Internet Area WG J. Touch
Internet Draft USC/ISI
Intended status: <Best Current Practice> M. Mathis
Expires: January 2009 PSC
July 7, 2008
IPv4 ID Uniqueness Requirements
draft-touch-intarea-ipv4-unique-id-00.txt
Status of this Memo
By submitting this Internet-Draft, each author represents that
any applicable patent or other IPR claims of which he or she is
aware have been or will be disclosed, and any of which he or she
becomes aware will be disclosed, in accordance with Section 6 of
BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on January 7, 2009.
Copyright Notice
Copyright (C) The IETF Trust (2008).
Abstract
The IPv4 Identification field enables fragmentation and reassembly.
This document clarifies the meaning of this field in the absence of
fragmentation, based on ubiquitous current practice.
Touch, Mathis Expires January 7, 2009 [Page 1]
�
Internet-Draft IPv4 ID Uniqueness Requirements July 2008
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119 [1].
Table of Contents
1. Introduction...................................................2
2. Current Requirements...........................................2
3. Uses of the ID Field in IPv4...................................3
4. IPv4 ID Exhaustion.............................................4
5. Current Practice...............................................4
6. Recommended Practice...........................................4
7. Security Considerations........................................6
8. IANA Considerations............................................6
9. Acknowledgments................................................6
9.1. Normative References......................................6
9.2. Informative References....................................6
Author's Addresses................................................7
Intellectual Property Statement...................................7
Disclaimer........................................................8
1. Introduction
In IPv4, the IP Identification (ID) field is a 16-bit value that is
unique for every packet for a given source address, destination
address, and protocol, such that it does not repeat within the
Maximum Segment Lifetime (MSL) [2][7]. All packets between a source
and destination of a given protocol must have unique ID values over a
period of an MSL, which is typically interpreted as two minutes (120
seconds). This uniqueness is currently specified as required for all
packets, regardless of fragmentation settings.
The uniqueness of the IP ID is a known problem for high speed
devices, because it limits the speed of a single protocol between two
endpoints to 6.4 Mbps for typical MTUs of 1500 bytes [4]. This
strongly indicates that the uniqueness of the IPv4 ID is moot.
This document describes the current practice of relaxing the IPv4
uniqueness requirement.
2. Current Requirements
IP supports packet fragmentation, where large packets are split into
smaller components to traverse links with limited maximum
Touch, Mathis Expires January 7, 2009 [Page 2]
�
Internet-Draft IPv4 ID Uniqueness Requirements July 2008
transmission units (MTUs). Fragments are indicated in different ways
in IPv4 and IPv6:
o In IPv4, the header contains three fields: Identification (ID),
Offset, a "Don't Fragment" flag (DF), and a "More Fragments" flag
(MF) [7]
o In IPv6, fragments are indicated in an extension header that
includes an ID, Offset, and MF flag similar to their counterparts
in IPv4 [3]
IPv4 and IPv6 fragmentation differs in a few important ways. IPv6
fragmentation occurs only at the source, so a DF bit is not needed to
prevent downstream devices from initiating fragmentation. The IPv6
fragment header is present only when a packet has been fragmented, so
the fields - notably the ID field, as will be shown later - are not
present for non-fragmented packets, and thus are meaningful only for
fragments. Finally, the ID field is 32 bits, and unique per
source/destination address pair for IPv6, whereas for IPv4 it is only
16 bits and unique per source/destination/protocol triple.
This document focuses on the IPv4 ID field issues, because in IPv6
the field is larger and present only in fragments.
3. Uses of the ID Field in IPv4
The IPv4 ID field was originally intended for fragmentation and
reassembly. Within a given source address, destination address, and
protocol, fragments of an original packet are matched based on their
IP ID. This requires that IDs are unique within the address/protocol
triple when fragmentation is possible (e.g., DF=0).
The ID field has been discussed as useful in other ways. It can be
used to detect and discard duplicate packets, e.g., at congested
routers (see Sec. 3.2.1.5 of [2]).
The ID field may also be useful in tunnels. ICMP along tunnels may
return only a portion of the information needed by a tunnel ingress
to relay information back to the packet source. Encapsulators may
retain copies of recently sent packets, to enable ICMP relaying [6].
These latter uses require that the IP ID be unique across all
packets, not only when fragmentation is enabled.
Touch, Mathis Expires January 7, 2009 [Page 3]
�
Internet-Draft IPv4 ID Uniqueness Requirements July 2008
4. IPv4 ID Exhaustion
With the maximum IPv4 packet size of 64KB, a 16-bit ID field that
does not repeat within 120 seconds means that the sum of all TCP
connections of a given protocol between two endpoints is limited to
roughly 286 Mbps; at a more typical MTU of 1500 bytes, this speed
drops to 6.4 Mbps [4]. This limit currently applies for all IPv4
packets, regardless of whether fragmentation is enabled, used, or
inhibited.
Note that IPv6, even at typical MTUs, is capable of 18.7 Tbps when
fragments are present, due to the larger 32-bit ID field. When
fragmentation is not used, IPv6 speeds are not limited by the ID
field uniqueness.
5. Current Practice
Wireless Internet devices are frequently connected at speeds over 54
Mbps, and wired links of 1 Gbps have been the default for several
years. Although many end-to-end transport paths are congestion
limited, these devices easily achieve 100+ Mbps application-layer
throughput over LANs (e.g., disk-to-disk file transfer rates), and
numerous throughput demonstrations have been performed with COTS
systems at these speeds for over a decade. This strongly suggests
that IPv4 ID uniqueness has been moot for a long time.
6. Recommended Practice
There are two kinds of packets, defined herein, for which recommended
practice is described:
o Atomic packets: packets not yet having been fragmented (MF=0 and
offset=0) and for which further fragmentation has been inhibited
(DF=1), i.e.: ((DF==1)&&(MF==0)&&(offset==0))
o Non-atomic packets: packets which have either already been
fragmented (MF=1 or offset>0 or both), or for which fragmentation
remains possible (DF=0), i.e.: ((DF==0)||(MF==1)||(offset>0)), or
(equivalently), ~((DF==1)&&(MF==0)&&(offset==0)).
Although at least one document suggests the ID field has other uses,
it useful to confirm here that the ID field is defined only for
fragmentation:
o Gateways and receiving hosts (or tunnel egresses using IP
encapsulation) MUST ignore the contents of the IPv4 ID field for
atomic packets.
Touch, Mathis Expires January 7, 2009 [Page 4]
�
Internet-Draft IPv4 ID Uniqueness Requirements July 2008
Fragments that repeat the IP ID risk being reassembled incorrectly,
especially when fragments are reordered or lost [9]. Although such
errors may be detected at the transport layer, this results in
excessive overall packet loss, as well as wasting network bandwidth.
As a result, this document notes that:
o IPv4 ID of non-atomic packets MUST be unique per source IP,
destination IP, and protocol tuple sufficient to support
reassembly.
Note that "sufficient to support reassembly" need not require unique
IDs over a two minute interval. It should be sufficient that:
o IPv4 ID of non-atomic packets MUST NOT repeat within a given
source, destination, and protocol tuple over the period that the
receiver experiences fragment reordering.
This suggests that the host employ rate limiting on each
source/estination/protocol triple. The recommendations above are most
appropriate at the host (or tunnel ingress), and can be difficult to
enforce at routers. As a result, we recommend that for IPv4, as for
IPv6:
o IPv4 fragmentation SHOULD be limited to the originating source,
e.g., the host or tunnel ingress. IPv4 fragmentation SHOULD NOT be
performed where the IPv4 ID field is not under direct control,
e.g., at routers.
Note, however, that it may not be possible for applications to know
whether any of the above three requirements are satisfied at a host
or on tunnels along a path (esp. those employing outer
fragmentation). As a result, we recommend that:
o Applications that cannot ensure safe IPv4 ID generation and that
allow DF=0 SHOULD employ integrity checks that would detect mis-
reassembled fragments, e.g, as in SEAL [10]. E.g., applications
SHOULD NOT use UDP without checksums [8], and SHOULD be very
careful in their use of UDP-Lite [5] in such environments, even
existing UDP and TCP checksums may not be sufficient [4].
o Applications SHOULD set DF=1 for all packets exiting a source
host, regardless of whether those packets are fragmented at the
source or not.
Touch, Mathis Expires January 7, 2009 [Page 5]
�
Internet-Draft IPv4 ID Uniqueness Requirements July 2008
7. Security Considerations
This document attempts to address the security considerations
associated with fragmentation in IPv4 [9].
When the IPv4 ID is ignored on receipt (e.g., for atomic packets),
its value becomes unconstrained; that field then more easily be used
as a covert channel.
8. IANA Considerations
There are no IANA considerations in this document.
The RFC Editor should remove this section prior to publication
9. Acknowledgments
This document was inspired by of numerous discussions among the
authors, Jari Arkko, Lars Eggert, Dino Farinacci, and Fred Templin,
as well as members participating in the Internet Area Working Group.
This document was prepared using 2-Word-v2.0.template.dot.
9.1. Normative References
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
9.2. Informative References
[2] Braden, R., Ed., "Requirements for Internet Hosts -
Communication Layers," RFC 1122 / STD 3, October 1989.
[3] Deering, S., R. Hinden, "Internet Protocol, Version 6 (IPv6)
Specification," RFC 2460, December 1998.
[4] Heffner, J., M. Mathis, B. Chandler, "IPv4 Reassembly Errors at
High Data Rates," RFC 4963, July 2007.
[5] Larzon, L-A., M. Degermark, S. Pink, L-E. Jonsson, Ed., G.
Fairhurst, Ed.L., "The Lightweight User Datagram Protocol (UDP-
Lite)," RFC 3828, July 2004.
[6] Perkins, C., "IP Encapsulation within IP," RFC 2003, October
1996.
Touch, Mathis Expires January 7, 2009 [Page 6]
�
Internet-Draft IPv4 ID Uniqueness Requirements July 2008
[7] Postel, J., "Internet Protocol," RFC 791 / STD 5, September
1981.
[8] Postel, J., "User Datagram Protocol," RFC 793 / STD 6, August
1980.
[9] Savola, P., "MTU and Fragmentation Issues with In-the-Network
Tunneling," RFC 4459, April 2006.
[10] Templin, F., Ed., "The Subnetwork Encapsulation and Adaptation
Layer (SEAL)," (work in progress), draft-templin-seal-22, June
2008.
Author's Addresses
Joe Touch
USC/ISI
4676 Admiralty Way
Marina del Rey, CA 90292-6695
U.S.A.
Phone: +1 (310) 448-9151
Email: touch@isi.edu
Matt Mathis
PSC
300 South Craig st.
Pittsburgh PA, 15213
U.S.A.
Phone: +1 (412) 268-3319
Email: mathis@psc.edu
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Touch, Mathis Expires January 7, 2009 [Page 7]
�
Internet-Draft IPv4 ID Uniqueness Requirements July 2008
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Disclaimer
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
Acknowledgment
Funding for the RFC Editor function is currently provided by the
Internet Society.
Touch, Mathis Expires January 7, 2009 [Page 8]
�