WIndows Updates Fail Via IPv6 - Update!

• Previous message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Next message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There are lots of IDIOTS out there that BLOCK ALL ICMP.  That blocks PTB getting
back to the TCP servers.  There are also IDIOTS that deploy load balancers that
DO NOT LOOK INSIDE ICMP messages for redirecting ICMP messages to the correct
back end.  There are also IDOITS that rate limit PTB generation to ridiculously
low rates.  One should be able to generate PTB at line rate.

Everyone that has configured mss-fix-up has contributed to misunderstanding that
you can block ICMP.  It is time we had a flag day to REMOVE mss-fix-up from all
the boxes you control.  We need to get PTB working and unfortunately that means
that we need to stop pandering to admins who don’t know how IP is supposed to
work.  ICMP is NOT optional.

If you don’t want to do PMTUD then DO NOT SEND packet bigger than the network
MTU.  For IPv6 set IPV6_USE_MIN_MTU 1 on the socket.  On a properly written
IP stack this will result in TCP MSS negotiation to the same value.  Yes, it is
a requirement of TCP to pay attention to this as it becomes the effective MTU
of the outgoing interface even if it wasn’t explicitly written into the RFC
that defined IPV6_USE_MIN_MTU.

Mark

> On 4 Mar 2019, at 6:13 am, Mark Tinka <mark.tinka at seacom.mu> wrote:
> 
> 
> 
> On 3/Mar/19 18:05, Jeroen Massar wrote:
> 
>> IPv6 requires a minimum MTU of 1280.
>> 
>> If you cannot transport it, then the transport (the tunnel in this case) needs to handle the fragmentation of packets of 1280 down to whatever does fit in the tunnel.
> 
> As you know, IPv6 does not support fragmentation in transit. So that's
> not an option.
> 
> Host fragmentation is per standard, but signaling of that was not so
> successful in IPv4. Real world scenarios for IPv6 (reasonably) apply here.
> 
> 
>> Have fun with all your UDP traffic that does not care about your TCP MSS adjustment. You just hid the problem...
> 
> I considered this issue, but as with all things UDP re: fragmentation,
> it depends.
> 
> Testing I've been doing all day shows previously (mostly-TCP) issues
> have resolved, and I've not run into any major problems that are
> impacting UDP. Nonetheless, I'm keeping an eye out.
> 
> 
>> 
>> And a correctly configured MTU is especially going to be fun with "HTTP/3" that is being pushed through, even though the predecessor QUIC does not care about MTU at all... good that it is all in the hands of a company that can fix it themselves ;)
> 
> Is it an ideal situation? About as ideal as flying in the cargo bay. But
> my reality is that until my FTTH provider can deliver native IPv6, this
> is what I have.
> 
> Mark.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

• Previous message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Next message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]