ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
Joel Jaeggli
joelja at bogus.com
Tue Mar 5 09:20:11 UTC 2019
Sent from my iPhone
> On Mar 4, 2019, at 22:26, Mark Andrews <marka at isc.org> wrote:
>
>
>
>> On 5 Mar 2019, at 5:18 pm, Mark Tinka <mark.tinka at seacom.mu> wrote:
>>
>>
>>
>>> On 5/Mar/19 00:25, Mark Andrews wrote:
>>>
>>>
>>> Then Cloudflare should negotiate MSS’s that don’t generate PTB’s if
>>> they have installed broken ECMP devices. The simplest way to do that
>>> is to set the interface MTUs to 1280 on all the servers. Why should
>>> the rest of the world have to put up with their inability to purchase
>>> devices that work with RFC compliant data streams.
>>
>> I've had this issue with cdnjs.cloudflare.com for the longest time at my
>> house. But as some of you may recall, my little unwanted TCP MSS hack
>> for IPv6 last weekend fixed that issue for me.
>>
>> Not ideal, and I so wish IPv6 would work as designed, but…
>
> It does work as designed except when crap middleware is added. ECMP
> should be using the flow label with IPv6. It has the advantage that
> it works for non-0-offset fragments as well as 0-offset fragments and
> also works for transports other than TCP and UDP. This isn’t a protocol
> failure. It is shitty implementations.
Your mobile carrier’s stateless tcp accelerator should stop sending acks with a zero flow label so we can actually identify them as part of the same flow...
There a lot of headwind in the real world for using the flow label as a hash component.
>
>> Mark.
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
>
More information about the NANOG
mailing list