PMTUD broken with ipv6.juniper.net?
Daniel Roesen
dr at cluenet.de
Wed Feb 2 22:45:03 CET 2011
On Wed, Feb 02, 2011 at 07:47:38AM -0500, Jared Mauch wrote:
> I want to get the broken network elements fixed. If you see any in
> the NTT network, please let me know as I want to solve it.
Not really your network, but your customer.
It looks like PMTUD is broken on http://ipv6.juniper.net/ - folks with
MTU 1500 IPv6 access have no problems, but I'm behind a tunnel at home,
but not doing MSS clamping, so advertising MSS=1440. Net result looks
like "something" is prolly filtering the ICMP frag needed packets from
the tunnel broker.
Forward path: SixXS broker at AS8422 -> AS1299 -> NTT -> JNPR
...
14 182 ms 182 ms 182 ms ae-1.r06.mlpsca01.us.bb.gin.ntt.net [2001:418:0:2000::366]
15 183 ms 182 ms 196 ms fa-0.juniper-networks.mlpsca01.us.bb.gin.ntt.net [2001:418:9800:5000::6]
16 * * * Request timed out.
Source IP within 2001:4dd0:fea5::/48
If you have contacts for IPv6 firewalls at JNPR, would be nice to get in
touch with them sorting that out. Cannot be that they completely filter
ICMP for s3cUriTy? :-P
Best regards,
Daniel
--
CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0
More information about the ipv6-ops
mailing list