nanog mailing list archives
Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
From: Mark Andrews <marka () isc org>
Date: Wed, 6 Mar 2019 15:21:22 +1100
On 6 Mar 2019, at 1:36 pm, Fernando Gont <fgont () si6networks com> wrote: On 5/3/19 03:26, Mark Andrews wrote:On 5 Mar 2019, at 5:18 pm, Mark Tinka <mark.tinka () seacom mu> wrote: On 5/Mar/19 00:25, Mark Andrews wrote:Then Cloudflare should negotiate MSS’s that don’t generate PTB’s if they have installed broken ECMP devices. The simplest way to do that is to set the interface MTUs to 1280 on all the servers. Why should the rest of the world have to put up with their inability to purchase devices that work with RFC compliant data streams.I've had this issue with cdnjs.cloudflare.com for the longest time at my house. But as some of you may recall, my little unwanted TCP MSS hack for IPv6 last weekend fixed that issue for me. Not ideal, and I so wish IPv6 would work as designed, but…It does work as designed except when crap middleware is added. ECMP should be using the flow label with IPv6. It has the advantage that it works for non-0-offset fragments as well as 0-offset fragments and also works for transports other than TCP and UDP. This isn’t a protocol failure. It is shitty implementations.Not to play devil's advocate but the IETF fot to publish a spec for ECMP use of Flow Labels only a few years ago. For quite a while, they were unasable... and might still be, for some implementations.
And if it is still using the quintuple the PTB has all the necessary information for unfragmented and 0 offset fragment packets (which there shouldn’t be with a working TCP stack) to be passed through.
-- Fernando Gont SI6 Networks e-mail: fgont () si6networks com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms, (continued)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Mark Tinka (Mar 04)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Mark Andrews (Mar 04)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Mark Tinka (Mar 04)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Joel Jaeggli (Mar 05)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Thomas Bellman (Mar 05)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms,Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms sthaug (Mar 05)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Stephen Satchell (Mar 05)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Bjørn Mork (Mar 05)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Hunter Fuller (Mar 05)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Fernando Gont (Mar 05)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Mark Andrews (Mar 05)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Saku Ytti (Mar 05)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Joel Jaeggli (Mar 05)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Saku Ytti (Mar 05)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Töma Gavrichenkov (Mar 08)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Saku Ytti (Mar 08)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Tarko Tikan (Mar 08)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Töma Gavrichenkov (Mar 08)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Saku Ytti (Mar 08)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Töma Gavrichenkov (Mar 08)
- Re: ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms Saku Ytti (Mar 08)