Network Working Group F. L. Templin, Ed. Internet-Draft Boeing Research & Technology Updates: 6864, 8900 (if approved) 1 December 2023 Intended status: Standards Track Expires: 3 June 2024 IPv6 Extended Fragment Header for IPv4 draft-templin-intarea-ipid-ext-26 Abstract The Internet Protocol, version 4 (IPv4) header includes a 16-bit Identification field in all packets, but this length is too small to ensure reassembly integrity even at moderate data rates in modern networks. Even for Internet Protocol, version 6 (IPv6), the 32-bit Identification field included when a Fragment Header is present may be smaller than desired for some applications. This specification addresses these limitations by adapting the IPv6 Extended Fragment Header for IPv4. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 3 June 2024. Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components Templin Expires 3 June 2024 [Page 1] Internet-Draft IP Identification Extension December 2023 extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Relation to IPv6 . . . . . . . . . . . . . . . . . . . . . . 3 3. IPv6 Extended Fragment Header for IPv4 . . . . . . . . . . . 3 4. IPv4 ID Applications . . . . . . . . . . . . . . . . . . . . 5 5. Destination Qualification . . . . . . . . . . . . . . . . . . 5 6. Packet Too Big (PTB) Extensions . . . . . . . . . . . . . . . 6 7. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 6 8. Implementation Status . . . . . . . . . . . . . . . . . . . . 7 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 10. Security Considerations . . . . . . . . . . . . . . . . . . . 7 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 12.1. Normative References . . . . . . . . . . . . . . . . . . 8 12.2. Informative References . . . . . . . . . . . . . . . . . 8 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 10 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 10 1. Introduction The Internet Protocol, version 4 (IPv4) header includes a 16-bit Identification in all packets [RFC0791], but this length is too small to ensure reassembly integrity even at moderate data rates in modern networks [RFC4963][RFC6864][RFC8900]. This specification adapts the IPv6 Extended Fragment Header [I-D.templin-6man-ipid-ext] for Identification extension and to support an alternate fragmentation and reassembly service for IPv4. When an IPv4 packet includes the IPv6 Extended Fragment Header, the Identification value and fragmentation parameters encoded in the IPv4 header are unused and set to 0 except for the "Don't Fragment (DF)" flag which is set to 1. The IPv6 Extended Fragment Header enables a "deep packet fragmentation" capability that supports Identification, fragmentation and reassembly from deep within the packet instead of at the IPv4 header level. This service may be useful for networks that engage fragmentation and reassembly at extreme data rates, or for cases when advanced IPv4 packet Identification uniqueness assurance is critical. Templin Expires 3 June 2024 [Page 2] Internet-Draft IP Identification Extension December 2023 2. Relation to IPv6 As is often the case, extensions intended for IPv6 can be applied in similar fashion as for IPv4 (and vice-versa). The terminology used and the motivation for extending the Identification field for IPv4 is the same as for IPv6 Identification extension as specified in [I-D.templin-6man-ipid-ext]. All normative aspects of the IPv6 specification that can be applied for IPv4 apply also to this document. 3. IPv6 Extended Fragment Header for IPv4 IPv4 end systems and intermediate systems do not by default recognize the IP protocol numbers for IPv6 extension headers, as these are typically used to support IPv6 operations only. However, implementations of this specification are required to recognize IP protocol number '60' and its associated header and option formats as defined for the IPv6 Destination Options header [RFC8200]. Implementations of this specification MUST recognize the IPv6 Extended Fragment Header destination option as specified in [I-D.templin-6man-ipid-ext] when it appears as the first option of the first IPv6 Destination Options Header. The Destination Options Header with Extended Fragment Header option are formatted as shown in Figure 1: Templin Expires 3 June 2024 [Page 3] Internet-Draft IP Identification Extension December 2023 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Next Header (1)| Hdr Ext Len | Option Type | Opt Data Len | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Next Header (2)| Index |P|S| Fragment Offset |Res|M| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | +-+-+-+- Identification (64 bits) -+-+-+-+ | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Next Header (1) encodes the protocol number of the upper layer protocol header that follows the Destination Options Header for unfragmented packets; otherwise, encodes "No Next Hdr". Hdr Ext Len 8-bit value 1 (i.e., 2 units of 8 octets). Encodes a larger value if the Destination Options Header includes more options. Option Type 8-bit value, the same as specified in [I-D.templin-6man-ipid-ext]. Opt Data Len 8-bit value 12. Next Header (2) a temporary copy of Next Header (1) used when the packet is subject to fragmentation. Index, P, S a control octet that identifies the components of an IP Parcel [I-D.templin-intarea-parcels]. Fragment Offset, the same fragmentation control fields that Res, M appear in the standard IPv6 Fragment Header. Identification an 8-octet (64 bit) unsigned integer Identification, in network byte order. Figure 1: IPv6 Extended Fragment Header IPv4 sources insert an IPv6 Destination Option with an Extended Fragment Header immediately after the end of the IPv4 header and before the upper layer protocol header, e.g., TCP, UDP, etc. The source then increments the IPv4 Total Length by 16 octets, sets the IPv4 Protocol field to '60' and sets the IPv6 Destination Options Header Next Header (1) field to the upper layer protocol number. The IPv4 source then applies fragmentation if necessary the same as for the IPv6 fragmentation procedures specified in [I-D.templin-6man-ipid-ext]. This will produce a sequence of Templin Expires 3 June 2024 [Page 4] Internet-Draft IP Identification Extension December 2023 fragments each containing a copy of the IPv4 header followed by the Destination Options Header with IPv6 Extended Fragment Header option (with Fragment Offset, M and Identification set appropriately) followed by a fragment of the upper layer protocol payload. The IPv4 source then sends the fragments to the IPv4 destination which accepts and processes them only if it recognizes IP Protocol '60' as above. The destination then reassembles per the procedures specified in [I-D.templin-6man-ipid-ext]. IPv4 intermediate systems that recognize the IPv6 Destination Options Header in IPv4 packets may perform (further) fragmentation based on the Extended Fragment Header as above even if the IPv4 Don't Fragment (DF) flag is set to '1'. IPv4 intermediate systems and destinations return PTB messages as necessary under the same conditions specified for the IPv6 Extended Fragment Header in [I-D.templin-6man-ipid-ext]. 4. IPv4 ID Applications [RFC6864] limits the use of the IPv4 ID field to only supporting the fragmentation and reassembly processes. When an IPv4 packet includes an IPv6 Extended Fragment Header, however, the source asserts that the Identification includes a well-managed extended-length value that can satisfy uniqueness properties useful for other purposes. This specification therefore updates [RFC6864] by permitting use of the extended Identification for purposes other than fragmentation and reassembly support. 5. Destination Qualification IPv4 destinations that do not recognize the IPv6 Destination Options Header with Extended Fragment Header option appearing immediately after the IPv4 header unconditionally drop the packet and SHOULD return an "ICMPv4 Destination Unreachable - Protocol Unreachable" message per [RFC0792]. The source can therefore test whether a destination recognizes the IPv6 Destination Options Header and Extended Fragment Header option by occasionally sending a "probe" packet that includes them. If the source receives an acknowledgement, it has assurance that the destination implements the protocol; the source can instead consider receipt of an ICMPv4 Destination Unreachable - Protocol Unreachable as a hint that the destination does not implement the protocol. The source should occasionally re-probe each destination in case routing redirects a flow to a different anycast destination. Templin Expires 3 June 2024 [Page 5] Internet-Draft IP Identification Extension December 2023 6. Packet Too Big (PTB) Extensions When an intermediate system attempts to forward an IP packet that exceeds the next hop link MTU but for which fragmentation is forbidden, it returns an ICMPv6 "Packet Too Big (PTB)" message with Code 0 [RFC8201] or an ICMPv4 "Destination Unreachable - Fragmentation Needed" message [RFC1191] to the source and discards the packet. This always results in wasted transmissions for which the source is required to reduce the size of the packets it is sending and retransmit. [I-D.templin-6man-ipid-ext] suggests that source and/or network fragmentation should instead be used to ensure that packets are delivered to the destination even if they exceed the path MTU. The document therefore defines new ICMPv6 PTB Code values to monitor and control the fragmentation and reassembly processes. Rather than define corresponding codes for ICMPv4, however, this document requires sources that send packets with IPv4 Identification Extension options to accept and take appropriate actions based on ICMPv6 PTB messages with one of the fragmentation/reassembly Code values defined in [I-D.templin-6man-ipid-ext]. IPv4 intermediate systems and destinations that send the ICMPv6 PTB messages must therefore employ OMNI UDP/IPv4 encapsulation of ICMPv6 messages with IPv4-compatible IPv6 addresses so the messages can traverse IPv4 networks [I-D.templin-intarea-omni]. IPv4 sources must therefore monitor the OMNI UDP port for UDP/IPv4-encapsulated ICMPv6 messages. 7. Requirements Intermediate systems MUST forward without dropping IPv4 packets that include a Destination Options Header with an Extended Fragment Header option unless they detect a security policy threat through deeper inspection of the protocol data that follows. Sources MUST include at most one Extended Fragment Header in each IPv4 packet/fragment. Intermediate systems and destinations SHOULD silently drop packets/fragments with multiples. If the source includes an IPv6 Destination Options Header with Extended Fragment Header option, it must appear immediately after the IPv4 header. Destinations that accept flows using Extended Fragment Headers: * MUST configure an EMTU_R of 65535 octets or larger, Templin Expires 3 June 2024 [Page 6] Internet-Draft IP Identification Extension December 2023 * SHOULD advertise the largest possible receive packet size (i.e., as large as EMTU_R) in PTB messages, and * MAY advertise a reduced receive packet size in PTB messages during periods of congestion. While a source has assurance that the destination(s) will recognize and correctly process the Extended Fragment Header, it can continue to send fragmented or fragmentable packets as large as the current receive packet size at rates within the MSL/MDL wraparound threshold for the extended IP ID length; otherwise, the source honors the MSL/ MDL threshold for the non-extended Identification field length [RFC6864]. Note: IP fragmentation can only be applied for conventional packets as large as 65535 octets. IP parcels and Advanced Jumbos (AJs) provide a means for efficiently packaging and shipping multiple large segments or truly large singleton segments in packets that may exceed this size [I-D.templin-intarea-parcels]. 8. Implementation Status In progress. 9. IANA Considerations This document has no requirements for IANA. 10. Security Considerations All aspects of IP security apply equally to this document, which does not introduce any new vulnerabilities. Moreover, when employed correctly the mechanisms in this document robustly address known IPv4 reassembly integrity concerns [RFC4963] and also provide an advanced degree of packet Identification uniqueness assurance. All other security aspects of the IPv6 Extended Fragment Header per [I-D.templin-6man-ipid-ext] apply also to its use in IPv4. 11. Acknowledgements This work was inspired by continued DTN performance studies. Amanda Baber, Tom Herbert, Bob Hinden and Eric Vyncke offered useful insights that helped improve the document. Honoring life, liberty and the pursuit of happiness. 12. References Templin Expires 3 June 2024 [Page 7] Internet-Draft IP Identification Extension December 2023 12.1. Normative References [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, DOI 10.17487/RFC0791, September 1981, . [RFC0792] Postel, J., "Internet Control Message Protocol", STD 5, RFC 792, DOI 10.17487/RFC0792, September 1981, . [RFC1122] Braden, R., Ed., "Requirements for Internet Hosts - Communication Layers", STD 3, RFC 1122, DOI 10.17487/RFC1122, October 1989, . [RFC1191] Mogul, J. and S. Deering, "Path MTU discovery", RFC 1191, DOI 10.17487/RFC1191, November 1990, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC4443] Conta, A., Deering, S., and M. Gupta, Ed., "Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification", STD 89, RFC 4443, DOI 10.17487/RFC4443, March 2006, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8200] Deering, S. and R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification", STD 86, RFC 8200, DOI 10.17487/RFC8200, July 2017, . [RFC8201] McCann, J., Deering, S., Mogul, J., and R. Hinden, Ed., "Path MTU Discovery for IP version 6", STD 87, RFC 8201, DOI 10.17487/RFC8201, July 2017, . 12.2. Informative References Templin Expires 3 June 2024 [Page 8] Internet-Draft IP Identification Extension December 2023 [I-D.templin-6man-ipid-ext] Templin, F., "IPv6 Identification Extension", Work in Progress, Internet-Draft, draft-templin-6man-ipid-ext-00, 28 November 2023, . [I-D.templin-dtn-ltpfrag] Templin, F., "LTP Fragmentation", Work in Progress, Internet-Draft, draft-templin-dtn-ltpfrag-16, 23 October 2023, . [I-D.templin-intarea-omni] Templin, F., "Transmission of IP Packets over Overlay Multilink Network (OMNI) Interfaces", Work in Progress, Internet-Draft, draft-templin-intarea-omni-51, 21 November 2023, . [I-D.templin-intarea-parcels] Templin, F., "IP Parcels and Advanced Jumbos (AJs)", Work in Progress, Internet-Draft, draft-templin-intarea- parcels-90, 20 November 2023, . [RFC4963] Heffner, J., Mathis, M., and B. Chandler, "IPv4 Reassembly Errors at High Data Rates", RFC 4963, DOI 10.17487/RFC4963, July 2007, . [RFC6864] Touch, J., "Updated Specification of the IPv4 ID Field", RFC 6864, DOI 10.17487/RFC6864, February 2013, . [RFC7126] Gont, F., Atkinson, R., and C. Pignataro, "Recommendations on Filtering of IPv4 Packets Containing IPv4 Options", BCP 186, RFC 7126, DOI 10.17487/RFC7126, February 2014, . [RFC8799] Carpenter, B. and B. Liu, "Limited Domains and Internet Protocols", RFC 8799, DOI 10.17487/RFC8799, July 2020, . [RFC8900] Bonica, R., Baker, F., Huston, G., Hinden, R., Troan, O., and F. Gont, "IP Fragmentation Considered Fragile", BCP 230, RFC 8900, DOI 10.17487/RFC8900, September 2020, . Templin Expires 3 June 2024 [Page 9] Internet-Draft IP Identification Extension December 2023 Appendix A. Change Log << RFC Editor - remove prior to publication >> Differences from earlier versions: * First draft publication. Author's Address Fred L. Templin (editor) Boeing Research & Technology P.O. Box 3707 Seattle, WA 98124 United States of America Email: fltemplin@acm.org Templin Expires 3 June 2024 [Page 10]