Network Working Group                                          R. Hinden
Internet-Draft                                      Check Point Software
Intended status: Standards Track                            G. Fairhurst
Expires: April 19, 2019                           University of Aberdeen
                                                        October 16, 2018


                IPv6 Minimum Path MTU Hop-by-Hop Option
                    draft-hinden-6man-mtu-option-00

Abstract

   This document specifies a new Hop-by-Hop IPv6 option that is used to
   record the minimum Path MTU from a source to a destination host.
   This collects a minimum recorded MTU along the path to the
   destination.  The value can then be communicated back to the source
   host by an ICMPv6 Packet Too Big message.

   This Hop-by-Hop option is intended to be used in environments like
   Data Centers and on paths between Data Centers, to allow them to
   better take advantage of paths able to support a large Path MTU.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 19, 2019.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents



Hinden & Fairhurst       Expires April 19, 2019                 [Page 1]


Internet-Draft               Path MTU Option                October 2018


   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Requirements Language . . . . . . . . . . . . . . . . . . . .   4
   3.  Applicability Statements  . . . . . . . . . . . . . . . . . .   4
   4.  IPv6 Minimum Path MTU Hop-by-Hop Option . . . . . . . . . . .   4
   5.  Router, Host, and Transport Behaviors . . . . . . . . . . . .   5
     5.1.  Router Behaviour  . . . . . . . . . . . . . . . . . . . .   5
     5.2.  Host Behavior . . . . . . . . . . . . . . . . . . . . . .   5
     5.3.  Transport Behavior  . . . . . . . . . . . . . . . . . . .   7
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   8.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .   9
   9.  Change log [RFC Editor: Please remove]  . . . . . . . . . . .   9
   10. References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
     10.1.  Normative References . . . . . . . . . . . . . . . . . .   9
     10.2.  Informative References . . . . . . . . . . . . . . . . .  10
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  10

1.  Introduction

   This draft proposes a new Hop-by-Hop Option to be used to record the
   minimum MTU along a path between the source and destination nodes.
   The source node creates a packet with this Hop-by-Hop Option and
   fills the Reported PMTU Field in the option with the MTU of the
   outbound link that will be used to forward the the packet towards the
   destination.

   At each subsequent hop where the option is processed, the router
   compares the value of the Reported PMTU in the option and the MTU of
   its outgoing link.  If the MTU of the outgoing link is less than the
   Reported PMTU specified in the option, it rewrites the value in the
   Option Data with the smaller value.  When the packet arrives at the
   Destination node, the Destination node can send the minimum reported
   PMTU value back to the Source Node.  This can be done by creating an
   ICMPv6 Packet Too Big message.

   The figure below can be used to illustrate the operation of the
   method.  In this case, the path between the Sender and Destination
   nodes comprises three links, the sender has a link MTU of size MTU-S,
   the link between routers R1 and R2 has an MTU of size 8 KBytes, and
   the final link to the destination has an MTU of size MTU-D.



Hinden & Fairhurst       Expires April 19, 2019                 [Page 2]


Internet-Draft               Path MTU Option                October 2018


      +--------+         +----+        +----+         +-------+
      |        |         |    |        |    |         |       |
      | Sender +---------+ R1 +--------+ R2 +-------- + Dest. |
      |        |         |    |        |    |         |       |
      +--------+  MTU-S  +----+  8 KB  +----+  MTU-D  +-------+


   The scenarios are described:

   Scenario 1, considers all links to have an 8 KByte MTU and the method
   is supported by both routers.

   Scenario 2, considers the destination link to have an MTU of 1500
   Byte.  This is the smallest MTU, router R2 resets the reported PMTU
   to 1500 Byte and this is detected by the method.  Had there been
   another smaller MTU at a link further along the path that supports
   the method, the lower PMTU would also have been detected.

   Scenario 3, considers the case where the router preceding the
   smallest link does not support the method, and the method then fails
   to detect the actual PMTU.  These scenarios are summarized in the
   table below.  This scenario would also arise if the PTB message was
   not delivered to the sender.


      +-+-----+-----+----+----+----------+-----------------------+
      | |MTU-S|MTU-D| R1 | R2 | Rec PMTU | Note                  |
      +-+-----+-----+----+----+----------+-----------------------+
      |1| 8KB | 8KB | H  | H  |  8 KB    | Endpoints attempt to  |
      |       |     |    |    |          | use an 8 KB PMTU.     |
      +-+-----+-----+----+----+----------+-----------------------+
      |2| 8KB |1500B| H  | H  |  1500 B  | Endpoints attempt to  |
      | |     |     |    |    |          | use a 1500 B PMTU.    |
      +-+-----+-----+----+----+----------+-----------------------+
      |3| 8KB |1500B| H  | -  |  8 KB    | Endpoints attempt to  |
      | |     |     |    |    |          | use an 8 KB PMTU, but |
      | |     |     |    |    |          | need to implement a   |
      | |     |     |    |    |          | method to fall back   |
      | |     |     |    |    |          | use a 1500 B PMTU.    |
      +-+-----+-----+----+----+----------+-----------------------+


   IPv6 as specified in [RFC8200] allows nodes to optionally process
   Hop-by-Hop headers.  Specifically from Section 4:

   o  The Hop-by-Hop Options header is not inserted or deleted, but may
      be examined or processed by any node along a packet's delivery
      path, until the packet reaches the node (or each of the set of



Hinden & Fairhurst       Expires April 19, 2019                 [Page 3]


Internet-Draft               Path MTU Option                October 2018


      nodes, in the case of multicast) identified in the Destination
      Address field of the IPv6 header.  The Hop-by-Hop Options header,
      when present, must immediately follow the IPv6 header.  Its
      presence is indicated by the value zero in the Next Header field
      of the IPv6 header.

   o  NOTE: While [RFC2460] required that all nodes must examine and
      process the Hop-by-Hop Options header, it is now expected that
      nodes along a packet's delivery path only examine and process the
      Hop-by-Hop Options header if explicitly configured to do so.

   The Hop-by-Hop Option defined in this document is designed to take
   advantage of this property of how Hop-by-Hop options are processed.
   Nodes that do not support this Option SHOULD ignore them.  This can
   mean that the value returned in the response message does not account
   for all links along a path.

2.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  Applicability Statements

   This Hop-by-Hop Option header is intended to be used in environments
   such as Data Centers and on paths between Data Centers, to allow them
   to better take advantage of a path able to support a large PMTU.  For
   example, it helps inform a sender that the path includes links that
   have a MTU of 9,000 Bytes.  This has many performance advantages
   compared to the current practice of limiting packets to 1280 Bytes.

   The design of the option is sufficiently simple that it could be
   executed on a router's fast path.  To create critical mass for this
   to happen will have to be a strong pull from router vendors
   customers.  This could be the case for connections within and between
   Data Centers.

   The method could also be useful in other environments, including the
   general Internet.

4.  IPv6 Minimum Path MTU Hop-by-Hop Option

   The Minimum Path MTU Hop-by-Hop Option has the following format:





Hinden & Fairhurst       Expires April 19, 2019                 [Page 4]


Internet-Draft               Path MTU Option                October 2018


       Option    Option    Option
        Type    Data Len   Data
      +--------+--------+--------+--------+
      |BBCTTTTT|00000010|  2 octet value  |
      +--------+--------+--------+--------+

      Option Type:

      BB     00  Skip over this option and continue processing.

      C       1  Option data can change en route to the packet's final
                 destination.

      TTTTT      [Option Type to Be Assigned by IANA]

      Length: 2  Note the size of the Option Data field supports Path
                 MTU values from 0 to 65,535 octets.

      Value:  n  The Reported PMTU in octets, reflecting the smallest
                 link MTU that the packet experienced across the path.

5.  Router, Host, and Transport Behaviors

5.1.  Router Behaviour

   Routers that do not support Hop-by-Hop options SHOULD ignore this
   option and forward the packet.

   Routers that support Hop-by-Hop Options, but do not recognize this
   option SHOULD ignore it and forward the packet.

   Routers that recognize this option SHOULD compare the MTU in the
   Option Value field and the MTU of the outgoing link.  If the MTU of
   the outgoing link is less than the MTU in the option, the router
   rewrites the value in the Option Value field with the smaller value.

   Discussion:

   o  The design of this Hop-by-Hop Option makes it feasible to be in
      the fast path of a router, because the required processing is
      simple.

5.2.  Host Behavior

   The source host that supports this option SHOULD create the packet
   with this Hop-by-Hop Option and fill the reported PMTU field of the
   option with the MTU of the link field that it will send the packet
   over on the next hop towards the destination.



Hinden & Fairhurst       Expires April 19, 2019                 [Page 5]


Internet-Draft               Path MTU Option                October 2018


   Discussion:

   o  This option need not be sent in all packets when using a Transport
      protocol.

   o  In the case of TCP, it could be included in packets carrying a SYN
      segment as part of the connection set up, or can periodically sent
      in packets carrying other segments.  Including this option in a
      large packet is not likely to be useful, since the large packet
      might itself also be dropped by a link along the path with a
      smaller MTU, preventing the Reported PMTU information from
      reaching the Destination node.

   o  The use Transport protocols like UDP are harder to characterize
      because they range from very short-lived exchanges, to longer
      exchanges of packets between the Source and Destination nodes.

   o  For applications that use Anycast, this option should be included
      in all packets as the actual destination will vary due to the
      nature of Anycast.

   o  To optimise for simple-exchange protocols that only send one or a
      few packets per transaction, a node could assume the Path MTU is
      symmetrical, that is where the Path MTU is the same in both
      directions, or at least not smaller in the return path.  This
      optimisation does not hold when the paths are not symmetric.

   o  The use of this with DNS and DNSSEC over UDP ought to work as long
      as the paths are symmetric.  The DNS server will learn the Path
      MTU from the DNS query messages.  If the return Path MTU is
      smaller, then the large DNSSEC response may be dropped and the
      known problems with PMTUD will occur.  DNS and DNSSEC over
      transport protocols that can carry the Path MTU should work.

   A Destination Host MUST NOT respond to each packet received with the
   option, when the option also carries the same received value.  This
   is necessary to avoid generating excessive feedback traffic.  When
   sending an ICMPv6 Packet Too Big message the node MUST follow the
   procedures in [RFC4443] and [RFC8201] in order to not send too many
   ICMPv6 Packet Too Big Messages to the source.

   When a Destination Host, that supports this option, receives a packet
   with this option, it SHOULD first compare the Reported PMTU value
   with a value received earlier from this source.  If this is the first
   value, or if the received value is lower, it SHOULD record the value
   as the Received PMTU for the Source of the Packet, and it SHOULD send
   the new value back to the Source of the packet.  This can be done by
   creating an ICMPv6 Packet Too Big message.



Hinden & Fairhurst       Expires April 19, 2019                 [Page 6]


Internet-Draft               Path MTU Option                October 2018


   NOTE: The Received PMTU could also be reset by a timer to allow
   periodic refresh of the state.  This would also allow a sender to
   discover cases where the Path MTU has increased.

   Discussion:

   o  A simple mechanism could only send an ICMPv6 Packet Too Big
      message the first time this option is received or when the
      Received PMTU is reduced.  This is good because it limits the
      number sent, but there is no provision for retransmission of the
      Path MTU if the ICMPv6 Packet Too Big Message fails to reach the
      sender, or the sender looses state.

   o  The Reported PMTU value could increase or decrease over time.  For
      instance, it would increase when the path changes and the packets
      become then forwarded over a link with a MTU larger than the link
      previously used.

5.3.  Transport Behavior

   A transport endpoint using this option needs to use a method to
   verify the information provided by this option.

   The Received PMTU does not necessarily reflect the actual PMTU
   between the sender and destination.  Care therefore needs to be
   exercised in using this value at the sender.  Specifically:

   o  If the Received PMTU value returned by the Destination is the same
      as the initial Reported PMTU value, there could still be a router
      or layer 2 device on the path that does not support this PMTU.

   o  If the Received PMTU value returned by the Destination is smaller
      than the initial Reported PMTU value, there is at least one router
      in the path with a smaller MTU.  There could still be another
      router or layer 2 device on the path that does not support this
      MTU.

   o  If the Received PMTU value returned by the Destination is larger
      than the initial Reported PMTU value, this may be a corrupted,
      delayed or misordered response, and SHOULD be ignored.

   A sender needs to discriminate between the Received PMTU value in a
   PTB message generated in response to a Hop-by-Hop option requesting
   this, and a PTB message received from a router on the path.

   A PMTUD or PLPMTUD method could use the Received PMTU value as an
   initial target size to probe the path.  This can significantly
   decrease the number of probe attempts (and hence time taken) to



Hinden & Fairhurst       Expires April 19, 2019                 [Page 7]


Internet-Draft               Path MTU Option                October 2018


   arrive at a workable PMTU.  It has the potential to complete
   discovery of the correct value in a single RTT, even over paths that
   may have successive links configured with lower MTUs.

   Since the method can delay notification of an increase in the actual
   PMTU, the sender SHOULD continue to probe for a PMTU value that is
   larger than the Received PMTU value.

   Since the option consumes less capacity than an a full probe packet,
   there may be advantage in using this to detect a change in the path
   characteristics.

   Note: Further details to be included in next version.

   NOTE: A future version of the document will consider more the impact
   of ECMP.  Specifically, whether a Received PMTU value is maintained
   by the method for each transport endpoint, or each network address,
   and how these are best used by methods such as PLPMTUD.

6.  IANA Considerations

   IANA is requested to assign the new IPv6 Hop-by-Hop Option.

   IANA is also requested to register this option in the "Destination
   Options and Hop-by-Hop Options Registry" [IANA-HBH].

7.  Security Considerations

   A sender MUST check the quoted packet within the PTB message to
   validate that the message is in response to a packet that was
   originated by the sender.  Messages that fail this check MAY be
   logged but the information they contain MUST be discarded.

   The method has no way to protect the destination from off-path attack
   with packets that do not originate from the source.  This could be
   used to inflate or reduce the size of the reported PMTU.

   The method solicits a response from the destination, which should be
   used to force generation of a response.  A malicious device could
   advertise a change size of MTU creating work at the destination, and
   potentially traffic on the return path to the sender.

   TBD








Hinden & Fairhurst       Expires April 19, 2019                 [Page 8]


Internet-Draft               Path MTU Option                October 2018


8.  Acknowledgments

   Helpful comments were received from [your name here] and other
   members of the 6MAN working group.

9.  Change log [RFC Editor: Please remove]

   draft-hinden-6man-mtu-option-00, 2018-Oct-16:

   Initial draft.

10.  References

10.1.  Normative References

   [IANA-HBH]
              "Destination Options and Hop-by-Hop Options",
              <https://www.iana.org/assignments/ipv6-parameters/
              ipv6-parameters.xhtml#ipv6-parameters-2>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
              RFC2119, March 1997, <https://www.rfc-editor.org/info/
              rfc2119>.

   [RFC4443]  Conta, A., Deering, S., and M. Gupta, Ed., "Internet
              Control Message Protocol (ICMPv6) for the Internet
              Protocol Version 6 (IPv6) Specification", STD 89, RFC
              4443, DOI 10.17487/RFC4443, March 2006, <https://www.rfc-
              editor.org/info/rfc4443>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

   [RFC8200]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", STD 86, RFC 8200, DOI 10.17487/
              RFC8200, July 2017, <https://www.rfc-editor.org/info/
              rfc8200>.

   [RFC8201]  McCann, J., Deering, S., Mogul, J., and R. Hinden, Ed.,
              "Path MTU Discovery for IP version 6", STD 87, RFC 8201,
              DOI 10.17487/RFC8201, July 2017, <https://www.rfc-
              editor.org/info/rfc8201>.







Hinden & Fairhurst       Expires April 19, 2019                 [Page 9]


Internet-Draft               Path MTU Option                October 2018


10.2.  Informative References

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, DOI 10.17487/RFC2460,
              December 1998, <https://www.rfc-editor.org/info/rfc2460>.

Authors' Addresses

   Robert M. Hinden
   Check Point Software
   959 Skyway Road
   San Carlos, CA  94070
   USA

   Email: bob.hinden@gmail.com


   Godred Fairhurst
   University of Aberdeen
   School of Engineering
   Fraser Noble Building
   Aberdeen  AB24 3UE
   UK

   Email: gorry@erg.abdn.ac.uk


























Hinden & Fairhurst       Expires April 19, 2019                [Page 10]