Internet Area WG J. Touch Internet Draft USC/ISI Intended status: M. Mathis Expires: January 2009 PSC July 7, 2008 IPv4 ID Uniqueness Requirements draft-touch-intarea-ipv4-unique-id-00.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on January 7, 2009. Copyright Notice Copyright (C) The IETF Trust (2008). Abstract The IPv4 Identification field enables fragmentation and reassembly. This document clarifies the meaning of this field in the absence of fragmentation, based on ubiquitous current practice. Touch, Mathis Expires January 7, 2009 [Page 1] Internet-Draft IPv4 ID Uniqueness Requirements July 2008 Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119 [1]. Table of Contents 1. Introduction...................................................2 2. Current Requirements...........................................2 3. Uses of the ID Field in IPv4...................................3 4. IPv4 ID Exhaustion.............................................4 5. Current Practice...............................................4 6. Recommended Practice...........................................4 7. Security Considerations........................................6 8. IANA Considerations............................................6 9. Acknowledgments................................................6 9.1. Normative References......................................6 9.2. Informative References....................................6 Author's Addresses................................................7 Intellectual Property Statement...................................7 Disclaimer........................................................8 1. Introduction In IPv4, the IP Identification (ID) field is a 16-bit value that is unique for every packet for a given source address, destination address, and protocol, such that it does not repeat within the Maximum Segment Lifetime (MSL) [2][7]. All packets between a source and destination of a given protocol must have unique ID values over a period of an MSL, which is typically interpreted as two minutes (120 seconds). This uniqueness is currently specified as required for all packets, regardless of fragmentation settings. The uniqueness of the IP ID is a known problem for high speed devices, because it limits the speed of a single protocol between two endpoints to 6.4 Mbps for typical MTUs of 1500 bytes [4]. This strongly indicates that the uniqueness of the IPv4 ID is moot. This document describes the current practice of relaxing the IPv4 uniqueness requirement. 2. Current Requirements IP supports packet fragmentation, where large packets are split into smaller components to traverse links with limited maximum Touch, Mathis Expires January 7, 2009 [Page 2] Internet-Draft IPv4 ID Uniqueness Requirements July 2008 transmission units (MTUs). Fragments are indicated in different ways in IPv4 and IPv6: o In IPv4, the header contains three fields: Identification (ID), Offset, a "Don't Fragment" flag (DF), and a "More Fragments" flag (MF) [7] o In IPv6, fragments are indicated in an extension header that includes an ID, Offset, and MF flag similar to their counterparts in IPv4 [3] IPv4 and IPv6 fragmentation differs in a few important ways. IPv6 fragmentation occurs only at the source, so a DF bit is not needed to prevent downstream devices from initiating fragmentation. The IPv6 fragment header is present only when a packet has been fragmented, so the fields - notably the ID field, as will be shown later - are not present for non-fragmented packets, and thus are meaningful only for fragments. Finally, the ID field is 32 bits, and unique per source/destination address pair for IPv6, whereas for IPv4 it is only 16 bits and unique per source/destination/protocol triple. This document focuses on the IPv4 ID field issues, because in IPv6 the field is larger and present only in fragments. 3. Uses of the ID Field in IPv4 The IPv4 ID field was originally intended for fragmentation and reassembly. Within a given source address, destination address, and protocol, fragments of an original packet are matched based on their IP ID. This requires that IDs are unique within the address/protocol triple when fragmentation is possible (e.g., DF=0). The ID field has been discussed as useful in other ways. It can be used to detect and discard duplicate packets, e.g., at congested routers (see Sec. 3.2.1.5 of [2]). The ID field may also be useful in tunnels. ICMP along tunnels may return only a portion of the information needed by a tunnel ingress to relay information back to the packet source. Encapsulators may retain copies of recently sent packets, to enable ICMP relaying [6]. These latter uses require that the IP ID be unique across all packets, not only when fragmentation is enabled. Touch, Mathis Expires January 7, 2009 [Page 3] Internet-Draft IPv4 ID Uniqueness Requirements July 2008 4. IPv4 ID Exhaustion With the maximum IPv4 packet size of 64KB, a 16-bit ID field that does not repeat within 120 seconds means that the sum of all TCP connections of a given protocol between two endpoints is limited to roughly 286 Mbps; at a more typical MTU of 1500 bytes, this speed drops to 6.4 Mbps [4]. This limit currently applies for all IPv4 packets, regardless of whether fragmentation is enabled, used, or inhibited. Note that IPv6, even at typical MTUs, is capable of 18.7 Tbps when fragments are present, due to the larger 32-bit ID field. When fragmentation is not used, IPv6 speeds are not limited by the ID field uniqueness. 5. Current Practice Wireless Internet devices are frequently connected at speeds over 54 Mbps, and wired links of 1 Gbps have been the default for several years. Although many end-to-end transport paths are congestion limited, these devices easily achieve 100+ Mbps application-layer throughput over LANs (e.g., disk-to-disk file transfer rates), and numerous throughput demonstrations have been performed with COTS systems at these speeds for over a decade. This strongly suggests that IPv4 ID uniqueness has been moot for a long time. 6. Recommended Practice There are two kinds of packets, defined herein, for which recommended practice is described: o Atomic packets: packets not yet having been fragmented (MF=0 and offset=0) and for which further fragmentation has been inhibited (DF=1), i.e.: ((DF==1)&&(MF==0)&&(offset==0)) o Non-atomic packets: packets which have either already been fragmented (MF=1 or offset>0 or both), or for which fragmentation remains possible (DF=0), i.e.: ((DF==0)||(MF==1)||(offset>0)), or (equivalently), ~((DF==1)&&(MF==0)&&(offset==0)). Although at least one document suggests the ID field has other uses, it useful to confirm here that the ID field is defined only for fragmentation: o Gateways and receiving hosts (or tunnel egresses using IP encapsulation) MUST ignore the contents of the IPv4 ID field for atomic packets. Touch, Mathis Expires January 7, 2009 [Page 4] Internet-Draft IPv4 ID Uniqueness Requirements July 2008 Fragments that repeat the IP ID risk being reassembled incorrectly, especially when fragments are reordered or lost [9]. Although such errors may be detected at the transport layer, this results in excessive overall packet loss, as well as wasting network bandwidth. As a result, this document notes that: o IPv4 ID of non-atomic packets MUST be unique per source IP, destination IP, and protocol tuple sufficient to support reassembly. Note that "sufficient to support reassembly" need not require unique IDs over a two minute interval. It should be sufficient that: o IPv4 ID of non-atomic packets MUST NOT repeat within a given source, destination, and protocol tuple over the period that the receiver experiences fragment reordering. This suggests that the host employ rate limiting on each source/estination/protocol triple. The recommendations above are most appropriate at the host (or tunnel ingress), and can be difficult to enforce at routers. As a result, we recommend that for IPv4, as for IPv6: o IPv4 fragmentation SHOULD be limited to the originating source, e.g., the host or tunnel ingress. IPv4 fragmentation SHOULD NOT be performed where the IPv4 ID field is not under direct control, e.g., at routers. Note, however, that it may not be possible for applications to know whether any of the above three requirements are satisfied at a host or on tunnels along a path (esp. those employing outer fragmentation). As a result, we recommend that: o Applications that cannot ensure safe IPv4 ID generation and that allow DF=0 SHOULD employ integrity checks that would detect mis- reassembled fragments, e.g, as in SEAL [10]. E.g., applications SHOULD NOT use UDP without checksums [8], and SHOULD be very careful in their use of UDP-Lite [5] in such environments, even existing UDP and TCP checksums may not be sufficient [4]. o Applications SHOULD set DF=1 for all packets exiting a source host, regardless of whether those packets are fragmented at the source or not. Touch, Mathis Expires January 7, 2009 [Page 5] Internet-Draft IPv4 ID Uniqueness Requirements July 2008 7. Security Considerations This document attempts to address the security considerations associated with fragmentation in IPv4 [9]. When the IPv4 ID is ignored on receipt (e.g., for atomic packets), its value becomes unconstrained; that field then more easily be used as a covert channel. 8. IANA Considerations There are no IANA considerations in this document. The RFC Editor should remove this section prior to publication 9. Acknowledgments This document was inspired by of numerous discussions among the authors, Jari Arkko, Lars Eggert, Dino Farinacci, and Fred Templin, as well as members participating in the Internet Area Working Group. This document was prepared using 2-Word-v2.0.template.dot. 9.1. Normative References [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. 9.2. Informative References [2] Braden, R., Ed., "Requirements for Internet Hosts - Communication Layers," RFC 1122 / STD 3, October 1989. [3] Deering, S., R. Hinden, "Internet Protocol, Version 6 (IPv6) Specification," RFC 2460, December 1998. [4] Heffner, J., M. Mathis, B. Chandler, "IPv4 Reassembly Errors at High Data Rates," RFC 4963, July 2007. [5] Larzon, L-A., M. Degermark, S. Pink, L-E. Jonsson, Ed., G. Fairhurst, Ed.L., "The Lightweight User Datagram Protocol (UDP- Lite)," RFC 3828, July 2004. [6] Perkins, C., "IP Encapsulation within IP," RFC 2003, October 1996. Touch, Mathis Expires January 7, 2009 [Page 6] Internet-Draft IPv4 ID Uniqueness Requirements July 2008 [7] Postel, J., "Internet Protocol," RFC 791 / STD 5, September 1981. [8] Postel, J., "User Datagram Protocol," RFC 793 / STD 6, August 1980. [9] Savola, P., "MTU and Fragmentation Issues with In-the-Network Tunneling," RFC 4459, April 2006. [10] Templin, F., Ed., "The Subnetwork Encapsulation and Adaptation Layer (SEAL)," (work in progress), draft-templin-seal-22, June 2008. Author's Addresses Joe Touch USC/ISI 4676 Admiralty Way Marina del Rey, CA 90292-6695 U.S.A. Phone: +1 (310) 448-9151 Email: touch@isi.edu Matt Mathis PSC 300 South Craig st. Pittsburgh PA, 15213 U.S.A. Phone: +1 (412) 268-3319 Email: mathis@psc.edu Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Touch, Mathis Expires January 7, 2009 [Page 7] Internet-Draft IPv4 ID Uniqueness Requirements July 2008 Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The IETF Trust (2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Touch, Mathis Expires January 7, 2009 [Page 8]