Best practice for running 6to4 relays (was Re: 6to4 borkeness)
Bernhard Schmidt
berni at birkenwald.de
Thu Mar 20 01:45:54 CET 2008
Hi,
>> b) pMTU discovery for the underlying IPv4 path seems to be a
>> problematic item, so I set "ipv6 mtu 1280" to be on the safe side.
> Is there a specific or minimum IOS release to avoid pMTU issues? Given
> that this is an experiment it would be nice to go for broke and back off
> when it breaks.
Thinking about it again, pMTU might just be possible. All the 6to4 relay
that receives an ICMP(v4) unreachable (either yours in case of unicast
source or the one closest to the MTU bottleneck in terms of BGP anycast)
has to do is to generate an ICMPv6 unreachable error from it and send it
to the IPv6 source. It should have enough of the header to do it.
[ half an hour later ]
Okay, did some tests. And reading. The reading was very important. Cisco
(at least 12.4(18) and BSD complies with RFC3056 Section 4 and does not
set the DF bit on the encapsulated traffic (even with "tunnel
path-mtu-discovery"). Same thing applies for Kevin's BSD relay. Together
this should account for most implementations out there.
So basically you can set whatever value you like. Looking at the speed
of most modern routing hardware doing fragmentation I still suggest
something lower than most IPv4 access lines (at about 1400), because
fragmentation on the way will probably hurt your performance more than a
slightly higher packet rate.
1280 is a safe value :-)
Regards,
Bernhard
More information about the ipv6-ops
mailing list