Fixing MTU issues - would somebody like a 'tracepath6 from 47 different ISPs'? (Was: Test your connectivity for World IPv6 Day)
jeroen at unfix.org
Tue Jun 7 11:46:53 CEST 2011
First an insult: Folks who think that blocking ICMP is 'smart' and
'secure' please upgrade your brain and fix your local issue and at least
don't block ICMP Packet Too Big, it really is needed for a proper
functioning of the Internet.
Then the nice part:
There are in summary two awesome tools that can be used for debugging
MTU issues: tracepath6 and scamper.
Tracepath6 is afaik only available on Linux.
Scamper is afaik only BSD.
Both can tell you when a node does not respond to Packet Too Big.
When that happens, you pretty much know where the blackhole is.
If an ISP decides that they want to block all ICMP because it is
'secure', then that is their problem, as they are breaking the connectivity.
Even nicer part below...
On 2011-Jun-07 00:20, Tore Anderson wrote:
> For what it's worth we changed www.vg.no from 1280 to 1500 a couple of
> months ago. No complaints so far. In any case, the few users that have
> HE/SixXS/etc. tunnels can take care of themselves. If it breaks, they
> get to keep both parts.
In the case of SixXS folks get a MTU of 1280 per default.
They optionally can change it to something higher though and 5% of the
tunnels have a changed MTU: http://www.sixxs.net/misc/mtu/
That does mean indeed that close to 30k (active btw) tunnels have an MTU
of 1280. Most likely folks using Teredo/6to4 also have this.
As such, please do make sure that you don't block packet too big, as it
will hurt your connectivity, and the users will perceive as your site
As we are an operator list here, and we are gathered here to resolve
issues that affect the networks thus making our users happy and avoiding
that dreaded phone call in the middle of the night that something is
broken and it has to be fixed now, one can at the moment verify
connectivity for your hosts from all the SixXS PoPs, which thus means
from 47 different locations inside about 20 ISPs, you can run a 'mtr'
effectively through our web interface.
This shows that a traceroute works, if enough people want though, then
yell here on the list with a "+1" and I'll work on it tonight that I get
a tracepath6 exposed from the PoPs that can offer it, that or option B
would be that I set up a tunnel from each of the PoPs to one host, and
then set an MTU of 1280 on those tunnels and allow people to get a
result of a tracepath6 from that, that will show you if you are
reachable from behind 47 locations in the world..... would anybody see a
need for that?
More information about the ipv6-ops