WIndows Updates Fail Via IPv6 - Update!

• Previous message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Next message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/3/19 03:29, Mark Andrews wrote:
> 
> 
>> On 6 Mar 2019, at 3:37 pm, Fernando Gont <fgont at si6networks.com> wrote:
>>
>> On 6/3/19 01:09, Mark Andrews wrote:
>>>
>>>
>>>> On 6 Mar 2019, at 1:30 pm, Fernando Gont <fgont at si6networks.com> wrote:
>>>>
>>>> On 3/3/19 18:04, Mark Andrews wrote:
>>>>> There are lots of IDIOTS out there that BLOCK ALL ICMP.  That blocks PTB getting
>>>>> back to the TCP servers.  There are also IDIOTS that deploy load balancers that
>>>>> DO NOT LOOK INSIDE ICMP messages for redirecting ICMP messages to the correct
>>>>> back end.  There are also IDOITS that rate limit PTB generation to ridiculously
>>>>> low rates.  One should be able to generate PTB at line rate.
>>>>>
>>>>> Everyone that has configured mss-fix-up has contributed to misunderstanding that
>>>>> you can block ICMP.  It is time we had a flag day to REMOVE mss-fix-up from all
>>>>> the boxes you control.  We need to get PTB working and unfortunately that means
>>>>> that we need to stop pandering to admins who don’t know how IP is supposed to
>>>>> work.  ICMP is NOT optional.
>>>>
>>>> It would seem IETF's intention is to actually move away from
>>>> ICMPv6-based PMTUD, to the extent that is possible. (RFC4821).
>>>
>>> Which is not a reason to not fix broken equipment and misconfigured firewalls.
>>> The workarounds are basically there because people deploy broken equipment.
>>
>> Agreed. That said, it wasn't solved in 30+ years of IPv4. Do you have
>> hopes it will be different with IPv6?
> 
> Make a big enough stink and it will get fixed.  People just don’t make enough of
> a stink.  Use social media.  None of the companies with broken firewalls really
> want their idiotic practices pointed out in public.  Start doing so every time
> you see it #STUPIDFIREWALL.

At times, it's fw defaults. Other times, it is admin policies.

RFC4821 seems to signal that the IETF has given up in making ICMP-based
PMTUD work, and aims at a (mostly) ICMP-free PMTUD.

Essentially, when brokenness is widespread, you have to come-up with
workarounds. And when workarounds are sufficiently widespread, there's
less of an incentive to fix the original issue.

Other times, there's a disconnect between with protocol standards,
products, and operational requirements. That's the case of IPv6 EHs.
This is their usability on the public Internet: RFC 7872.  And these are
some of the reasons why you get the numbers in RFC 7872:
https://tools.ietf.org/html/draft-gont-v6ops-ipv6-ehs-packet-drops

Cheers,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

• Previous message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Next message (by thread): WIndows Updates Fail Via IPv6 - Update!
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]