Test your connectivity for World IPv6 Day
remi.despres at free.fr
Tue Jun 7 17:10:49 CEST 2011
Le 7 juin 2011 à 15:56, Tore Anderson a écrit :
>>> For real deployments, on the other hand ... well, I'm hoping no
>>> serious ISP or content provider will willingly put their end users
>>> or web sites behind MTU-impaired links or tunnels. Recipe for
>>> disaster if you ask me.
>> What do you mean, precisely, by "MTU-impaired links or tunnels"?
> If an ISP, a tunnel broker, or a concious tunnel-using end user are
> using a link/tunnel that has a MTU lower than 1500 but where PMTUD does
> not work reliably, that is their problem, not mine.
A tunnel supporting less than 1500 must indeed return ICMP PTB messages like any tunnel.
But if the source host has a firewall that filters inbound ICMPv6 messages, this becomes this host's problem.
It becomes also a problem of hosts it communicates with although these hosts have no responsibility in the problem.
This host avoids the problem if it works with an "effective MTU for sending" of 1280 for off-link destinations, except for paths where PMTUD has detected better values.
> I refuse to work
> around their defective network by crippling the MTU for all my visitors.
In my understanding, it isn't a problem of defective ISP network.
It is a problem of uncertain effectiveness, so far, of PMTUD (worse in UDP than in TCP, and aggravated where some firewalls unduly filter ICMPv6 messages).
> What MTU do you recommend for IPv4 servers, by the way? 576 or 68?
As you of course know, despite this ironic question, the problem comes up in IPv6 because routers can no longer fragment packets.
> Tore Anderson
> Redpill Linpro AS - http://www.redpill-linpro.com/
> Tel: +47 21 54 41 27
More information about the ipv6-ops