A10 AX fragmentation issue
George Bonser
gbonser at seven.com
Sun May 29 03:49:14 CEST 2011
Ok, there is another thing to check. If the ICMP packet is being
generated from behind a NAT it may not be effective.
Is this a v4 ICMP packet or a V6 ICMP packet? If it is v4 and if it is
being generated from behind NAT, it probably isn't going to work (ICMP
says packet to 10.1.2.3 is too big, balancer says "I don't have a
connection to 10.1.2.3, I have a connection to 123.45.67.89" )
But again, setting that sysctl in the real servers if they are Linux
will eliminate the need for ICMP to do PMTUD. ICMP PMTUD should never
be expected to work anyway which is why it is not the default mechanism
anymore with Windows or Solaris. Too many people block ICMP in their
networks or the ICMP is being generated from behind a NAT and contains
nonsensical information.
From: ipv6-ops-bounces+gbonser=seven.com at lists.cluenet.de
[mailto:ipv6-ops-bounces+gbonser=seven.com at lists.cluenet.de] On Behalf
Of Cameron Byrne
Sent: Saturday, May 28, 2011 11:54 AM
To: ipv6-ops at lists.cluenet.de
Subject: Re: A10 AX fragmentation issue
On May 28, 2011 11:14 AM, "Daniel Roesen" <dr at cluenet.de> wrote:
>
> On Sat, May 28, 2011 at 10:07:02AM -0700, George Bonser wrote:
> > Is this an A10 issue or is this a problem with ICMP PMTU discovery
in
> > general?
>
> The former. The AX doesn't react to the ICMP packet too big and
> continues sending packets unfragmented.
>
Any chance you have a bug filed with them and can share the bug Id?
Cb
> Best regards,
> Daniel
>
> --
> CLUE-RIPE -- Jabber: dr at cluenet.de -- dr at IRCnet -- PGP: 0xA85C8AA0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.cluenet.de/pipermail/ipv6-ops/attachments/20110528/dcaf66d3/attachment-0001.html
More information about the ipv6-ops
mailing list