ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms

• Previous message (by thread): AWS - amzn-noc-contact
• Next message (by thread): FYI - Major upgrade this weekend to www.arin.net and ARIN Online
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    hello,

    I confess using IPv6 behind a 6in4 tunnel because the "Business-Class" service
    of the concerned operator doesn't handle IPv6 yet.

    as such, I realised that, as far as I can figure, ICMPv6 packet "too-big" (rfc 4443)
    seem to be ignored or filtered at ~60% of ClouFlare's http farms

    as a result, random sites such as http://nanog.org/ or https://www.ansible.com/
    are badly reachable whenever small mtu are involved ...

    support at cloudflare answered me that because I'm not the owner of concerned site,
    and because of security reasons, they wouldn't investigate further.

    are there security concerns with ICMP-too-big ?

    regards,

-- 
    Jean-Daniel Pauget                         http://rezopole.net/
    Rezopole/LyonIX                            +33 (0)4 27 46 00 50

• Previous message (by thread): AWS - amzn-noc-contact
• Next message (by thread): FYI - Major upgrade this weekend to www.arin.net and ARIN Online
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]