Test your connectivity for World IPv6 Day

Frank Bulk frnkblk at iname.com
Tue Jun 7 19:17:36 CEST 2011


If a host is behind a firewall that filters ICMPv6 messages and the person
managing the host can't change/fix the firewall, then yes, temporarily
lowering the hosts MTU makes sense.  While working to get that firewall
reconfigured or fixed.

-----Original Message-----
From: ipv6-ops-bounces+frnkblk=iname.com at lists.cluenet.de
[mailto:ipv6-ops-bounces+frnkblk=iname.com at lists.cluenet.de] On Behalf Of
Rémi Després
Sent: Tuesday, June 07, 2011 10:11 AM
To: Tore Anderson
Cc: IPv6-OPS
Subject: Re: Test your connectivity for World IPv6 Day

<snip>

A tunnel supporting less than 1500 must indeed return ICMP PTB messages like
any tunnel.

But if the source host has a firewall that filters inbound ICMPv6 messages,
this becomes this host's problem.
It becomes also a problem of hosts it communicates with although these hosts
have no responsibility in the problem.

This host avoids the problem if it works with an "effective MTU for sending"
of 1280 for off-link destinations, except for paths where PMTUD has detected
better values.

> I refuse to work
> around their defective network by crippling the MTU for all my visitors.

In my understanding, it isn't a problem of defective ISP network.
It is a problem of uncertain effectiveness, so far, of PMTUD (worse in UDP
than in TCP, and aggravated where some firewalls unduly filter ICMPv6
messages). 

> 
> What MTU do you recommend for IPv4 servers, by the way? 576 or 68?

As you of course know, despite this ironic question, the problem comes up in
IPv6 because routers can no longer fragment packets.


Regards,
RD





More information about the ipv6-ops mailing list