nanog mailing list archives
Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
From: Tore Anderson <tore () fud no>
Date: Wed, 6 Mar 2019 08:17:42 +0100
* Jean-Daniel Pauget
I confess using IPv6 behind a 6in4 tunnel because the "Business-Class" service of the concerned operator doesn't handle IPv6 yet. as such, I realised that, as far as I can figure, ICMPv6 packet "too-big" (rfc 4443) seem to be ignored or filtered at ~60% of ClouFlare's http farms as a result, random sites such as http://nanog.org/ or https://www.ansible.com/ are badly reachable whenever small mtu are involved ...
Hi Jean-Daniel. If you're using using tunnels you'll want to have your tunnel endpoint adjust down the TCP MSS value to match the MTU of the tunnel interface. That way, you'll avoid problems with Path MTU Discovery. Even in those situations where PMTUD does work fine, doing TCP MSS adjustment will improve performance as the server does not need to spend an RTT to discover your reduced MTU. (This isn't really an IPv6 issue, by the way - ISPs using PPPoE will typically perform MSS adjustment for IPv4 packets too.) If you're using Linux as your tunnel endpoint, try: ip6tables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu Tore
Current thread:
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms, (continued)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Saku Ytti (Mar 08)
- RE: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms adamv0025 (Mar 12)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Saku Ytti (Mar 12)
- RE: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms adamv0025 (Mar 12)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Saku Ytti (Mar 12)
- RE: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms adamv0025 (Mar 12)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Saku Ytti (Mar 12)
- RE: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms adamv0025 (Mar 13)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Masataka Ohta (Mar 09)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Jean-Daniel Pauget (Mar 08)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Saku Ytti (Mar 08)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Brandon Martin (Mar 08)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Jeroen Massar (Mar 08)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms William Herrin (Mar 08)