Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Path MTU discovery considered harmful

 
: Göhring, Matthias; Shulman, Haya; Waidner, Michael

:

Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society:
IEEE 38th International Conference on Distributed Computing Systems, ICDCS 2018. Proceedings : 2-5 July 2018, Vienna, Austria
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2018
ISBN: 978-1-5386-6871-9
ISBN: 978-1-5386-6872-6
pp.866-874
International Conference on Distributed Computing Systems (ICDCS) <38, 2018, Vienna>
English
Conference Paper
Fraunhofer SIT ()

Abstract
Path MTU Discovery (PMTUD) allows to optimize the performance in the Internet by identifying the maximal packet size that can be transmitted through a network. Despite the central role that PMTUD plays in the Internet communication, it has a long history of software bugs, failures and misconfigurations. In this work we explore the benefits versus drawbacks of PMTUD in the Internet from the clients and servers perspective. First, we examine the fraction of clients that use PMTUD. To that end we analyse ICMP PTB messages in CAIDA Internet Traces and show that the fraction of networks using PMTUD is negligible and that this number is further decreasing over the period of 2008 - 2016. Second, we evaluate the fraction of popular web servers that support the PMTUD mechanism and show that a large number of the servers block ICMP packet too big messages. On the other hand, we show easy and efficient - even though well-known - degradation of service attacks that exploit the availability of PMTUD. Since the benefit of PMTUD is questionable, and in contrast it exposes to degradation of service attacks, we advocate to stop using it. As with any new change in the Internet, the implications of our recommendation should be carefully evaluated and gradually implemented. In the meanwhile, we provide recommendations for mitigations against the degradation of service attacks.

: http://publica.fraunhofer.de/documents/N-506676.html