should not change
the congestion window. It should, however, trigger the slow-start
mechanism (i.e., only one segment should be retransmitted until
acknowledgements begin to arrive again).</t>
<t>TCP performance can be reduced if the sender's maximum window size is
not an exact multiple of the segment size in use (this is not the
congestion window size, which is always a multiple of the segment
size). In many systems (such as those derived from 4.2BSD), the
segment size is often set to 1024 octets, and the maximum window size
(the "send space") is usually a multiple of 1024 octets, so the
proper relationship holds by default. If Path MTU Discovery is used,
however, the segment size may not be a submultiple of the send space,
and it may change during a connection; this means that the TCP layer
may need to change the transmission window size when Path MTU
Discovery changes the PMTU value. The maximum window size should be
set to the greatest multiple of the segment size that is less than or
equal to the sender's buffer space size.</t>
</section>
<section title="Issues for other transport protocols">
<t>Some transport protocols (such as ISO TP4 <xref target="ISOTP"/>)
are not allowed to repacketize when doing a retransmission. That is,
once an attempt is made to transmit a segment of a certain size, the
transport cannot split the contents of the segment into smaller
segments for retransmission. In such a case, the original segment can
be fragmented by the IP layer during retransmission. Subsequent
segments, when transmitted for the first time, should be no larger than
allowed by the Path MTU.</t>
<t>The Sun Network File System (NFS) uses a Remote Procedure Call (RPC)
protocol
<xref target="RPC"/>
that, when used over UDP, in many cases will generate
payloads that must be fragmented even for the first-hop link. This
might improve performance in certain cases, but it is known to cause
reliability and performance problems, especially when the client and
server are separated by routers.</t>
<t>It is recommended that NFS implementations use Path MTU Discovery
whenever routers are involved. Most NFS implementations allow the
RPC datagram size to be changed at mount-time (indirectly, by
changing the effective file system block size), but might require
some modification to support changes later on.</t>
<t>Also, since a single NFS operation cannot be split across several UDP
datagrams, certain operations (primarily, those operating on file
names and directories) require a minimum payload size that if sent in
a single packet would exceed the PMTU. NFS implementations should
not reduce the payload size below this threshold, even if Path MTU
Discovery suggests a lower value. In this case the payload will be
fragmented by the IP layer.</t>
</section>
<section title="Management interface">
<t>It is suggested that an implementation provide a way for a system
utility program to:</t>
<t><list style="hanging" hangIndent="3">
<t hangText="-">Specify that Path MTU Discovery not be done on a given path.</t>
<t hangText="-">Change the PMTU value associated with a given path.</t>
</list></t>
<t>The former can be accomplished by associating a flag with the path;
when a packet is sent on a path with this flag set, the IP layer does
not send packets larger than the IPv6 minimum link MTU.</t>
<t>These features might be used to work around an anomalous situation,
or by a routing protocol implementation that is able to obtain Path
MTU values.</t>
<t>The implementation should also provide a way to change the timeout
period for aging stale PMTU information.</t>
</section>
</section>
<section title="Security Considerations">
<t>This Path MTU Discovery mechanism makes possible two denial-of-
service attacks, both based on a malicious party sending false Packet
Too Big messages to a node.</t>
<t>In the first attack, the false message indicates a PMTU much smaller
than reality. This should not entirely stop data flow, since the
victim node should never set its PMTU estimate below the IPv6 minimum
link MTU. It will, however, result in suboptimal performance.</t>
<t>In the second attack, the false message indicates a PMTU larger than
reality. If believed, this could cause temporary blockage as the
victim sends packets that will be dropped by some router. Within one
round-trip time, the node would discover its mistake (receiving
Packet Too Big messages from that router), but frequent repetition of
this attack could cause lots of packets to be dropped. A node,
however, should never raise its estimate of the PMTU based on a
Packet Too Big message, so should not be vulnerable to this attack.</t>
<t>A malicious party could also cause problems if it could stop a victim
from receiving legitimate Packet Too Big messages, but in this case
there are simpler denial-of-service attacks available.</t>
</section>
<section title="Acknowledgements">
<t>We would like to acknowledge the authors of and contributors to
<xref target="RFC1191"/>, from which the majority of this document was
derived. We would also like to acknowledge the members of the IPng
working group for their careful review and constructive
criticisms.</t>
</section>
<section anchor="IANA" title="IANA Considerations">
<t>This document does not have any IANA actions</t>
</section>
</middle>
<back>
<references title="Normative References">
&I-D.ietf-6man-rfc2460bis;
<reference anchor="ICMPv6" target="http://www.rfc-editor.org/info/rfc4443">
<front>
<title>
Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification
</title>
<author initials="A." surname="Conta" fullname="A. Conta">
<organization/>
</author>
<author initials="S." surname="Deering" fullname="S. Deering">
<organization/>
</author>
<author initials="M." surname="Gupta" fullname="M. Gupta" role="editor">
<organization/>
</author>
<date year="2006" month="March"/>
<abstract>
<t>
This document describes the format of a set of control messages used in ICMPv6 (Internet Control Message Protocol). ICMPv6 is the Internet Control Message Protocol for Internet Protocol version 6 (IPv6). [STANDARDS-TRACK]
</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4443"/>
<seriesInfo name="DOI" value="10.17487/RFC4443"/>
</reference>
</references>
<references title="Informative References">
&rfc1191;
&rfc4821;
<reference anchor="CONG">
<front>
<title>Congestion Avoidance and Control</title>
<author initials="V" surname="Jacobson" fullname="Van Jacobson">
<organization>Stanford, CA</organization>
</author>
<date month="August" year="1988" />
</front>
<seriesInfo name="Proc. SIGCOMM '88 Symposium on Communications Architectures and
Protocols" value="" />
</reference>
<reference anchor="FRAG">
<front>
<title>Fragmentation Considered Harmful</title>
<author initials="C" surname="Kent" fullname="C. Kent"> </author>
<author initials="J" surname="Mogul" fullname="Jeff Mogul"></author>
<date month="August" year="1987" />
</front>
<seriesInfo name="In Proc. SIGCOMM '87 Workshop on Frontiers in
Computer Communications Technology" value=""/>
</reference>
<reference anchor="ISOTP" target="http://www.rfc-editor.org/info/rfc905">
<front>
<title>ISO Transport Protocol specification ISO DP 8073</title>
<author initials="ISO" surname="" fullname="ISO">
<organization/>
</author>
<date year="1984" month="April"/>
<abstract>
<t>
This is the current specification of the ISO Transport Protocol. This
document is the text of ISO/TC97/SC16/N1576 as corrected by
ISO/TC97/SC16/N1695. This is the specification currently being voted on
in ISO as a Draft International Standard (DIS). This document is
distributed as an RFC for your information only, it does not specify a
standard for the ARPA-Internet or DARPA research community. Our thanks to
Alex McKenzie of BBN for making this online version available. Please
note the size of this document, the file contains 258,729 characters.
</t>
</abstract>
</front>
<seriesInfo name="RFC" value="905"/>
<seriesInfo name="DOI" value="10.17487/RFC0905"/>
</reference>
<reference anchor="ND" target="http://www.rfc-editor.org/info/rfc4861">
<front>
<title>Neighbor Discovery for IP version 6 (IPv6)</title>
<author initials="T." surname="Narten" fullname="T. Narten">
<organization/>
</author>
<author initials="E." surname="Nordmark" fullname="E. Nordmark">
<organization/>
</author>
<author initials="W." surname="Simpson" fullname="W. Simpson">
<organization/>
</author>
<author initials="H." surname="Soliman" fullname="H. Soliman">
<organization/>
</author>
<date year="2007" month="September"/>
<abstract>
<t>
This document specifies the Neighbor Discovery protocol for IP Version 6. IPv6 nodes on the same link use Neighbor Discovery to discover each other's presence, to determine each other's link-layer addresses, to find routers, and to maintain reachability information about the paths to active neighbors. [STANDARDS-TRACK]
</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4861"/>
<seriesInfo name="DOI" value="10.17487/RFC4861"/>
</reference>
<reference anchor="RPC" target="http://www.rfc-editor.org/info/rfc1057">
<front>
<title>
RPC: Remote Procedure Call Protocol specification: Version 2
</title>
<author>
<organization>Sun Microsystems</organization>
</author>
<date year="1988" month="June"/>
<abstract>
<t>
This RFC describes a standard that Sun Microsystems and others are using, and is one we wish to propose for the Internet's consideration. This memo is not an Internet standard at this time.
</t>
</abstract>
</front>
<seriesInfo name="RFC" value="1057"/>
<seriesInfo name="DOI" value="10.17487/RFC1057"/>
</reference>
</references>
<section title="Comparison to RFC 1191">
<t>This document is based in large part on RFC 1191, which describes
Path MTU Discovery for IPv4. Certain portions of RFC 1191 were not
needed in this document:</t>
<t><list style="hanging" hangIndent="22">
<t hangText="router specification">Packet Too Big messages and
corresponding router behavior are defined in <xref target="ICMPv6"/></t>
<t hangText="Don't Fragment bit">there is no DF bit in IPv6
packets</t>
<t hangText="TCP MSS discussion">selecting a value to send in the TCP
MSS option is discussed in <xref target="I-D.ietf-6man-rfc2460bis"/></t>
<t hangText="old-style messages">all Packet Too Big messages report
the MTU of the constricting link</t>
<t hangText="MTU plateau tables">not needed because there are no
old-style messages</t>
</list></t>
</section>
<section title="Changes Since RFC 1981">
<t>This document has the following changes from RFC1981.
Numbers identify the Internet-Draft version
that the change was made.:</t>
<t>Working Group Internet Drafts</t>
<t><list>
<t><list hangIndent="5" style="hanging">
<t hangText="02)">Clarified in Section 3. that ICMP Packet Too Big
should be sent even if the node doesn't decrement the hop limit</t>
<t hangText="01)">Revised the text about PLPMTUD to use the word "path".</t>
<t hangText="01)">Editorial changes.</t>
<t hangText="00)">Added text to discard an ICMP Packet Too Big
message containing an MTU less than the IPv6 minimum link MTU.</t>
<t hangText="00)">Revision of text regarding RFC4821.</t>
<t hangText="00)">Added R. Hinden as Editor to facilitate ID submission.</t>
<t hangText="00)">Editorial changes.</t>
</list></t>
</list></t>
<t>Individual Internet Drafts</t>
<t><list>
<t><list hangIndent="5" style="hanging">
<t hangText="01)">Remove Note about a Packet Too Big message
reporting a next-hop MTU that is less than the IPv6 minimum link MTU.
This was removed from <xref target="I-D.ietf-6man-rfc2460bis"/>.
</t>
<t hangText="01)">Include a link to RFC4821 along with a short summary
of what it does.</t>
<t hangText="01)">Assigned references to informative and
normative.</t>
<t hangText="01)">Editorial changes.</t>
<t hangText="00)">Establish a baseline from RFC1981. The only
intended changes are formatting (XML is slightly different from
.nroff), differences between an RFC and Internet Draft, fixing a few
ID Nits, updating references, and updates to the authors information.
There should not be any content changes to the specification.</t>
</list></t>
</list></t>
</section>
</back>
</rfc>
<!-- Created by hand from RFC4291bis by Bob Hinden, November 2015 -->
| PAFTECH AB 2003-2026 | 2026-04-23 00:05:21 |