Best practice for running 6to4 relays (was Re: 6to4 borkeness)
Michael Taht
m at teklibre.com
Thu Mar 20 01:58:30 CET 2008
Bernhard Schmidt wrote:
> Hi,
>
>>> b) pMTU discovery for the underlying IPv4 path seems to be a
>>> problematic item, so I set "ipv6 mtu 1280" to be on the safe side.
>> Is there a specific or minimum IOS release to avoid pMTU issues? Given
>> that this is an experiment it would be nice to go for broke and back off
>> when it breaks.
>
> Thinking about it again, pMTU might just be possible. All the 6to4
> relay that receives an ICMP(v4) unreachable (either yours in case of
> unicast source or the one closest to the MTU bottleneck in terms of
> BGP anycast) has to do is to generate an ICMPv6 unreachable error from
> it and send it to the IPv6 source. It should have enough of the header
> to do it.
>
> [ half an hour later ]
>
> Okay, did some tests. And reading. The reading was very important.
> Cisco (at least 12.4(18) and BSD complies with RFC3056 Section 4 and
> does not set the DF bit on the encapsulated traffic (even with "tunnel
> path-mtu-discovery"). Same thing applies for Kevin's BSD relay.
> Together this should account for most implementations out there.
>
> So basically you can set whatever value you like. Looking at the speed
> of most modern routing hardware doing fragmentation I still suggest
> something lower than most IPv4 access lines (at about 1400), because
> fragmentation on the way will probably hurt your performance more than
> a slightly higher packet rate.
>
> 1280 is a safe value :-)
Concur. the spec for MTU for 802.11 is 2304, btw, but I don't know
anyone that ever used it. It got crippled by fear of breaking 1500... I
think on a day that this bofh has nothing better to do he'll fiddle with
values very much above 1280....
Thanks for the info on IOS versions. I will check into linux compliance
here, too.
> Regards,
> Bernhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20080320/90d56e86/signature.bin
More information about the ipv6-ops
mailing list