Skip to main content

Packetization Layer Path Maximum Transmission Unit Discovery (PLPMTUD) For IPsec Tunnels

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Shibu Piriyath , Umesh Mangla , Nagavenkata Melam , Ron Bonica
Last updated 2018-09-02 (Latest revision 2018-03-01)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document describes Packetization Layer PMTU Discovery (PLPMTUD) procedures for IPSec tunnels. In these procedures, the encrypting node discovers and maintains a running estimate of the tunnel MTU. In order to do this, the encrypting nodes sends Probe Packets of various size through the IPSec tunnel. If the size of Probe Packet exceeds the tunnel MTU, a downstream node discards the packet and sends an ICMP PTB message to the encrypting node. The encrypting node ignores the ICMP PTB message. If the size of the Probe Packet does not exceed the tunnel MTU and the decrypting node receives the Probe Packet, the decrypting node sends an Acknowledgement Packet to encrypting node through the IPSec tunnel. The Acknowledgement Packet indicates the size of the Probe Packet. The procedures described in this document are applicable to IPSec tunnels that are signaled by IKEv2 and provide authentication services.


Shibu Piriyath
Umesh Mangla
Nagavenkata Melam
Ron Bonica

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)