nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms

From: Mark Andrews <marka () isc org>
Date: Tue, 5 Mar 2019 09:25:48 +1100


On 5 Mar 2019, at 6:06 am, Saku Ytti <saku () ytti fi> wrote:

Hey Jean,


   I confess using IPv6 behind a 6in4 tunnel because the "Business-Class" service
   of the concerned operator doesn't handle IPv6 yet.

   as such, I realised that, as far as I can figure, ICMPv6 packet "too-big" (rfc 4443)
   seem to be ignored or filtered at ~60% of ClouFlare's http farms


Might be related to this:
https://blog.cloudflare.com/path-mtu-discovery-in-practice/

If you run ECMP then the hash algorithms make no guarantees ICMP
messages generated by transit devices reach the correct host.



Then Cloudflare should negotiate MSS’s that don’t generate PTB’s if
they have installed broken ECMP devices.  The simplest way to do that
is to set the interface MTUs to 1280 on all the servers.  Why should
the rest of the world have to put up with their inability to purchase
devices that work with RFC compliant data streams.

Mark


-- 
 ++ytti


-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka () isc org
Previous By Date Next
Previous By Thread Next

Current thread: