Re: [swinog] SBB partially reachable via IPv6

Mon, 21 Oct 2019 03:33:35 -0700 

Good late morning,

All fixed by now - I was notified that ipv6/https was unreachable due to
maintenance at SBB last night.

curl -6 -I -v https://sbb.ch as well as a real browser now work again.

Thanks everyone for the fast response!

Sunny greetings from Glarus,

Nico

p.s.: MTU on my test boxes was 9000 and 1500, both had the same issue yesterday.


Müller Urs (IT-OM-SDP-SDN) <urs.bf.muel...@sbb.ch> writes:

> Hello everybody
>
> We are still having issues with the MTU detection.
> At the moment, we are translating on our Internet-Router and internal 
> Loadbalancers are unaware or unable to talk back to the webserver, if the MTU 
> is smaller than usual.
> This happens usually with Tunnelbrokers or some (self built) Firewall/Routers.
>
> Hope, we will bring IPv6 deeper into our network until Q2/2020 and fix that 
> nasty issue with that.
>
> If Nico could try to look into his MTU and perhaps share it's hardware specs?
>
> I am connecting with EdgeRouter Pro and through INIT7/Fiber7.
>
> :~$ curl -6 -l -v https://sbb.ch
> * Rebuilt URL to: https://sbb.ch/
> *   Trying 2a00:4bc0:ffff:ffff::c296:f58e...
> * TCP_NODELAY set
> * Connected to sbb.ch (2a00:4bc0:ffff:ffff::c296:f58e) port 443 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * successfully set certificate verify locations:
> *   CAfile: /etc/ssl/certs/ca-certificates.crt
>   CApath: /etc/ssl/certs
> * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
> * ALPN, server accepted to use http/1.1
> * Server certificate:
> *  subject: jurisdictionC=CH; jurisdictionST=Bern; 
> serialNumber=CHE-102.909.703; businessCategory=Private Organization; C=CH; 
> ST=Bern; L=Bern; O=Schweizerische Bundesbahnen SBB; OU=IT; CN=www.sbb.ch
> *  start date: Jul 25 14:52:45 2019 GMT
> *  expire date: Jul 25 14:52:45 2021 GMT
> *  subjectAltName: host "sbb.ch" matched cert's "sbb.ch"
> *  issuer: C=CH; O=SwissSign AG; CN=SwissSign EV Gold CA 2014 - G22
> *  SSL certificate verify ok.
>
> Regards, Urs
>
> Urs Müller
> Schweizerische Bundesbahnen SBB
> Senior Architekt
> IT Operations Management - Service Design
> Lindenhofstrasse 1 - Worblaufen, 3000 Bern 65
> urs.bf.muel...@sbb.ch / www.sbb.ch
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: swinog-boun...@lists.swinog.ch <swinog-boun...@lists.swinog.ch> Im 
> Auftrag von Silvan M. Gebhardt
> Gesendet: Montag, 21. Oktober 2019 09:59
> An: Benoit Panizzon <benoit.paniz...@imp.ch>
> Cc: swinog <swinog@lists.swinog.ch>
> Betreff: Re: [swinog] SBB partially reachable via IPv6
>
> SBB is a test case for proper MTU. Check your MTU ;)
>
>
> ----- Ursprüngliche Mail -----
> Von: "Benoit Panizzon" <benoit.paniz...@imp.ch>
> An: "swinog" <swinog@lists.swinog.ch>
> Gesendet: Montag, 21. Oktober 2019 07:40:15
> Betreff: Re: [swinog] SBB partially reachable via IPv6
>
> Works for me:
> $ telnet sbb.ch https
> Trying 2a00:4bc0:ffff:ffff::c296:f58e...
> Connected to sbb.ch.
>
> $ openssl s_client -connect sbb.ch:https
> CONNECTED(00000003)
> depth=2 C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2 verify return:1
> depth=1 C = CH, O = SwissSign AG, CN = SwissSign EV Gold CA 2014 - G22 verify 
> return:1
> depth=0 jurisdictionC = CH, jurisdictionST = Bern, serialNumber = 
> CHE-102.909.703, businessCategory = Private Organization, C = CH, ST = Bern, 
> L = Bern, O = Schweizerische Bundesbahnen SBB, OU = IT, CN = www.sbb.ch 
> verify return:1
> ---
> Certificate chain
>  0 s:jurisdictionC = CH, jurisdictionST = Bern, serialNumber = 
> CHE-102.909.703, businessCategory = Private Organization, C = CH, ST = Bern, 
> L = Bern, O = Schweizerische Bundesbahnen SBB, OU = IT, CN = www.sbb.ch
>    i:C = CH, O = SwissSign AG, CN = SwissSign EV Gold CA 2014 - G22
>  1 s:C = CH, O = SwissSign AG, CN = SwissSign EV Gold CA 2014 - G22
>    i:C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2
>
> Mit freundlichen Grüssen
>
> -Benoît Panizzon-


--
Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch


_______________________________________________
swinog mailing list
swinog@lists.swinog.ch
http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Antwort per Email an