WIndows Updates Fail Via IPv6 - Update!
Mark Andrews
marka at isc.org
Wed Mar 6 06:29:55 UTC 2019
> On 6 Mar 2019, at 3:37 pm, Fernando Gont <fgont at si6networks.com> wrote:
>
> On 6/3/19 01:09, Mark Andrews wrote:
>>
>>
>>> On 6 Mar 2019, at 1:30 pm, Fernando Gont <fgont at si6networks.com> wrote:
>>>
>>> On 3/3/19 18:04, Mark Andrews wrote:
>>>> There are lots of IDIOTS out there that BLOCK ALL ICMP. That blocks PTB getting
>>>> back to the TCP servers. There are also IDIOTS that deploy load balancers that
>>>> DO NOT LOOK INSIDE ICMP messages for redirecting ICMP messages to the correct
>>>> back end. There are also IDOITS that rate limit PTB generation to ridiculously
>>>> low rates. One should be able to generate PTB at line rate.
>>>>
>>>> Everyone that has configured mss-fix-up has contributed to misunderstanding that
>>>> you can block ICMP. It is time we had a flag day to REMOVE mss-fix-up from all
>>>> the boxes you control. We need to get PTB working and unfortunately that means
>>>> that we need to stop pandering to admins who don’t know how IP is supposed to
>>>> work. ICMP is NOT optional.
>>>
>>> It would seem IETF's intention is to actually move away from
>>> ICMPv6-based PMTUD, to the extent that is possible. (RFC4821).
>>
>> Which is not a reason to not fix broken equipment and misconfigured firewalls.
>> The workarounds are basically there because people deploy broken equipment.
>
> Agreed. That said, it wasn't solved in 30+ years of IPv4. Do you have
> hopes it will be different with IPv6?
Make a big enough stink and it will get fixed. People just don’t make enough of
a stink. Use social media. None of the companies with broken firewalls really
want their idiotic practices pointed out in public. Start doing so every time
you see it #STUPIDFIREWALL.
> Thanks,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont at si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG
mailing list