ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
Mark Andrews
marka at isc.org
Wed Mar 6 04:21:22 UTC 2019
> On 6 Mar 2019, at 1:36 pm, Fernando Gont <fgont at si6networks.com> wrote:
>
> On 5/3/19 03:26, Mark Andrews wrote:
>>
>>
>>> On 5 Mar 2019, at 5:18 pm, Mark Tinka <mark.tinka at seacom.mu> wrote:
>>>
>>>
>>>
>>> On 5/Mar/19 00:25, Mark Andrews wrote:
>>>
>>>>
>>>> Then Cloudflare should negotiate MSS’s that don’t generate PTB’s if
>>>> they have installed broken ECMP devices. The simplest way to do that
>>>> is to set the interface MTUs to 1280 on all the servers. Why should
>>>> the rest of the world have to put up with their inability to purchase
>>>> devices that work with RFC compliant data streams.
>>>
>>> I've had this issue with cdnjs.cloudflare.com for the longest time at my
>>> house. But as some of you may recall, my little unwanted TCP MSS hack
>>> for IPv6 last weekend fixed that issue for me.
>>>
>>> Not ideal, and I so wish IPv6 would work as designed, but…
>>
>> It does work as designed except when crap middleware is added. ECMP
>> should be using the flow label with IPv6. It has the advantage that
>> it works for non-0-offset fragments as well as 0-offset fragments and
>> also works for transports other than TCP and UDP. This isn’t a protocol
>> failure. It is shitty implementations.
>
> Not to play devil's advocate but the IETF fot to publish a spec for ECMP
> use of Flow Labels only a few years ago.
>
> For quite a while, they were unasable... and might still be, for some
> implementations.
And if it is still using the quintuple the PTB has all the necessary information
for unfragmented and 0 offset fragment packets (which there shouldn’t be with a
working TCP stack) to be passed through.
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont at si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG
mailing list