hello,
I confess using IPv6 behind a 6in4 tunnel because the "Business-Class"
service
of the concerned operator doesn't handle IPv6 yet.
as such, I realised that, as far as I can figure, ICMPv6 packet "too-big"
(rfc 4443)
seem to be ignored or filtered at ~60% of ClouFlare's http farms
as a result, random sites such as http://nanog.org/ or
https://www.ansible.com/
are badly reachable whenever small mtu are involved ...
support@cloudflare answered me that because I'm not the owner of concerned
site,
and because of security reasons, they wouldn't investigate further.
are there security concerns with ICMP-too-big ?
regards,
--
Jean-Daniel Pauget http://rezopole.net/
Rezopole/LyonIX +33 (0)4 27 46 00 50
