It is also common when people convert their ACL from IPv4 to IPv6 to forget
to add a rule of PTB in their IPv6 ACLs...
I would also suggest to use tracepath(6) for debugging, as it factors the
port you want to reach and will try to detect the pmtu. You may find where
the packet gets dropped this w
This problem is neither new nor specific to Yahoo or IPv6 and is usually
referred as "blackhole router". ICMPv4 "Fragmentation Needed" (type 3
code4) / ICMPv6 "Packet to Big" (type 2) *are required* for path MTU
discovery and should never be filtered. The only reason it doesn't
strike you with dif
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sat, 2016-11-19 at 14:04 -0500, valdis.kletni...@vt.edu wrote:
> > OK, you're *almost* done. Now take the sites that failed, and
> traceroute -6 to them, and then to several sites that work (just as a
> control).
> What router(s) do the 3 faili
On Sat, 19 Nov 2016 08:33:27 -0800, Carl Byington said:
> Of the 220 sites identified above, 218 of them manage to see the icmpv6
> packet and respond by resending with a packet that makes it thru the
> tunnel. I suspect that packets from at least one of those 218 sites goes
> thru many of the sam
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2016-11-18 at 16:52 -0500, valdis.kletni...@vt.edu wrote:
> And you identified that the problem was at Yahoo, and not one or more
> of the hops between the far end of your tunnel and Yahoo, how,
> exactly?
Taking the top 1000 sites from Alex
On Fri, Nov 18, 2016 at 01:01:50PM -0800, Carl Byington wrote:
> On Fri, 2016-11-18 at 15:41 -0500, valdis.kletni...@vt.edu wrote:
>
> > Did you do anything to specifically identify Yahoo's routers as the
> > offenders?
>
> > Hint: If there's a tunnel in the path, it will be *your* end of the
> >
On Fri, 18 Nov 2016 13:01:50 -0800, Carl Byington said:
> response to that will be a bunch of full size packets from Yahoo with
> the certificate, etc. The *far* end of my tunnel will be sending the
> icmpv6 "packet too big" back to Yahoo.
And you identified that the problem was at Yahoo, and not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2016-11-18 at 15:41 -0500, valdis.kletni...@vt.edu wrote:
> Did you do anything to specifically identify Yahoo's routers as the
> offenders?
> Hint: If there's a tunnel in the path, it will be *your* end of the
> tunnel
> that sends back th
Hi Carl,
Could you please send me IPv6 traceroutes to the Yahoo server(s) in
question? I'll have someone take a look.
-MJ
On Fri, Nov 18, 2016 at 11:58 AM, Carl Byington
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> https://login.yahoo.com
>
> If you have IPv6 connectivity th
On Fri, 18 Nov 2016 11:58:58 -0800, Carl Byington said:
> If you have IPv6 connectivity thru a tunnel, with a smaller MTU, that
> will fail. With a 1500 byte MTU, it works. The TCP handshake works - it
> then hangs during the TLS handshake which sends full size packets.
Did you do anything to spe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://login.yahoo.com
If you have IPv6 connectivity thru a tunnel, with a smaller MTU, that
will fail. With a 1500 byte MTU, it works. The TCP handshake works - it
then hangs during the TLS handshake which sends full size packets.
echo -e 'GET /
11 matches
Mail list logo
