On Wed, Oct 01, 2014 at 10:09:49AM -0500, Mark Felder via Outages wrote: > > > On Wed, Oct 1, 2014, at 09:37, Chuck Anderson via Outages wrote: > > On Wed, Oct 01, 2014 at 02:17:01PM +0000, Gary Gapinski via Outages > > wrote: > > > On 10/01/2014 01:50 PM, Chuck Anderson via Outages wrote: > > > >While on my Hurricane Electric IPv6 tunnel, I cannot access > > > >juniper.net unless I change my local interface MTU. 1500 fails, but > > > >1280 works. I noticed this a few days ago. Before that I had no > > > >problems with a 1500 MTU. Is anyone else seeing this issue? > > > > > > No, but if your are using a 6in4 tunnel, the MTU should be 1480 (not > > > 1500). > > > > > > (I just successfully went to www.juniper.net via IPv6 with that MTU 1480.) > > > > My tunnel router has a 1280 MTU on the henet interface: > > > > 6in4-henet Link encap:IPv6-in-IPv4 > > inet6 addr: 2001:470:xxxx:xxxx::2/64 Scope:Global > > inet6 addr: fe80::xxxx:xxxx/128 Scope:Link > > UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1 > > RX packets:17148418 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:12347808 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:2660258163 (2.4 GiB) TX bytes:2833651623 (2.6 GiB) > > > > But the LAN interface of that router has an MTU of 1500, as does my > > desktop system. I believe the issue is that the juniper.net web > > server has an MTU of 1500 and their network or somewhere along the > > path is blocking ICMP Packet Too Big messages that would be sent by > > the HE.net tunnel router. > > > > Like I said, I changed nothing on my end, and it was working before. > > I don't know if juniper.net just added IPv6 to their website, or if > > something else changed in the path. > > > > It's nearly a requirement to lower your MTU / enable mss-clamping when > doing ipv6 tunnels. It's possible some connectivity of yours was broken > and you just didn't notice it until now. I had to do this on my J series > and I also have to do it on my OpenBSD firewall -- > > # mss clamping down to 1280. 1220 + 60 for ipv6 header > match on egress all scrub (random-id no-df max-mss 1220) > > The whole fragmentation situation with IPv6 is kind of a joke > > http://en.wikipedia.org/wiki/IPv6_packet#Fragmentation
I know. But I'm reporting this here on outages in the hopes that a responsible party would see it and can fix the root cause of this particular issue. E.g. stop dropping ICMP Packet Too Big. _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages