Rate limitable and efficient discovery of path maximum transmission units

Summary Path maximum transmission unit discovery (PMTUD) is the protocol by which a host can find the largest packet it can send through an internet protocol (IP) network to a given destination. It relies on intermediary nodes sending “packet too big” (PTB) messages in IPv6 or “datagram too big” mes...

Full description

Saved in:
Bibliographic Details
Published in:International journal of communication systems Vol. 32; no. 6
Main Author: Subbaraman, Ramesh R.
Format: Journal Article
Language:English
Published: Chichester Wiley Subscription Services, Inc 01.04.2019
Subjects:
Algorithms
Dynamic programming
Firewalls
Floods
Fragmentation
internet protocols and standards
IP (Internet Protocol)
Messages
modeling and simulation
Nodes
path MTU discovery
TCP (protocol)
TCP/IP (protocol)
ISSN:1074-5351, 1099-1131
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Summary Path maximum transmission unit discovery (PMTUD) is the protocol by which a host can find the largest packet it can send through an internet protocol (IP) network to a given destination. It relies on intermediary nodes sending “packet too big” (PTB) messages in IPv6 or “datagram too big” messages in IPv4 (both henceforth referred to as PTB for the purposes of this paper). These are often completely blocked by firewalls, presumably due to a fear of PTB floods wasting the bandwidth of network links. This breaks PMTUD, forcing the use of fragmentation in IPv4 and/or suboptimal packet sizes. In IPv6, fragmentation by intermediary nodes is no longer an option. Utilizing a dynamic programming‐based solution to the generalization of a mathematical puzzle, the two‐egg problem, this work presents a family of strategies for a host to discover path MTU while obeying hard limits on the maximum number of incoming PTB messages that may be generated. This allows a firewall to mitigate PTB floods via rate limits. Moreover, these strategies are compliant with the relevant standards on PMTUD and thus can be deployed by merely changing the PMTUD algorithm implementation in TCP/IP stacks on end hosts without changing intermediary nodes' protocol behavior. Adapting the solution to the generalization of a mathematical puzzle, the two‐egg problem, this work evaluates a DDoS resistant and RFC compliant method to discover path maximum transmission units (PMTU) in IP networks. Simulations show that the method is efficient in terms of the network load it causes and converges fast enough to be used in practice. Moreover, it directly lends itself to rate limiting the number of incoming control messages needed, thus addressing the long standing open problem of firewalls breaking the PMTU discovery protocol by blocking such messages.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1074-5351
1099-1131
DOI:10.1002/dac.3905