Path MTU Discovery

Last updated

Path MTU Discovery (PMTUD) is a standardized technique in computer networking for determining the maximum transmission unit (MTU) size on the network path between two Internet Protocol (IP) hosts, usually with the goal of avoiding IP fragmentation. PMTUD was originally intended for routers in Internet Protocol Version 4 (IPv4). [1] However, all modern operating systems use it on endpoints. In IPv6, this function has been explicitly delegated to the end points of a communications session. [2] As an extension to the standard path MTU discovery, a technique called Packetization Layer Path MTU Discovery works without support from ICMP. [3]

Contents

Implementation

For IPv4 packets, Path MTU Discovery works by setting the Don't Fragment (DF) flag bit in the IP headers of outgoing packets. Then, any device along the path whose MTU is smaller than the packet will drop it, and send back an Internet Control Message Protocol (ICMP) Fragmentation Needed (Type 3, Code 4) message containing its MTU, allowing the source host to reduce its path MTU appropriately. The process is repeated until the MTU is small enough to traverse the entire path without fragmentation.

As IPv6 routers do not fragment packets, there is no Don't Fragment option in the IPv6 header. For IPv6, Path MTU Discovery works by initially assuming the path MTU is the same as the MTU on the link layer interface where the traffic originates. Then, similar to IPv4, any device along the path whose MTU is smaller than the packet will drop the packet and send back an ICMPv6 Packet Too Big (Type 2) message containing its MTU, allowing the source host to reduce its path MTU appropriately. The process is repeated until the MTU is small enough to traverse the entire path without fragmentation. [4]

If the path MTU changes after the connection is set up and becomes lower than the previously determined path MTU, the first large packet will cause an ICMP error and the new, lower path MTU will be found. If the path changes and the new path MTU is larger, the source will not learn about the increase, because all routers along the new path will be capable of relaying all packets that the source sends using the originally determined, lower path MTU. [5] [6] [4]

Problems

Many network security devices block all ICMP messages for perceived security benefits, including the errors that are necessary for the proper operation of PMTUD. This can result in connections that complete the TCP three-way handshake correctly but then hang when attempting to transfer data. This state is referred to as a black hole connection . [7]

Some implementations of PMTUD attempt to circumvent this problem by inferring that large payload packets have been dropped due to MTU rather than link congestion. One such scheme is standardized under RFC 8899, Datagram Packetization Layer Path MTU Discovery (DPLPMTUD). [3] Upon loss of connectivity, DPLPMTUD utilizes probe packets of controlled sizes to probe the MTU of the path. Acknowledgement of a probe packet indicates that the path MTU is at least the size of that packet. Usage of DPLPMTUD is standardized in QUIC. [8] However, in order for transport layer protocols to operate most efficiently, ICMP Unreachable messages (type 3) should still be permitted.

Some routers, including the Linux kernel [9] and Cisco, [10] provide an option to reduce the maximum segment size (MSS) advertised in the TCP handshake as a workaround. This is known as MSS clamping.

Another problem is when networks administrators don't properly update the MTU between 2 adjacent layer 3 hops if the link between these hops is composed of multiple layer 2 segments with switches between them. Usually the MTU on the outgoing L3 interface is taken from the first L2 segment. But if the second or further segment has a lower MTU the switch that is between will just silently drop the packet without reporting back any ICMP (because only layer 3 hops can generate ICMP "packet too big"). So, in this case admins should update the MTU for each outgoing L3 interface to the minimum MTU of the layer 2 segments used until the next L3 hop.

Related Research Articles

The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address. For example, an error is indicated when a requested service is not available or that a host or router could not be reached. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications.

<span class="mw-page-title-main">IPv4</span> Fourth version of the Internet Protocol

Internet Protocol version 4 (IPv4) is the first version of the Internet Protocol (IP) as a standalone specification. It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version deployed for production on SATNET in 1982 and on the ARPANET in January 1983. It is still used to route most Internet traffic today, even with the ongoing deployment of Internet Protocol version 6 (IPv6), its successor.

The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.

In computer networking, the maximum transmission unit (MTU) is the size of the largest protocol data unit (PDU) that can be communicated in a single network layer transaction. The MTU relates to, but is not identical to the maximum frame size that can be transported on the data link layer, e.g., Ethernet frame.

ping (networking utility) Network utility used to test the reachability of a host

ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol (IP) network. It is available for virtually all operating systems that have networking capability, including most embedded network administration software.

The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP, which is part of the Transport layer of the TCP/IP suite. SSL/TLS often runs on top of TCP.

Time to live (TTL) or hop limit is a mechanism which limits the lifespan or lifetime of data in a computer or network. TTL may be implemented as a counter or timestamp attached to or embedded in the data. Once the prescribed event count or timespan has elapsed, data is discarded or revalidated. In computer networking, TTL prevents a data packet from circulating indefinitely. In computing applications, TTL is commonly used to improve the performance and manage the caching of data.

In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages to other hosts on an Internet Protocol (IP) network. Within an IP network, UDP does not require prior communication to set up communication channels or data paths.

In the seven-layer OSI model of computer networking, the network layer is layer 3. The network layer is responsible for packet forwarding including routing through intermediate routers.

<span class="mw-page-title-main">IP fragmentation</span> Process that breaks IP packets into smaller pieces

IP fragmentation is an Internet Protocol (IP) process that breaks packets into smaller pieces (fragments), so that the resulting pieces can pass through a link with a smaller maximum transmission unit (MTU) than the original packet size. The fragments are reassembled by the receiving host.

The maximum segment size (MSS) is a parameter of the Options field of the TCP header that specifies the largest amount of data, specified in bytes, that a computer or communications device can receive in a single TCP segment. It does not count the TCP header or the IP header. The IP datagram containing a TCP segment may be self-contained within a single packet, or it may be reconstructed from several fragmented pieces; either way, the MSS limit applies to the total amount of data contained in the final, reconstructed TCP segment.

The Neighbor Discovery Protocol (NDP), or simply Neighbor Discovery (ND), is a protocol of the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the internet layer of the Internet model, and is responsible for gathering various information required for network communication, including the configuration of local connections and the domain name servers and gateways.

In packet-switched computer networks, a jumbogram is an internet-layer packet exceeding the standard maximum transmission unit (MTU) of the underlying network technology. In contrast, large packets for link-layer technologies are referred to as jumbo frames.

Internet Control Message Protocol version 6 (ICMPv6) is the implementation of the Internet Control Message Protocol (ICMP) for Internet Protocol version 6 (IPv6). ICMPv6 is an integral part of IPv6 and performs error reporting and diagnostic functions.

6LoWPAN was a working group of the Internet Engineering Task Force (IETF). It was created with the intention of applying the Internet Protocol (IP) even to the smallest devices, enabling low-power devices with limited processing capabilities to participate in the Internet of Things.

The internet layer is a group of internetworking methods, protocols, and specifications in the Internet protocol suite that are used to transport network packets from the originating host across network boundaries; if necessary, to the destination host specified by an IP address. The internet layer derives its name from its function facilitating internetworking, which is the concept of connecting multiple networks with each other through gateways.

An IPv6 transition mechanism is a technology that facilitates the transitioning of the Internet from the Internet Protocol version 4 (IPv4) infrastructure in use since 1983 to the successor addressing and routing system of Internet Protocol Version 6 (IPv6). As IPv4 and IPv6 networks are not directly interoperable, transition technologies are designed to permit hosts on either network type to communicate with any other host.

The Internet checksum, also called the IPv4 header checksum is a checksum used in version 4 of the Internet Protocol (IPv4) to detect corruption in the header of IPv4 packets. It is carried in the IP packet header, and represents the 16-bit result of summation of the header words.

An IPv6 packet is the smallest message entity exchanged using Internet Protocol version 6 (IPv6). Packets consist of control information for addressing and routing and a payload of user data. The control information in IPv6 packets is subdivided into a mandatory fixed header and optional extension headers. The payload of an IPv6 packet is typically a datagram or segment of the higher-level transport layer protocol, but may be data for an internet layer or link layer instead.

IPv4 Residual Deployment (4rd) is an IPv6 transition mechanism for Internet service providers for deployment of Internet Protocol version 6 (IPv6), while maintaining IPv4 service to customers. The protocol and sample applications are specified in RFC 7600.

References

  1. J. Mogul; S. Deering (November 1990). Path MTU Discovery. Network Working Group. doi: 10.17487/RFC1191 . RFC 1191.Draft Standard. Obsoletes RFC  1063.
  2. J. McCann; S. Deering; J. Mogul (July 2017). R. Hinden (ed.). Path MTU Discovery for IP version 6. IETF. doi: 10.17487/RFC8201 . STD 87. RFC 8201.Internet Standard 87. Obsoletes RFC  1981.
  3. 1 2 G. Fairhurst; T. Jones; M. Tüxen; I. Rüngeler; T. Völker (September 2020). Packetization Layer Path MTU Discovery for Datagram Transports. IETF. doi: 10.17487/RFC8899 . ISSN   2070-1721. RFC 8899.Proposed Standard. Updates RFC  4821, 4960, 6951, 8085 and 8261.
  4. 1 2 Davies, Joseph (2012). Understanding IPv6 (3rd ed.). Redmond: Microsoft Press. pp. 146–147. ISBN   978-0735659148. OCLC   810455372.
  5. E. Comer, Douglas (2014). Internetworking with TCP/IP Volume 1 (6th ed.). Pearson. pp. 133–134. ISBN   0-13-608530-X.
  6. linux source code (ipv4) and linux source code (ipv6) see line with "mtu_expires" 10 * 60 seconds
  7. K. Lahey (September 2000). TCP Problems with Path MTU Discovery. Network Working Group. doi: 10.17487/RFC2923 . RFC 2923.Informational.
  8. J. Iyengar; M. Thomson, eds. (May 2021). QUIC: A UDP-Based Multiplexed and Secure Transport. Internet Engineering Task Force. doi: 10.17487/RFC9000 . ISSN   2070-1721. RFC 9000.Proposed Standard.
  9. "Mangling packet headers - nftables wiki". wiki.nftables.org. Retrieved 2024-07-03.
  10. "Ethernet MTU and TCP MSS Adjustment Concept for PPPoE Connections". Cisco. Retrieved 2024-07-03.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.