Rate limitable and efficient discovery of path maximum transmission units

Summary Path maximum transmission unit discovery (PMTUD) is the protocol by which a host can find the largest packet it can send through an internet protocol (IP) network to a given destination. It relies on intermediary nodes sending “packet too big” (PTB) messages in IPv6 or “datagram too big” mes...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of communication systems Jg. 32; H. 6
1. Verfasser: Subbaraman, Ramesh R.
Format: Journal Article
Sprache:Englisch
Veröffentlicht: Chichester Wiley Subscription Services, Inc 01.04.2019
Schlagworte:
Algorithms
Dynamic programming
Firewalls
Floods
Fragmentation
internet protocols and standards
IP (Internet Protocol)
Messages
modeling and simulation
Nodes
path MTU discovery
TCP (protocol)
TCP/IP (protocol)
ISSN:1074-5351, 1099-1131
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Summary Path maximum transmission unit discovery (PMTUD) is the protocol by which a host can find the largest packet it can send through an internet protocol (IP) network to a given destination. It relies on intermediary nodes sending “packet too big” (PTB) messages in IPv6 or “datagram too big” messages in IPv4 (both henceforth referred to as PTB for the purposes of this paper). These are often completely blocked by firewalls, presumably due to a fear of PTB floods wasting the bandwidth of network links. This breaks PMTUD, forcing the use of fragmentation in IPv4 and/or suboptimal packet sizes. In IPv6, fragmentation by intermediary nodes is no longer an option. Utilizing a dynamic programming‐based solution to the generalization of a mathematical puzzle, the two‐egg problem, this work presents a family of strategies for a host to discover path MTU while obeying hard limits on the maximum number of incoming PTB messages that may be generated. This allows a firewall to mitigate PTB floods via rate limits. Moreover, these strategies are compliant with the relevant standards on PMTUD and thus can be deployed by merely changing the PMTUD algorithm implementation in TCP/IP stacks on end hosts without changing intermediary nodes' protocol behavior. Adapting the solution to the generalization of a mathematical puzzle, the two‐egg problem, this work evaluates a DDoS resistant and RFC compliant method to discover path maximum transmission units (PMTU) in IP networks. Simulations show that the method is efficient in terms of the network load it causes and converges fast enough to be used in practice. Moreover, it directly lends itself to rate limiting the number of incoming control messages needed, thus addressing the long standing open problem of firewalls breaking the PMTU discovery protocol by blocking such messages.
Bibliographie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1074-5351
1099-1131
DOI:10.1002/dac.3905