ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
Joel Jaeggli
joelja at bogus.com
Tue Mar 5 10:09:15 UTC 2019
Sent from my iPhone
> On Mar 5, 2019, at 01:31, Saku Ytti <saku at ytti.fi> wrote:
>
>> On Tue, Mar 5, 2019 at 12:26 AM Mark Andrews <marka at isc.org> wrote:
>>
>> Then Cloudflare should negotiate MSS’s that don’t generate PTB’s if
>> they have installed broken ECMP devices. The simplest way to do that
>
> Out of curiosity does that imply you are aware of non-broken ECMP
> devices, which are able to hash on the embedded original packet?
Parsing the icmp payload was something we considered in rfc7690 but wasn’t one the approaches we pursued (we broadcasted the ptb to all hosts on the segment(s) behind the load balancers in our original implementation).
It actually seems like it is becoming feasible to do in an Ethernet switch ASIC like tofino if that is what you want to burn real estate on. Being worthwhile is another matter.
>
> --
> ++ytti
>
More information about the NANOG
mailing list