(Cc:s trimmed) On 2018-12-12 09:06, Wes Hardaker wrote: > Brian E Carpenter <[email protected]> writes: > >> "By in large, this flow label changing behaviour has been traced to >> IPv6 supporting CPE/firewalls, which change the flow label between the >> initial syn and the ack." >> >> Broken middleboxes can prevent anything from working properly. > > With my <operator> hat on, we have indeed run into a problem where a > small (~ 2%) of IPv6 TCP sessions to us were failing due to FlowLabels > being used in ECMP hashing. We had to turn off the usage of FlowLabel > in the hashing because of even a small real world impact to end-users.
It's a shame. Can you characterise those sessions in any way? (This shouldn't invalidate ECMP/LAG usage as described in RFC6438, since there it is the operator that sets the flow label.) Brian _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
