It happens too often, unfortunately. People deploying IPv6 at web sites and other services, don’t check if PMTUD is broken by filtering, ECMP, load balancers, etc. This is the case here: tbit from 2001:df0:4:4000::1:115 to 2605:3100:fffd:100::15 server-mss 1440, result: pmtud-fail app: http, url: https://www.pay.gov/ [ 0.009] TX SYN 64 seq = 0:0 [ 0.165] RX SYN/ACK 64 seq = 0:1 [ 0.166] TX 60 seq = 1:1 [ 0.166] TX 371 seq = 1:1(311) [ 0.325] RX 1500 seq = 1:312(1440) [ 0.325] RX 1500 seq = 1441:312(1440) [ 0.325] TX PTB 1280 mtu = 1280 [ 0.325] RX 1362 seq = 2881:312(1302) [ 3.325] RX 1500 seq = 1:312(1440) [ 3.325] TX PTB 1280 mtu = 1280 [ 9.326] RX 1500 seq = 1:312(1440) [ 9.326] TX PTB 1280 mtu = 1280 [ 21.325] RX 1500 seq = 1:312(1440) [ 21.325] TX PTB 1280 mtu = 1280 [ 45.325] RX 1500 seq = 1:312(1440) Regards, Jordi -----Mensaje original----- De: NANOG <nanog-bounces@nanog.org> en nombre de Carl Byington <carl@five-ten-sg.com> Responder a: <carl@five-ten-sg.com> Fecha: miércoles, 16 de noviembre de 2016, 7:30 Para: <nanog@nanog.org> Asunto: pay.gov and IPv6 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Following up on a two year old thread, one of my clients just hit this problem. The failure is not that www.pay.gov is not reachable over ipv6 (2605:3100:fffd:100::15). They accept (TCP handshake) the port 443 connection, but the connection then hangs waiting for the TLS handshake. openssl s_client -connect www.pay.gov:443 openssl s_client -servername www.pay.gov -connect 199.169.192.21:443 Browsers (at least firefox) see that as a very slow site, and it does not trigger their happy eyeballs fast failover to ipv4. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlgrjDEACgkQL6j7milTFsG8OwCgh5yRxxZHskjL4HVhzxIEmenA LQgAniRMcYf/DIcg+8ve55MxUgrUbmzC =MS8j -----END PGP SIGNATURE----- ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.consulintel.es The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.