Internet DRAFT - draft-massar-v6man-mtu-label
draft-massar-v6man-mtu-label
IPv6 Maintenance J. Massar
Internet-Draft Massar Networking
Updates: 6437 (if approved) November 13, 2014
Intended status: Standards Track
Expires: May 17, 2015
The IPv6 MTU Label
draft-massar-v6man-mtu-label-02
Abstract
This document redefines the use of the IPv6 Flow Label field to allow
specification of the lowest MTU on a path that the packet travels,
thus in most cases avoiding the need for performing Path MTU
Discovery and the round-trip penalty that that occurs for processing
the ICMPv6 PTB and retransmitting the packets involved.
This specification allows graceful decrease of MTU so that large and
non-standard MTU sizes can safely be used on the Internet.
[[A1: Obsoleting the IPv6 Flow Label and replacing it completely with
this field might be a better option than keeping it defined as an
IPv6 Flow Label field and allowing existing flows to exist. --JM]]
[[A2: A better name than "IPv6 MTU Label" is requested as it is not
really a "Label". --JM]]
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 17, 2015.
Massar Expires May 17, 2015 [Page 1]
�
Internet-Draft The IPv6 MTU Label November 2014
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. IPv6 MTU Label Format . . . . . . . . . . . . . . . . . . . . 4
4. Node Requirements . . . . . . . . . . . . . . . . . . . . . . 5
5. Updating the MTU Label . . . . . . . . . . . . . . . . . . . 6
6. Maximum size of packets . . . . . . . . . . . . . . . . . . . 9
7. Handling network changes . . . . . . . . . . . . . . . . . . 9
8. MTU Rediscovery . . . . . . . . . . . . . . . . . . . . . . . 10
9. Security Considerations . . . . . . . . . . . . . . . . . . . 10
9.1. Spoofing the MTU Label . . . . . . . . . . . . . . . . . 10
9.2. Firewall treatment of the MTU Label . . . . . . . . . . . 10
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction
When a packet that is being sent does not fit the MTU of the next
link the IPv6 protocol specifies that an ICMPv6 Packet Too Big (PTB)
[RFC4443] error must be sent back to the originator of the packet.
The original sending host then receives this packet and based on the
MTU provided resends that packet but then fitting the MTU indicated
in the ICMPv6 PTB. This process is called Path MTU Discovery
[RFC1191].
Unfortunately there are broken networks that filter ICMPv6
altogether, even though this is against the IPv6 specification. This
breaks especially TCP [RFC0793] as those packets go missing
altogether and then a timer has to fire till the packet is sent
again, but as that packet is also too large to fit the link it won't
arrive at the destination either and thus such a connection becomes
stuck and times out.
Massar Expires May 17, 2015 [Page 2]
�
Internet-Draft The IPv6 MTU Label November 2014
In addition for various load-balancing implementations it is
apparently a heavy task to correlate incoming ICMPV6 PTBs to the
original packets (which are for most part included in the ICMPv6 PTB)
and then deliver it to the backend node that originally transmitted
that packet so that that node can retransmit it again in smaller
chunks.
The extra round-trip of the ICMPv6 PTB and the need for having the
load-balancer needing to figure out where to forward the packet is a
problem for large hosting providers who want to minimize latency and
maximize throughput [I-D.v6ops-pmtud-ecmp-problem].
This specificiation mitigates these problems, in part, by allowing
routers to include the lowest common MTU on the path in the IPv6
packet's Flow Label field.
Alternative techniques to solve this problem are described in:
Packetization Layer Path MTU Discovery [RFC4821]. This method
requires extra packets, so called "probes", to be sent or for there
to be space left in the packet for including extra information for
transfering the MTU details. By using the former IPv6 Flow Label we
avoid these requirements.
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Fields and numbers specified in this document are in network byte
order (Big Endian).
This section lists a few terms specifically as they might easily be
confused for each other. [[T1: Clean these up and add more terms
that might be confusing --JM]]
IPv6 Payload Length The maximum length of the payload (data)
included in an IPv6 packet (excluding IPv6 header size).
Maximum Transmission Unit (MTU) The maximum length of a full packet
(including IPv6 header size).
Ingress Interface Network Interface where a packet is received.
Egress Interface Network Interface where a packet is sent out.
Ingress MTU The MTU of the ingress interface.
Massar Expires May 17, 2015 [Page 3]
�
Internet-Draft The IPv6 MTU Label November 2014
Egress MTU The MTU of the egress interface.
Node A device that implements IP.
Path The set of links traversed by a packet between a source node
and a destination node.
Path MTU, or PMTU The minimum link MTU of all the links in a path
between a source node and a destination node.
PTB (Packet Too Big) message An ICMP message reporting that an IP
packet is too large to forward.
MSS The TCP Maximum Segment Size [RFC6691], the maximum payload size
available to the TCP layer. This is typically the Path MTU minus
the size of the IP and TCP headers.
3. IPv6 MTU Label Format
The IPv6 Flow Label field consists of 20 bits [RFC6437].
The IPv6 Flow Label Field in the IPv6 Packet Header.
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Hosts not supporting this specificiation will treat the IPv6 Flow
Label as an opaque number as defined in [RFC6437].
When the first four bits of the IPv6 Flow Label field are set to 1,
the Flow Label Field is considered to be a "IPv6 MTU Label" or for
short "MTU Label".
Format of the Flow Label field in "IPv6 MTU Label" mode.
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 1 1 1| Maximum Transmission Unit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Flow Label ID is 0xf0000.
This specification allows an MTU in the ranage of 1280 - 65534 in
this header field.
Massar Expires May 17, 2015 [Page 4]
�
Internet-Draft The IPv6 MTU Label November 2014
When the MTU is less than 1280, it is considered invalid due to IPv6
minimum MTU requirement.
An MTU of 65535 indicates that IPv6 Jumbograms are in use. Automatic
MTU discovery does not work for these. The MTU has to be configured
properly on all nodes by the operator. A future document might
specify an Extension Header Option that contains the JumboGram MTU
size when the MTU is set to 65535.
Following are a few examples of common MTU Labels.
MTU Label with an MTU of 1280 (0x0500)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 1 1 1|0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Flow Label ID is 0xf0500.
MTU Label with an MTU of 1500 (0x05dc)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 1 1 1|0 0 0 0 0 1 0 1 1 1 0 1 1 1 0 0|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Flow Label ID is 0xf05dc.
MTU Label with an MTU of 9000 (0x2328)
0 1
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|1 1 1 1|0 0 1 0 0 0 1 1 0 0 1 0 1 0 0 0|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Flow Label ID is 0xf2328.
4. Node Requirements
Every node on the path, including source, intermediate routers and
destination performs the following.
If no MTU Label is present (first 4 bits not '1'), and the label is
0, the node MUST replace the label with MTU Label with a MTU value
Massar Expires May 17, 2015 [Page 5]
�
Internet-Draft The IPv6 MTU Label November 2014
determined by the lower of the ingress and egress MTU of the
interfaces involved in forwarding the packet. This allows backwards
compatibility for nodes that do fill in the Flow Label field by not
disturbing it. [[N1: See A1 - when obsoleting the IPv6 Flow Label we
force replacing the field always --JM]]
Each node MUST verify that the given MTU Label is valid (>= 1280).
When an MTU Label in the range of 0 - 1279 is encountered it MUST be
considered invalid and overwritten by the router to the knowledge it
has of the proper MTU. [[N2: Or we could send an ICMPv6 Parameter
problem, but this allows a form of backward compatibility when the
first four bits are all set --JM]]
Each hop, including the source, that is transmitting or forwarding
the packet MUST update the MTU Label to be the correct lowest MTU for
that path as it has knowledge of. This includes the MTU of the
ingress and egress interface and learning about the MTU from a
different path between the same two points or by having another
protocol (e.g. TCP) providing these details. MSS clamping [RFC6691]
thus can affect the MTU Label if an implementation has this
knowledge.
The first packet being sent in each direction of a path MUST have a
maximum size of 1280, while setting the MTU Label to the MTU of the
egress interface.
A destination node MUST use the MTU found in the MTU Label for
packets send subsequently to the source, including the MTU in the MTU
Label. This allows the source host to learn the MTU of the full
path.
Network equipment SHOULD have a configuration option to force
overwriting of non-MTU Label Flow Labels, this to force network
equipment to handle the MTU Label. This might cause issues when Flow
Labels are actually used, hence is not the default.
5. Updating the MTU Label
Given below is an example network along with a table of actions per
node that illustrates how a label is updated and how the knowledge
learnt is used.
Massar Expires May 17, 2015 [Page 6]
�
Internet-Draft The IPv6 MTU Label November 2014
A typical asymmetric network as found on the Internet
+------------+
| Host A |
+------------+
|
| MTU=1500
|
+-------------+
| Router 1 |
+-------------+
| ^
MTU=1500 | | MTU=1500
v |
+--------------+ +--------------+
| Router 2 | | Router 7 |
+--------------+ +--------------+
| ^
| |
| MTU=1480 | MTU=1280
| |
| +--------------+
| | Router 6 |
| +--------------+
| ^
| | MTU=1500
v |
+--------------+ +--------------+
| Router 3 | | Router 5 |
+--------------+ +--------------+
| ^
MTU=1500 | | MTU=1500
v |
+-------------+
| Router 4 |
+-------------+
|
| MTU=9000
|
+-------------+
| Host B |
+-------------+
In this example network the routing protocols involved cause an
asymmetric routing of packets.
Massar Expires May 17, 2015 [Page 7]
�
Internet-Draft The IPv6 MTU Label November 2014
When Host A sends a packet to Host B, the path is: HA, R1, R2, R3,
R4, HB. The return path for a packet from Host B to Host A is: HB,
R4, R5, R6, R7, R1, HA.
Given that network the following decisions are made.
+------+------------------------+-----------+-----------+-----------+
| Node | Decision | Incoming | Outgoing | MTU Label |
| | | Link MTU | Link MTU | Change |
+------+------------------------+-----------+-----------+-----------+
| HA | No knowledge, thus use | - | 1500 | 1500 |
| | outgoing link-MTU | | | |
| R1 | Outbound not lower, | 1500 | 1500 | " |
| | don't update | | | |
| R2 | Outbound is lower, | 1500 | 1480 | 1480 |
| | update (possible PTB) | | | |
| R3 | Outbound is higher, | 1480 | 1500 | " |
| | don't update | | | |
| R4 | Outbound is higher, | 1500 | 9000 | " |
| | don't update | | | |
| HB | Remember A to B = 1480 | 9000 | - | " |
| | Reply packet: | | | |
| HB | Learnt A-B = 1480, | - | 9000 | 1480 |
| | lower than link-MTU, | | | |
| | use it | | | |
| R4 | Outbound is higher, | 9000 | 1500 | " |
| | don't update | | | |
| R5 | Outbound is higher, | 1500 | 1500 | " |
| | don't update | | | |
| R6 | Outbound MTU is lower, | 1500 | 1280 | 1280 |
| | update it (possible | | | |
| | PTB) | | | |
| R7 | Outbound is higher, | 1280 | 1500 | " |
| | don't update | | | |
| R1 | Outbound is higher, | 1500 | 1500 | " |
| | don't update | | | |
| HA | Learnt B-A is 1280 | 1500 | 1500 | " |
+------+------------------------+-----------+-----------+-----------+
Table 1: How MTU gets updated
In this situation, there would have been two possible locations where
a PTB is sent (R2->R3 + R6->R7). But as the first packet sent in a
direction MUST be sized at a maximum of 1280, no PTB is possible.
After this first packet has been passed the real MTU is learned and
this, possibly higher MTU can be used.
Massar Expires May 17, 2015 [Page 8]
�
Internet-Draft The IPv6 MTU Label November 2014
This does demonstrate that even with this extra information, it might
not always be perfect to avoid PMTU blackholes. Nor does the MTU
Label avoid the need to handle PTB or retransmitting packets in a
smaller way. Hence, sending, receiving, forwarding and handling
ICMPv6 remains important and MUST not be filtered.
Note that in the above list does not mention any of the standard
functions and checks like updating the Hop Limit that a router is
supposed to do as per the IPv6 protocol.
6. Maximum size of packets
To facilitate learning the MTU on the complete path at minimum 3
packets need to be sent between the same source and destination host.
With the 3rd and subsequent packet will have the correct info
+------+--------------+----------------+----------------------------+
| Step | Maximum | Description | Destination Learns |
| | Packet Size | | |
+------+--------------+----------------+----------------------------+
| 1 | 1280 | Packet sent | B learns MTU on path A-B |
| | | from A to B | |
| 2 | 1280 | Packet sent | A learns path A-B-A |
| | | from B to A | |
| 3+ | MTU max | Packet sent | B learns MTU for full |
| | | from A to B | round-trip path A-B-A-B |
+------+--------------+----------------+----------------------------+
Table 2: Maximum Packet Size
The 3rd and further packets have knowledge of the MTU of the full
round-trip path and thus can use this information to send larger
packets.
This example assumes sending a single packet after each other in each
direction. In the situation where a host sends multiple packets it
should use the same step as the previous one till it receives a
return packet.
Note that thus a TCP handshake (3 packets) is enough to learn the
correct MTU based on the MTU Label. In that case a host might decide
to also use the TCP MSS as additional information.
7. Handling network changes
As the process of MTU Labeling happens per packet, new information
will become available to the host continuously. When a sending host
receives information that an MTU is lower than a packet it recently
Massar Expires May 17, 2015 [Page 9]
�
Internet-Draft The IPv6 MTU Label November 2014
sent it could decide to resend that packet directly to avoid it from
being blackholed in the upstream.
8. MTU Rediscovery
A host can decide that with a long-standing connection a re-probe of
the MTU is needed. It can do so by ignoring the cached information
and sending a packet with a maximum size of 1280 while setting the
MTU Label to the largest its egress link supports. This is similar
to the situation a first packet would be in and thus restarts the
process at the highest possible MTU.
9. Security Considerations
9.1. Spoofing the MTU Label
An adversary might spoof IP packets from a source to a destination
with a on-purpose misconfigured MTU Label. An adversary might also
perform a man-in-the-middle misconfiguring the MTU Label.
The effect of doing so though will be minimal as any intermediary
router will correct the MTU to the value they know is correct based
on the interfaces the packet flows over.
The only negative outcome can be that the packet size is reduced to
the minimum of 1280. The result being a minor performance impact on
that path till MTU Rediscovery happens and the MTU is scaled upward
again.
Of course networks should employ Network Best Practices and employ
Anti-spoofing techniques to make this kind of attack impossible.
9.2. Firewall treatment of the MTU Label
A firewall might consider the MTU Label untrusted.
As the firewall knows that the correct value for the MTU Label is
between 1280, the IPv6 minimum MTU, and it's own link MTU it can act
like every node that supports the MTU Label and limit the MTU in that
range. See Node Requirements for further details.
A strict firewall where the operator does not want to take any risk
could even force a MTU of 1280 but causing performance loss.
Massar Expires May 17, 2015 [Page 10]
�
Internet-Draft The IPv6 MTU Label November 2014
10. Acknowledgements
Thanks must go to Lorenzi Colliti for bringing
[I-D.v6ops-pmtud-ecmp-problem] to the attention of the author.
Many thanks to Brian Carpenter for many insightful comments that
clarified this specification a lot.
Matyas Koszik mentioned that the first packet on each link should be
1280 for the MTU discovery to work in both directions which resulted
in the "Maximum size of packets" section.
11. References
[I-D.v6ops-pmtud-ecmp-problem]
Byerly, M., Hite, M., and J. Jaeggli, "Close encounters of
the ICMP type 2 kind (near misses with ICMPv6 PTB)",
draft-v6ops-pmtud-ecmp-problem-00 (work in progress),
August 2014.
[RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC
793, September 1981.
[RFC1191] Mogul, J. and S. Deering, "Path MTU discovery", RFC 1191,
November 1990.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4443] Conta, A., Deering, S., and M. Gupta, "Internet Control
Message Protocol (ICMPv6) for the Internet Protocol
Version 6 (IPv6) Specification", RFC 4443, March 2006.
[RFC4821] Mathis, M. and J. Heffner, "Packetization Layer Path MTU
Discovery", RFC 4821, March 2007.
[RFC6437] Amante, S., Carpenter, B., Jiang, S., and J. Rajahalme,
"IPv6 Flow Label Specification", RFC 6437, November 2011.
[RFC6691] Borman, D., "TCP Options and Maximum Segment Size (MSS)",
RFC 6691, July 2012.
Author's Address
Massar Expires May 17, 2015 [Page 11]
�
Internet-Draft The IPv6 MTU Label November 2014
Jeroen Massar
Massar Networking
Swiss Post Box 101811
Zuercherstrasse 161
Zuerich CH-8010
CH
EMail: jeroen@massar.ch
URI: http://jeroen.massar.ch
Massar Expires May 17, 2015 [Page 12]
