ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
Fernando Gont
fgont at si6networks.com
Wed Mar 6 02:36:47 UTC 2019
On 5/3/19 03:26, Mark Andrews wrote:
>
>
>> On 5 Mar 2019, at 5:18 pm, Mark Tinka <mark.tinka at seacom.mu> wrote:
>>
>>
>>
>> On 5/Mar/19 00:25, Mark Andrews wrote:
>>
>>>
>>> Then Cloudflare should negotiate MSS’s that don’t generate PTB’s if
>>> they have installed broken ECMP devices. The simplest way to do that
>>> is to set the interface MTUs to 1280 on all the servers. Why should
>>> the rest of the world have to put up with their inability to purchase
>>> devices that work with RFC compliant data streams.
>>
>> I've had this issue with cdnjs.cloudflare.com for the longest time at my
>> house. But as some of you may recall, my little unwanted TCP MSS hack
>> for IPv6 last weekend fixed that issue for me.
>>
>> Not ideal, and I so wish IPv6 would work as designed, but…
>
> It does work as designed except when crap middleware is added. ECMP
> should be using the flow label with IPv6. It has the advantage that
> it works for non-0-offset fragments as well as 0-offset fragments and
> also works for transports other than TCP and UDP. This isn’t a protocol
> failure. It is shitty implementations.
Not to play devil's advocate but the IETF fot to publish a spec for ECMP
use of Flow Labels only a few years ago.
For quite a while, they were unasable... and might still be, for some
implementations.
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the NANOG
mailing list