On 5 Mar 2019, at 6:06 am, Saku Ytti <saku@ytti.fi> wrote:
Hey Jean,
I confess using IPv6 behind a 6in4 tunnel because the "Business-Class" service of the concerned operator doesn't handle IPv6 yet.
as such, I realised that, as far as I can figure, ICMPv6 packet "too-big" (rfc 4443) seem to be ignored or filtered at ~60% of ClouFlare's http farms
Might be related to this: https://blog.cloudflare.com/path-mtu-discovery-in-practice/
If you run ECMP then the hash algorithms make no guarantees ICMP messages generated by transit devices reach the correct host.
Then Cloudflare should negotiate MSS’s that don’t generate PTB’s if they have installed broken ECMP devices. The simplest way to do that is to set the interface MTUs to 1280 on all the servers. Why should the rest of the world have to put up with their inability to purchase devices that work with RFC compliant data streams. Mark
-- ++ytti
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org