Re: I can fetch the header of websites via IPv6 but not the webpage, why?
The solution was setting the MTU to 1480 in radvd in the router: option AdvLinkMTU 1480 # option AdvLinkMTU 1452 On Mon, Jan 20, 2014 at 5:22 PM, Ez Egy ezegyemailcim...@gmail.com wrote: As I said: 1) I have a native IPv6 connection on my Desktop behind my router. - So there is no tunnel. Only native IPv6 that the Hungarian telekom.hu gives. 2) We will try out setting manually the MSS to 1392, hopefully that could be a good workaround. 3) We will try out the site: http://netalyzr.icsi.berkeley.edu/ I will post the status here later, Thanks! On Mon, Jan 20, 2014 at 11:59 AM, Tore Anderson t...@fud.no wrote: * Ez mail Since I have no fr**king clue what could the problem be, I'm trying on this list :) I concur 100% with Erik's assessment that this in all likelihood is a PMTUD problem, specifically in the web_server-your_desktop direction. I'd just like to add that the fact that you see it happening to several independent websites that are known to be operated by competent staff, and that the problem comes and goes, further indicates that it is due to rate-limiting of ICMPv6 PTB replies from your tunnel broker's tunneling router/server. The ICSI Netalyzr (http://netalyzr.icsi.berkeley.edu/) will give you very useful debugging output from the outside point of view. You might have to run it a few times to to reveal the MTU blackhole though, due to the problem's intermittent nature. As Erik mentions, lowering the TCP MSS will likely work around the problem. You can probably do this by having the RAs your router emits to the LAN advertise an MTU of 1452 to match your tunnel (which in turn should make your desktop default to a TCP MSS of 1392), and/or have your router rewrite (clamp) the MSS value in TCP packets it forwards to/from the tunnel to 1392. Or, even better, get rid of the tunneling crap and get native IPv6. This is a very common problem for IPv6 tunnels. As a web site operator I would actually prefer it if people stayed IPv4-only until their ISP could provide them with properly supported IPv6 connectivity. Oh well... Tore
Re: I can fetch the header of websites via IPv6 but not the webpage, why?
1452 is the good one :D On Tue, Jan 21, 2014 at 9:30 PM, Ez Egy ezegyemailcim...@gmail.com wrote: The solution was setting the MTU to 1480 in radvd in the router: option AdvLinkMTU 1480 # option AdvLinkMTU 1452 On Mon, Jan 20, 2014 at 5:22 PM, Ez Egy ezegyemailcim...@gmail.comwrote: As I said: 1) I have a native IPv6 connection on my Desktop behind my router. - So there is no tunnel. Only native IPv6 that the Hungarian telekom.hugives. 2) We will try out setting manually the MSS to 1392, hopefully that could be a good workaround. 3) We will try out the site: http://netalyzr.icsi.berkeley.edu/ I will post the status here later, Thanks! On Mon, Jan 20, 2014 at 11:59 AM, Tore Anderson t...@fud.no wrote: * Ez mail Since I have no fr**king clue what could the problem be, I'm trying on this list :) I concur 100% with Erik's assessment that this in all likelihood is a PMTUD problem, specifically in the web_server-your_desktop direction. I'd just like to add that the fact that you see it happening to several independent websites that are known to be operated by competent staff, and that the problem comes and goes, further indicates that it is due to rate-limiting of ICMPv6 PTB replies from your tunnel broker's tunneling router/server. The ICSI Netalyzr (http://netalyzr.icsi.berkeley.edu/) will give you very useful debugging output from the outside point of view. You might have to run it a few times to to reveal the MTU blackhole though, due to the problem's intermittent nature. As Erik mentions, lowering the TCP MSS will likely work around the problem. You can probably do this by having the RAs your router emits to the LAN advertise an MTU of 1452 to match your tunnel (which in turn should make your desktop default to a TCP MSS of 1392), and/or have your router rewrite (clamp) the MSS value in TCP packets it forwards to/from the tunnel to 1392. Or, even better, get rid of the tunneling crap and get native IPv6. This is a very common problem for IPv6 tunnels. As a web site operator I would actually prefer it if people stayed IPv4-only until their ISP could provide them with properly supported IPv6 connectivity. Oh well... Tore
Re: I can fetch the header of websites via IPv6 but not the webpage, why?
On Mon, Jan 20, 2014 at 11:59 AM, Tore Anderson t...@fud.no wrote: As Erik mentions, lowering the TCP MSS will likely work around the problem. You can probably do this by having the RAs your router emits to the LAN advertise an MTU of 1452 to match your tunnel (which in turn should make your desktop default to a TCP MSS of 1392), and/or have your router rewrite (clamp) the MSS value in TCP packets it forwards to/from the tunnel to 1392. Unless a party has one single IPv6-enabled machine, clamping MSS on the gateway is probably preferable. Or, even better, get rid of the tunneling crap and get native IPv6. This is a very common problem for IPv6 tunnels. As a web site operator I would actually prefer it if people stayed IPv4-only until their ISP could provide them with properly supported IPv6 connectivity. Oh well... Most people don't have that liberty as of right now; increasing adoption is arguably better, especially considering that a lot of people developing software need to fix part of the ecosystem. Richard
RE: I can fetch the header of websites via IPv6 but not the webpage, why?
Hi, -Original Message- From: ipv6-ops-bounces+fred.l.templin=boeing@lists.cluenet.de [mailto:ipv6-ops- bounces+fred.l.templin=boeing@lists.cluenet.de] On Behalf Of Richard Hartmann Sent: Tuesday, January 21, 2014 12:48 PM To: Tore Anderson Cc: Ez mail; ipv6-ops@lists.cluenet.de Subject: Re: I can fetch the header of websites via IPv6 but not the webpage, why? On Mon, Jan 20, 2014 at 11:59 AM, Tore Anderson t...@fud.no wrote: As Erik mentions, lowering the TCP MSS will likely work around the problem. You can probably do this by having the RAs your router emits to the LAN advertise an MTU of 1452 to match your tunnel (which in turn should make your desktop default to a TCP MSS of 1392), and/or have your router rewrite (clamp) the MSS value in TCP packets it forwards to/from the tunnel to 1392. Unless a party has one single IPv6-enabled machine, clamping MSS on the gateway is probably preferable. If you clamp the MSS to a smaller size but DO NOT advertise a small MTU on the LAN, hosts that use RFC4821 can at a later time probe for packet sizes that are larger that the MSS and advance the MSS size if the probe succeeds. So, clamp the MSS but leave the MTU of the LAN the same as that of the native link. Thanks - Fred fred.l.temp...@boeing.com Or, even better, get rid of the tunneling crap and get native IPv6. This is a very common problem for IPv6 tunnels. As a web site operator I would actually prefer it if people stayed IPv4-only until their ISP could provide them with properly supported IPv6 connectivity. Oh well... Most people don't have that liberty as of right now; increasing adoption is arguably better, especially considering that a lot of people developing software need to fix part of the ecosystem. Richard
