One document matched: draft-ietf-tram-stun-pmtud-03.xml
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<?rfc toc='yes' ?>
<?rfc tocdepth='5'?>
<?rfc sortrefs='yes' ?>
<rfc category="std" docName="draft-ietf-tram-stun-pmtud-03" ipr="trust200902">
<front>
<title abbrev="STUN PMTUD">Path MTU Discovery Using Session Traversal Utilities for NAT (STUN)</title>
<author surname="Petit-Huguenin" initials="M.P." fullname="Marc Petit-Huguenin">
<organization>Impedance Mismatch</organization>
<address>
<postal>
<street/>
</postal>
<email>marc@petit-huguenin.org</email>
</address>
</author>
<author surname="Salgueiro" initials="G.S." fullname="Gonzalo Salgueiro">
<organization abbrev="Cisco">Cisco Systems, Inc.</organization>
<address>
<postal>
<street>7200-12 Kit Creek Road</street>
<city>Research Triangle Park</city>
<region>NC</region>
<code>27709</code>
<country>United States</country>
</postal>
<email>gsalguei@cisco.com</email>
</address>
</author>
<date day="27" month="October" year="2016"/>
<area>TSV</area>
<workgroup>TRAM</workgroup>
<abstract>
<t>
This document describes a Session Traversal Utilities for NAT (STUN) Usage for Path MTU Discovery (PMTUD) between a client and a server.
</t>
</abstract>
</front>
<middle>
<section anchor="section.introduction" title="Introduction">
<t><xref target="RFC4821">The Packetization Layer Path MTU Discovery (PMTUD) specification</xref> describes a method to discover the Path MTU but does not describe a practical protocol to do so with UDP.
</t>
<t>
This document only describes how probing mechanisms are implemented with Session Traversal Utilities for NAT (STUN).
The algorithm to find the Path MTU is described in <xref target="RFC4821"/>.
</t>
<t>
The STUN usage defined in this document for Path MTU Discovery (PMTUD) between a client and a server permits proper operations of UDP-based applications in the network.
It also simplifies troubleshooting and has multiple other applications across a wide variety of technologies.
</t>
<t>
Additional network characteristics like the network path (using the STUN Traceroute mechanism described in <xref target="I-D.martinsen-tram-stuntrace"/>) and bandwidth availability (using the mechanism described in <xref target="I-D.martinsen-tram-turnbandwidthprobe"/>) can be discovered using complementary techniques.
</t>
</section>
<section title="Overview of Operations">
<t>
This section is meant to be informative only.
It is not intended as a replacement for <xref target="RFC4821"/>.
</t>
<t>
A UDP endpoint that uses this specification to discover the Path MTU over UDP and knows that the endpoint it is communicating with also supports this specification can choose to use either the Simple Probing mechanism (as described in <xref target="section.simple"/>) or the Complete Probing mechanism (as described in <xref target="section.complete"/>).
The selection of which Probing Mechanism to use is dependent on performance and security and complexity trade-offs.
</t>
<t>
If the Simple Probing mechanism is chosen, then it initiates Probe transactions, as shown in <xref target="figure.probing.simple"/>, which increase in size until transactions timeout, indicating that the Path MTU has been exceeded.
It then uses that information to update the Path MTU.
</t>
<figure anchor="figure.probing.simple" title="Simple Probing Example">
<artwork align="center">
Client Server
| |
| Probe Request |
|---------------->|
| |
| Probe Response |
|<----------------|
| |
</artwork>
</figure>
<t>
If the Complete Probing mechanism (as described in <xref target="section.complete"/>) is chosen, then it sends Probe Indications of various sizes interleaved with UDP packets sent by the UDP protocol.
The Client then sends a Report Request for the ordered list of identifiers for the UDP packets and Probe Indications received by the Server.
The Client then compares the list returned in the Report Response with its own list of identifiers for the UDP packets and Probe Indications it sent.
The Client then uses that comparison to find which Probe Indications were dropped by the network as a result of their size.
It then uses that information to update the Path MTU.
</t>
<figure anchor="figure.probing.complete" title="Complete Probing Example">
<artwork align="center">
Client Server
| UDP Packet |
|------------------>|
| |
| UDP Packet |
|------------------>|
| |
| Probe Indication |
|------------------>|
| |
| UDP Packet |
|------------------>|
| |
| Probe Indication |
|------------------>|
| |
| Report Request |
|------------------>|
| Report Response |
|<------------------|
| |
</artwork>
</figure>
</section>
<section anchor="section.terminology" title="Terminology">
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in <xref target="RFC2119"/>.
When these words are not in ALL CAPS (such as "must" or "Must"), they have their usual English meanings, and are not to be interpreted as RFC 2119 key words.
</t>
</section>
<section anchor="section.probing" title="Probing Mechanisms">
<t>
A client MUST NOT send a probe if it does not have knowledge that the server supports this specification.
This is done either by external signalling or by a mechanism specific to the UDP protocol to which PMTUD capabilities are added or by one of the mechanisms specified in <xref target="section.mechanisms"/>.
</t>
<t>
The Probing mechanism is used to discover the Path MTU in one direction only, from the client to the server.
</t>
<t>
Two Probing mechanisms are described, a Simple Probing mechanism and a more complete mechanism that can converge quicker and find an appropriate PMTU in the presence of congestion.
Additionally, the Simple Probing mechanism does not require authentication, whereas the complete mechanism does.
</t>
<t>
Implementations supporting this specification MUST implement the server side of both the <xref target="section.simple">Simple Probing mechanism</xref> and the <xref target="section.complete">Complete Probing mechanism</xref>.
</t>
<t>
Implementations supporting this specification MUST implement the client side of the Complete Probing mechanism.
They MAY implement the client side of the Simple Probing mechanism.
</t>
<t>
The Simple Probing mechanism is implemented by sending a Probe Request with a <xref target="RFC5780">PADDING</xref> attribute and the DF bit set over UDP.
A router on the path to the server can reject this request with an ICMP message or drop it.
The client SHOULD cease retransmissions after 3 missing responses.
</t>
<t>
The Complete Probing mechanism is implemented by sending one or more Probe Indications with a PADDING attribute and the DF bit set over UDP followed by a Report Request to the same server.
A router on the path to the server can reject this Indication with an ICMP message or drop it.
The server keeps a chronologically ordered list of identifiers for all packets received (including retransmitted packets) and sends this list back to the client in the Report Response.
The client analyzes this list to find which packets were not received.
Because UDP packets do not contain an identifier, the Complete Probing mechanism needs a way to identify each packet received.
</t>
<t>
Some protocols may already have a way of identifying each individual UDP packet, in which case these identifiers SHOULD be used in the IDENTIFIERS attribute of the Report Response.
While there are other possible packet identification schemes, this document describes two different ways to identify a specific packet.
</t>
<t>
In the first packet identification mechanism, the server computes a checksum over each packet received and sends back to the sender the list of checksums ordered chronologically.
The client compares this list to its own list of checksums.
</t>
<t>
In the second packet identification mechanism, the client adds a sequence number in front of each UDP packet sent.
The server sends back the chronologically ordered list of sequence numbers received that the client then compares with its own list.
</t>
<section anchor="section.simple" title="Simple Probing Mechanism">
<section anchor="section.simple.send-request" title="Sending a Probe Request">
<t>
A client forms a Probe Request by following the rules in Section 7.1 of <xref target="RFC5389"/>.
The Probe transaction MAY be authenticated.
The client adds a <xref target="RFC5780">PADDING</xref> attribute with a length that, when added to the IP and UDP headers and the other STUN components, is equal to the Selected Probe Size, as defined in <xref target="RFC4821"/> Section 7.3.
The client MUST add the FINGERPRINT attribute.
</t>
<t>
Then the client sends the Probe Request to the server over UDP with the DF bit set.
For the purpose of this transaction, the Rc parameter specified in Section 7.2.1 of <xref target="RFC5389"/> is set to 3.
The initial value for RTO stays at 500 ms.
</t>
</section>
<section anchor="section.simple.receive-request" title="Receiving a Probe Request">
<t>
A server receiving a Probe Request MUST process it as specified in <xref target="RFC5389"/>.
</t>
<t>
The server then creates a Probe Response.
The server MUST add the FINGERPRINT attribute.
The server then sends the response to the client.
</t>
</section>
<section anchor="section.simple.receive-response" title="Receiving a Probe Response">
<t>
A client receiving a Probe Response MUST process it as specified in <xref target="RFC5389"/>.
If a response is received this is interpreted as a Probe Success, as defined in <xref target="RFC4821"/> Section 7.6.1.
If an ICMP packet "Fragmentation needed" is received then this is interpreted as a Probe Failure, as defined in <xref target="RFC4821"/> Section 7.6.2.
If the Probe transactions times out, then this is interpreted as a Probe Inconclusive, as defined in <xref target="RFC4821"/> Section 7.6.4.
</t>
</section>
</section>
<section anchor="section.complete" title="Complete Probing Mechanism">
<section title="Sending the Probe Indications and Report Request">
<t>
A client forms a Probe Indication by following the rules in <xref target="RFC5389"/> Section 7.1.
The client adds to the Probe Indication a PADDING attribute with a size that, when added to the IP and UDP headers and the other STUN components, is equal to the Selected Probe Size, as defined in <xref target="RFC4821"/> Section 7.3.
If the authentication mechanism permits it, then the Indication MUST be authenticated.
The client MUST add the FINGERPRINT attribute.
</t>
<t>
Then the client sends the Probe Indication to the server over UDP with the DF bit set.
</t>
<t>
Then the client forms a Report Request by following the rules in <xref target="RFC5389"/> Section 7.1.
The Report transaction MUST be authenticated.
The client MUST add the FINGERPRINT attribute.
</t>
<t>
Then the client waits half the RTO, if it is known, or 250 ms after sending the last Probe Indication and then sends the Report Request to the server over UDP.
</t>
</section>
<section anchor="section.complete.icmp" title="Receiving an ICMP Packet">
<t>
If an ICMP packet "Fragmentation needed" is received then this is interpreted as a Probe Failure, as defined in <xref target="RFC4821"/> Section 7.5.
</t>
</section>
<section anchor="section.complete.receive-request" title="Receiving a Probe Indication and Report Request">
<t>
A server supporting this specification will keep the identifiers of all packets received in a chronologically ordered list.
The same identifier can appear multiple times in the list because of retransmissions.
The maximum size of this list is calculated such that when the list is added to the Report Response, the total size of the packet does not exceed the unknown Path MTU, as defined in <xref target="RFC5389"/> Section 7.1.
Older identifiers are removed when new identifiers are added to a list that is already full.
</t>
<t>
A server receiving a Report Request MUST process it as specified in <xref target="RFC5389"/>.
</t>
<t>
The server creates a Report Response and adds an IDENTIFIERS attribute that contains the list of all identifiers received so far.
The server MUST add the FINGERPRINT attribute.
The server then sends the response to the client.
</t>
<t>
The exact content of the IDENTIFIERS attribute depends on what type of identifiers have been chosen for the protocol.
Each protocol adding PMTUD capabilities as specified by this specification MUST describe the format of the contents of the IDENTIFIERS attribute, unless it is using one of the formats described in this specification.
</t>
</section>
<section anchor="section.complete.receive-response" title="Receiving a Report Response">
<t>
A client receiving a Report Response processes it as specified in <xref target="RFC5389"/>.
If the response IDENTIFIERS attribute contains the identifier of the Probe Indication, then this is interpreted as a Probe Success for this probe, as defined in <xref target="RFC4821"/> Section 7.5.
If the Probe Indication identifier cannot be found in the Report Response, this is interpreted as a Probe Failure, as defined in <xref target="RFC4821"/> Section 7.5.
If the Probe Indication identifier cannot be found in the Report Response but identifiers for other packets sent before or after the Probe Indication cannot also be found, this is interpreted as a Probe Inconclusive, as defined in <xref target="RFC4821"/> Section 7.5.
If the Report Transaction times out, this is interpreted as a Full-Stop Timeout, as defined in <xref target="RFC4821"/> Section 3.
</t>
</section>
<section anchor="section.complete.checksum" title="Using Checksums as Packet Identifiers">
<t>
When using a checksum as a packet identifier, the client calculates the checksum for each packet sent over UDP and keeps this checksum in an ordered list.
The server does the same thing and sends back this list in the Report Response.
</t>
<t>
The algorithm used to calculate the checksum is the same as the algorithm used for the FINGERPRINT attribute.
The contents of the IDENTIFIERS attribute is a list of 4 byte numbers, each using the same encoding that is used for the contents of the FINGERPRINT attribute.
</t>
<t>
It could have been possible to use the checksum generated in the UDP checksum for this, but this value is generally not accessible to applications.
Also, sometimes the checksum is not calculated or is off-loaded to network hardware.
</t>
</section>
<section anchor="section.complete.numbers" title="Using Sequence Numbers as Packet Identifiers">
<t>
When using sequence numbers, a small header similar to the TURN ChannelData header is added in front of all non-STUN packets.
The sequence number is monotonically incremented by one for each packet sent.
The server collects the sequence number of the packets sent.
</t>
<figure>
<artwork>
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Channel Number | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
/ Application Data /
/ /
| |
| +-------------------------------+
| |
+-------------------------------+
</artwork>
</figure>
<t>
The Channel Number is always 0xFFFF.
The header values are encoded using network order.
</t>
<t>
The contents of the IDENTIFIERS attribute is a list of 4 byte numbers, each containing a sequence number encoded using network order.
</t>
</section>
</section>
</section>
<section anchor="section.mechanisms" title="Probe Support Signaling Mechanisms">
<t>
The PMTUD mechanism described in this document is intended to be used by any UDP-based protocols that do not have built-in PMTUD capabilities, irrespective of whether those UDP-based protocols are STUN-based or not.
So the manner in which a specific protocol discovers that it is safe to send PMTUD probes is largely dependent on the details of that specific protocol, with the exception of the Implicit Mechanism described below, which applies to any protocol.
</t>
<section title="Explicit Probe Support Signaling Mechanism">
<t>
Some of these mechanisms can use a separate signalling mechanism (for instance, an SDP attribute in an <xref target="RFC3264">Offer/Answer exchange</xref>), or an optional flag that can be set in the protocol that is augmented with PMTUD capabilities.
STUN Usages that can benefit from PMTUD capabilities can signal in-band that they support probing by inserting a PMTUD-SUPPORTED attribute in some STUN methods.
The decision of which methods support this attribute is left to each specific STUN Usage.
</t>
<t>
UDP-based protocols that want to use any of these mechanisms, including the PMTUD-SUPPORTED attribute, to signal PMTUD capabilities MUST ensure that it cannot be used to launch an amplification attack.
For example, using authentication can ensure this.
</t>
</section>
<section title="Implicit Probe Support Signaling Mechanism">
<t>
As a result of the fact that all endpoints implementing this specification are both clients and servers, a Probe Request or Indication received by an endpoint implicitly signals that its sender MAY be used to probe the Path MTU in the reverse direction.
</t>
<t>
The Probe Request or Indication that are used to implicitly signal probing support in the reverse direction MUST be authenticated to prevent amplification attacks.
</t>
</section>
</section>
<section anchor="section.attributes" title="STUN Attributes">
<section anchor="section.attributes.identifiers" title="IDENTIFIERS">
<t>
The IDENTIFIERS attribute carries a chronologically ordered list of UDP packet identifiers.
Each protocol has to define how these identifiers are acquired and formatted, therefore the contents of the IDENTIFIERS attribute is opaque.
</t>
</section>
<section anchor="section.attributes.pmtud-supported" title="PMTUD-SUPPORTED">
<t>
The PMTUD-SUPPORTED attribute indicates that its sender supports this specification.
This attribute is empty.
</t>
</section>
</section>
<section anchor="section.security" title="Security Considerations">
<t>
The PMTUD mechanism described in this document does not introduce any specific security considerations beyond those described in <xref target="RFC4821"/>.
</t>
<t>
The attacks described in Section 11 of <xref target="RFC4821"/> apply equally to the mechanism described in this document.
</t>
<t>
The Simple Probing mechanism may be used without authentication because this usage by itself cannot trigger an amplification attack because the Probe Response is smaller than the Probe Request.
An unauthenticated Simple Probing mechanism cannot be used in conjunction with the Implicit Probing Support Signaling mechanism in order to prevent amplification attacks.
</t>
</section>
<section anchor="section.iana" title="IANA Considerations">
<t>
This specification defines two new STUN methods and two new STUN attributes.
IANA added these new protocol elements to the "STUN Parameters Registry" created by <xref target="RFC5389"/>.
</t>
<section anchor="section.iana.methods" title="New STUN Methods">
<t>
This section lists the codepoints for the new STUN methods defined in this specification.
See Sections <xref target="section.simple"/> and <xref target="section.complete"/> for the semantics of these new methods.
</t>
<t>
<list style="none">
<t>
0xXXX : Probe
</t>
<t>
0xXXX : Report
</t>
</list>
</t>
</section>
<section anchor="section.iana.attributes" title="New STUN Attributes">
<t>
This document defines the IDENTIFIERS STUN attribute, described in <xref target="section.attributes.identifiers"/>.
IANA has allocated the comprehension-required codepoint 0xXXXX for this attribute.
</t>
<t>
This document also defines the PMTUD-SUPPORTED STUN attribute, described in <xref target="section.attributes.pmtud-supported"/>.
IANA has allocated the comprehension-optional codepoint 0xXXXX for this attribute.
</t>
</section>
</section>
</middle>
<back>
<references title="Normative References">
<reference anchor="RFC2119" target="http://www.rfc-editor.org/info/rfc2119">
<front>
<title>Key words for use in RFCs to Indicate Requirement Levels</title>
<author initials="S." surname="Bradner" fullname="S. Bradner">
<organization/>
</author>
<date year="1997" month="March"/>
<abstract>
<t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="2119"/>
<seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="RFC4821" target="http://www.rfc-editor.org/info/rfc4821">
<front>
<title>Packetization Layer Path MTU Discovery</title>
<author initials="M." surname="Mathis" fullname="M. Mathis">
<organization/>
</author>
<author initials="J." surname="Heffner" fullname="J. Heffner">
<organization/>
</author>
<date year="2007" month="March"/>
<abstract>
<t>This document describes a robust method for Path MTU Discovery (PMTUD) that relies on TCP or some other Packetization Layer to probe an Internet path with progressively larger packets. This method is described as an extension to RFC 1191 and RFC 1981, which specify ICMP-based Path MTU Discovery for IP versions 4 and 6, respectively. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="4821"/>
<seriesInfo name="DOI" value="10.17487/RFC4821"/>
</reference>
<reference anchor="RFC5389" target="http://www.rfc-editor.org/info/rfc5389">
<front>
<title>Session Traversal Utilities for NAT (STUN)</title>
<author initials="J." surname="Rosenberg" fullname="J. Rosenberg">
<organization/>
</author>
<author initials="R." surname="Mahy" fullname="R. Mahy">
<organization/>
</author>
<author initials="P." surname="Matthews" fullname="P. Matthews">
<organization/>
</author>
<author initials="D." surname="Wing" fullname="D. Wing">
<organization/>
</author>
<date year="2008" month="October"/>
<abstract>
<t>Session Traversal Utilities for NAT (STUN) is a protocol that serves as a tool for other protocols in dealing with Network Address Translator (NAT) traversal. It can be used by an endpoint to determine the IP address and port allocated to it by a NAT. It can also be used to check connectivity between two endpoints, and as a keep-alive protocol to maintain NAT bindings. STUN works with many existing NATs, and does not require any special behavior from them.</t>
<t>STUN is not a NAT traversal solution by itself. Rather, it is a tool to be used in the context of a NAT traversal solution. This is an important change from the previous version of this specification (RFC 3489), which presented STUN as a complete solution.</t>
<t>This document obsoletes RFC 3489. [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5389"/>
<seriesInfo name="DOI" value="10.17487/RFC5389"/>
</reference>
</references>
<references title="Informative References">
<reference anchor="RFC3264" target="http://www.rfc-editor.org/info/rfc3264">
<front>
<title>An Offer/Answer Model with Session Description Protocol (SDP)</title>
<author initials="J." surname="Rosenberg" fullname="J. Rosenberg">
<organization/>
</author>
<author initials="H." surname="Schulzrinne" fullname="H. Schulzrinne">
<organization/>
</author>
<date year="2002" month="June"/>
<abstract>
<t>This document defines a mechanism by which two entities can make use of the Session Description Protocol (SDP) to arrive at a common view of a multimedia session between them. In the model, one participant offers the other a description of the desired session from their perspective, and the other participant answers with the desired session from their perspective. This offer/answer model is most useful in unicast sessions where information from both participants is needed for the complete view of the session. The offer/answer model is used by protocols like the Session Initiation Protocol (SIP). [STANDARDS-TRACK]</t>
</abstract>
</front>
<seriesInfo name="RFC" value="3264"/>
<seriesInfo name="DOI" value="10.17487/RFC3264"/>
</reference>
<reference anchor="I-D.martinsen-tram-stuntrace">
<front>
<title>STUN Traceroute</title>
<author initials="P" surname="Martinsen" fullname="Paal-Erik Martinsen">
<organization/>
</author>
<author initials="D" surname="Wing" fullname="Dan Wing">
<organization/>
</author>
<date month="June" day="1" year="2015"/>
<abstract>
<t>After a UDP protocol such as RTP determines a network path is experiencing problems, a traceroute is often useful to determine which router or which link is contributing to the problem. However, operating system traceroute commands follow a different path than the actual UDP flow which complicates troubleshooting. A superior method is shown which is absolutely path-congruent with the UDP protocol itself, works on IPv4 and IPv6, and does not require administrative privileges on most operating systems.</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-martinsen-tram-stuntrace-01"/>
<format type="TXT" target="http://www.ietf.org/internet-drafts/draft-martinsen-tram-stuntrace-01.txt"/>
</reference>
<reference anchor="I-D.martinsen-tram-turnbandwidthprobe">
<front>
<title>Traversal Using Relays around NAT (TURN) Bandwidth Probe</title>
<author initials="P" surname="Martinsen" fullname="Paal-Erik Martinsen">
<organization/>
</author>
<author initials="T" surname="Andersen" fullname="Trond Andersen">
<organization/>
</author>
<author initials="G" surname="Salgueiro" fullname="Gonzalo Salgueiro">
<organization/>
</author>
<author initials="M" surname="Petit-Huguenin" fullname="Marc Petit-Huguenin">
<organization/>
</author>
<date month="May" day="29" year="2015"/>
<abstract>
<t>Performing pre-call probing to discover a reasonable value for the available bandwidth, is useful information that can be utilized by bandwidth sensitive or bandwidth intensive network devices (e.g., video encoders). The method described herein is intended to produce an initial bandwidth value. Applications using this mechanism should also employ appropriate rate adaptation techniques. In addition to bandwidth, latency and bufferbloat can also be measured. No modification is needed on the server side.</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-martinsen-tram-turnbandwidthprobe-00"/>
<format type="TXT" target="http://www.ietf.org/internet-drafts/draft-martinsen-tram-turnbandwidthprobe-00.txt"/>
</reference>
<reference anchor="RFC5780" target="http://www.rfc-editor.org/info/rfc5780">
<front>
<title>NAT Behavior Discovery Using Session Traversal Utilities for NAT (STUN)</title>
<author initials="D." surname="MacDonald" fullname="D. MacDonald">
<organization/>
</author>
<author initials="B." surname="Lowekamp" fullname="B. Lowekamp">
<organization/>
</author>
<date year="2010" month="May"/>
<abstract>
<t>This specification defines an experimental usage of the Session Traversal Utilities for NAT (STUN) Protocol that discovers the presence and current behavior of NATs and firewalls between the STUN client and the STUN server. This document defines an Experimental Protocol for the Internet community.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="5780"/>
<seriesInfo name="DOI" value="10.17487/RFC5780"/>
</reference>
</references>
<section title="Release Notes">
<t>
This section must be removed before publication as an RFC.
</t>
<section title="Modifications between draft-ietf-tram-stun-pmtud-03 and draft-ietf-tram-stun-pmtud-02">
<t>
<list style="symbols">
<t>
Add new Overview of Operations secion with ladder diagrams.
</t>
<t>
Authentication is mandatory for the Complete Probing mechanism, optional for the Simple Probing mechanism.
</t>
<t>
All the ICE specific text moves to a separate draft to be discussed in the ICE WG.
</t>
<t>
The TURN usage is removed because probing between a TURN server and TURN client is not useful.
</t>
<t>
Any usage of PMTUD-SUPPORTED or other signaling mechanisms (formerly knows as discovery mechanisms) must now be authenticated.
</t>
<t>
Both probing mechanisms are MTI in the server, the complete probing mechanism is MTI in the client.
</t>
<t>
Make clear that stopping after 3 retransmission is done by changing the STUN parameter.
</t>
<t>
Define the format of the attributes.
</t>
<t>
Make clear that the specification is for any UDP protocol that does not already have PMTUD capabilities, not just STUN based protocols.
</t>
<t>
Change the default delay to send the Report Request to 250 ms after the last Indication if the RTO is unknown.
</t>
<t>
Each usage of this specification must the format of the IDENTIFIERS attribute contents.
</t>
<t>
Better define the implicit signaling mechanism.
</t>
<t>
Extend the Security Consideration section.
</t>
<t>
Tons of nits.
</t>
</list>
</t>
</section>
<section title="Modifications between draft-ietf-tram-stun-pmtud-02 and draft-ietf-tram-stun-pmtud-01">
<t>
<list style="symbols">
<t>
Cleaned up references.
</t>
</list>
</t>
</section>
<section title="Modifications between draft-ietf-tram-stun-pmtud-01 and draft-ietf-tram-stun-pmtud-00">
<t>
<list style="symbols">
<t>
Added Security Considerations Section.
</t>
<t>
Added IANA Considerations Section.
</t>
</list>
</t>
</section>
<section title="Modifications between draft-ietf-tram-stun-pmtud-00 and draft-petithuguenin-tram-stun-pmtud-01">
<t>
<list style="symbols">
<t>
Adopted by WG - Text unchanged.
</t>
</list>
</t>
</section>
<section title="Modifications between draft-petithuguenin-tram-stun-pmtud-01 and draft-petithuguenin-tram-stun-pmtud-00">
<t>
<list style="symbols">
<t>
Moved some Introduction text to the Probing Mechanism section.
</t>
<t>
Added cross-reference to the other two STUN troubleshooting mechanism drafts.
</t>
<t>
Updated references.
</t>
<t>
Added Gonzalo Salgueiro as co-author.
</t>
</list>
</t>
</section>
<section title="Modifications between draft-petithuguenin-tram-stun-pmtud-00 and draft-petithuguenin-behave-stun-pmtud-03">
<t>
<list style="symbols">
<t>
General refresh for republication.
</t>
</list>
</t>
</section>
<section title="Modifications between draft-petithuguenin-behave-stun-pmtud-03 and draft-petithuguenin-behave-stun-pmtud-02">
<t>
<list style="symbols">
<t>
Changed author address.
</t>
<t>
Changed the IPR to trust200902.
</t>
</list>
</t>
</section>
<section title="Modifications between draft-petithuguenin-behave-stun-pmtud-02 and draft-petithuguenin-behave-stun-pmtud-01">
<t>
<list style="symbols">
<t>
Defined checksum and sequential numbers as possible packet identifiers.
</t>
<t>
Updated the reference to RFC 5389
</t>
<t>
The FINGERPRINT attribute is now mandatory.
</t>
<t>
Changed the delay between Probe indication and Report request to be RTO/2 or 50 milliseconds.
</t>
<t>
Added ICMP packet processing.
</t>
<t>
Added Full-Stop Timeout detection.
</t>
<t>
Stated that Binding request with PMTUD-SUPPORTED does not start the PMTUD process if already started.
</t>
</list>
</t>
</section>
<section title="Modifications between draft-petithuguenin-behave-stun-pmtud-01 and draft-petithuguenin-behave-stun-pmtud-00">
<t>
<list style="symbols">
<t>
Removed the use of modified STUN transaction but shorten the retransmission for the simple probing mechanism.
</t>
<t>
Added a complete probing mechanism.
</t>
<t>
Removed the PADDING-RECEIVED attribute.
</t>
<t>
Added release notes.
</t>
</list>
</t>
</section>
</section>
<section anchor="section.acknowledgments" title="Acknowledgements" numbered="no">
<t>
Thanks to Eilon Yardeni, Geir Sandbakken, Paal-Erik Martinsen, Tirumaleswar Reddy, and Ram Mohan R for their review comments, suggestions and questions that helped to improve this document.
</t>
<t>
Special thanks to Dan Wing, who supported this document since its first publication back in 2008.
</t>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 02:07:14 |