nanog mailing list archives
Re: pay.gov and IPv6
From: JORDI PALET MARTINEZ <jordi.palet () consulintel es>
Date: Thu, 17 Nov 2016 08:48:10 +0900
It happens too often, unfortunately. People deploying IPv6 at web sites and other services, don’t check if PMTUD is broken by filtering, ECMP, load balancers, etc. This is the case here: tbit from 2001:df0:4:4000::1:115 to 2605:3100:fffd:100::15 server-mss 1440, result: pmtud-fail app: http, url: https://www.pay.gov/ [ 0.009] TX SYN 64 seq = 0:0 [ 0.165] RX SYN/ACK 64 seq = 0:1 [ 0.166] TX 60 seq = 1:1 [ 0.166] TX 371 seq = 1:1(311) [ 0.325] RX 1500 seq = 1:312(1440) [ 0.325] RX 1500 seq = 1441:312(1440) [ 0.325] TX PTB 1280 mtu = 1280 [ 0.325] RX 1362 seq = 2881:312(1302) [ 3.325] RX 1500 seq = 1:312(1440) [ 3.325] TX PTB 1280 mtu = 1280 [ 9.326] RX 1500 seq = 1:312(1440) [ 9.326] TX PTB 1280 mtu = 1280 [ 21.325] RX 1500 seq = 1:312(1440) [ 21.325] TX PTB 1280 mtu = 1280 [ 45.325] RX 1500 seq = 1:312(1440) Regards, Jordi -----Mensaje original----- De: NANOG <nanog-bounces () nanog org> en nombre de Carl Byington <carl () five-ten-sg com> Responder a: <carl () five-ten-sg com> Fecha: miércoles, 16 de noviembre de 2016, 7:30 Para: <nanog () nanog org> Asunto: pay.gov and IPv6 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Following up on a two year old thread, one of my clients just hit this problem. The failure is not that www.pay.gov is not reachable over ipv6 (2605:3100:fffd:100::15). They accept (TCP handshake) the port 443 connection, but the connection then hangs waiting for the TLS handshake. openssl s_client -connect www.pay.gov:443 openssl s_client -servername www.pay.gov -connect 199.169.192.21:443 Browsers (at least firefox) see that as a very slow site, and it does not trigger their happy eyeballs fast failover to ipv4. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlgrjDEACgkQL6j7milTFsG8OwCgh5yRxxZHskjL4HVhzxIEmenA LQgAniRMcYf/DIcg+8ve55MxUgrUbmzC =MS8j -----END PGP SIGNATURE----- ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
Current thread:
- Re: pay.gov and IPv6, (continued)
- Re: pay.gov and IPv6 JORDI PALET MARTINEZ (Nov 20)
- Re: pay.gov and IPv6 Carl Byington (Nov 20)
- Re: pay.gov and IPv6 Mark Andrews (Nov 20)
- Re: pay.gov and IPv6 Carl Byington (Nov 20)
- Re: pay.gov and IPv6 JORDI PALET MARTINEZ (Nov 20)
- Re: pay.gov and IPv6 joel jaeggli (Nov 21)
- Re: pay.gov and IPv6 Sean Donelan (Nov 18)
- Re: pay.gov and IPv6 Florian Weimer (Nov 18)
- Re: pay.gov and IPv6 Mark Andrews (Nov 18)