I'm not sure how to publish it, but this is what I see from a lot of
web services with load balancing products. any comments?
(bullet 1 is not very IPv6 specific, but will bite us since PMTUD is
on by default)
itojun
---
1. PMTUD blocked by load balancing product
consider the following topology.
web server farm
| MTU = 1500
load balancing product
| MTU = 1500
router A
| MTU = 1400
router B
| MTU = 1500
web client
with the above topology, if web server in the server farm turns path
MTUD discovery (PMTUD) turned on, it will transmit packets (to web
client) with DF bit set. router A will respond with ICMP need fragment
message as the packet will not go through the link between router A
and B. if the load balancing product filters out ICMP packets,
it will lead us to PMTUD blackhole (RFC2923).
so my suggestion is to make it impossible for users to block
ICMP need fragment messages.
2. IPv6 DNS queries responded with wrong error
If we have an FQDN with A record but AAAA record, query to AAAA
must result in DNS NOERROR message, with empty answer record.
however, there are load balancing products that responds to AAAA
query with NXDOMAIN (the domain does not exit) error. it will prevent
people from contacting the server with IPv4/v6 dual stack node,
as IPv6 dual stack node will query domain name as follows:
1. query AAAA.
2. get response. if the response is NXDOMAIN, since it is an indication
of "there's no such FQDN", quit. otherwise, gather addresses from
the response (it can be empty).
3. query A.
4. get response, gather addresses from the response (it can be empty).
5. contact addresses gathered, starting from AAAA (IPv6) then A (IPv4).
an (incorrect) example: spaceflight.nasa.gov.
itojun
itojun[coconut:~] dig spaceflight.nasa.gov. aaaa
; <<>> DiG 9.2.1 <<>> spaceflight.nasa.gov. aaaa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23335
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;spaceflight.nasa.gov. IN AAAA
;; ANSWER SECTION:
spaceflight.nasa.gov. 897 IN CNAME spaceflight.wip.nasa.gov.
;; AUTHORITY SECTION:
wip.nasa.gov. 10800 IN SOA 3dns.herndon.nasa.gov.
hostmaster.3dns.herndon.nasa.gov. 2001072025 28800 7200 604800 86400
;; Query time: 500 msec
;; SERVER: 127.0.0.1#53(0.0.0.0)
;; WHEN: Wed Jul 3 13:22:53 2002
;; MSG SIZE rcvd: 128
---------------------------------------------------------------------
The IPv6 Users Mailing List
Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]
