ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms

• Previous message (by thread): ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
• Next message (by thread): ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sent from my iPhone

> On Mar 5, 2019, at 01:31, Saku Ytti <saku at ytti.fi> wrote:
> 
>> On Tue, Mar 5, 2019 at 12:26 AM Mark Andrews <marka at isc.org> wrote:
>> 
>> Then Cloudflare should negotiate MSS’s that don’t generate PTB’s if
>> they have installed broken ECMP devices.  The simplest way to do that
> 
> Out of curiosity does that imply you are aware of non-broken ECMP
> devices, which are able to hash on the embedded original packet?

Parsing the icmp payload was something we considered in  rfc7690 but wasn’t one the approaches we pursued (we broadcasted the ptb to all hosts on the segment(s) behind the load balancers in our original implementation).

It actually seems like it is becoming feasible to do in an Ethernet switch ASIC like tofino if that is what you want to burn real estate on. Being worthwhile is another matter.


> 
> -- 
>  ++ytti
> 

• Previous message (by thread): ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
• Next message (by thread): ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]