I can fetch the header of websites via IPv6 but not the webpage, why?
Hannes Frederic Sowa
hannes at stressinduktion.org
Mon Jan 20 14:58:35 CET 2014
On Mon, Jan 20, 2014 at 11:59:39AM +0100, Tore Anderson wrote:
> Or, even better, get rid of the tunneling crap and get native IPv6. This
> is a very common problem for IPv6 tunnels. As a web site operator I
> would actually prefer it if people stayed IPv4-only until their ISP
> could provide them with properly supported IPv6 connectivity. Oh well...
Tunnels should actually work fine and icmp rate limiting should take
place per destination (or on a /64 boundary). Either someone messed up
their filters or we have a software bug (maybe we should just introduce
a netfilter target which does mid-path fragmentation of IPv6 packets :P ).
We had some pretty significant bugs in pmtud in linux which were fixed some
while ago:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e3bc10bd95d7fcc3f2ac690c6ff22833ea6781d6
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=01ba16d6ec85a1ec4669c75513a76b61ec53ee50
But they have not yet been integrated in all the vendor's kernel.
Especially on heavy loaded servers we need some way to ensure longer pmtu
lifetimes in the routing table. Currently they can easily get evacuated
too fast if lots of IPv6 flows hit a linux end host and should hold on
at least the minimal time the administrator had configured.
Greetings,
Hannes
More information about the ipv6-ops
mailing list