I'm trying to debug a pesky PMTUD issue with IPv6 on Mac OS-X 10.6. It happens only from home, on wireless, when connected to a mac aiport that does an automatic tunnel (teredo) to IPv6 backbone. There are IPv6 web site that I cannot browse until I lower the MTU to 1400. My Linux desktop in similar config works fine... With tracepath6, I see one end of the tunnel tells me MTU should be 1280, that's using linux tools. On mac, tracepath6 does not seem to exist, and I don't know what tool to use... I have seen scamper, but no binary... I have used wireshark (on mac) to detect the PTB packet, but don't see it either... I have not compared with my linux box... I'm doing this testing on the side, slowly because it is fun to try to understand what's wrong here... and I wonder if others have had similar issues... May be not fully on topic, but to bring it back to topic see this presentation: http://www.ripe.net/ripe/meetings/ripe-60/presentations/Stasiewicz-Measureme... Which states the PMTUD failure rate on IPv6 is about 1.9%
On 2010-08-20 23:27, Franck Martin wrote:
I'm trying to debug a pesky PMTUD issue with IPv6 on Mac OS-X 10.6.
It happens only from home, on wireless, when connected to a mac aiport that does an automatic tunnel (teredo) to IPv6 backbone.
There are IPv6 web site that I cannot browse until I lower the MTU to
Welcome to the great world of Teredo/6to4 where the endpoints/relays of the tunnel are anycasted in both IPv4 and IPv6 and thus can be quite difficult to debug, it can be done but requires quite a lot of vision in the network on both IPv4 and which will be generally near impossible. 1400. Why don't you just do 1280 which is the default? Do also note that you have two levels of PMTU, the IPv6 one and the IPv4 one. If you configure your MTU of the tunnel incorrectly compared to the relay that you are using you will not see the PMTU's coming through either or they might not accept your large packets. Both MTUs can be broken due to folks filtering ICMP which is generally a bad thing to do. Greets, Jeroen
What puzzles me, is that my linux machine on same network has no issues... ----- Original Message ----- From: "Jeroen Massar" <jeroen@unfix.org> To: "Franck Martin" <franck@genius.com> Cc: nanog@nanog.org Sent: Saturday, 21 August, 2010 9:34:23 AM Subject: Re: IPv6 PMTUD and OS-X On 2010-08-20 23:27, Franck Martin wrote:
I'm trying to debug a pesky PMTUD issue with IPv6 on Mac OS-X 10.6.
It happens only from home, on wireless, when connected to a mac aiport that does an automatic tunnel (teredo) to IPv6 backbone.
There are IPv6 web site that I cannot browse until I lower the MTU to
Welcome to the great world of Teredo/6to4 where the endpoints/relays of the tunnel are anycasted in both IPv4 and IPv6 and thus can be quite difficult to debug, it can be done but requires quite a lot of vision in the network on both IPv4 and which will be generally near impossible. 1400. Why don't you just do 1280 which is the default? Do also note that you have two levels of PMTU, the IPv6 one and the IPv4 one. If you configure your MTU of the tunnel incorrectly compared to the relay that you are using you will not see the PMTU's coming through either or they might not accept your large packets. Both MTUs can be broken due to folks filtering ICMP which is generally a bad thing to do. Greets, Jeroen
On Fri, Aug 20, 2010 at 11:34:23PM +0200, Jeroen Massar wrote: > On 2010-08-20 23:27, Franck Martin wrote: > > I'm trying to debug a pesky PMTUD issue with IPv6 on Mac OS-X 10.6. > > > > It happens only from home, on wireless, when connected to a mac aiport > > that does an automatic tunnel (teredo) to IPv6 backbone. > > Welcome to the great world of Teredo/6to4 where the endpoints/relays of > the tunnel are anycasted in both IPv4 and IPv6 and thus can be quite > difficult to debug, it can be done but requires quite a lot of vision in > the network on both IPv4 and which will be generally near impossible. > > > There are IPv6 web site that I cannot browse until I lower the MTU to > 1400. > > Why don't you just do 1280 which is the default? > > Do also note that you have two levels of PMTU, the IPv6 one and the IPv4 > one. If you configure your MTU of the tunnel incorrectly compared to the > relay that you are using you will not see the PMTU's coming through > either or they might not accept your large packets. > > Both MTUs can be broken due to folks filtering ICMP which is generally a > bad thing to do. > > Greets, > Jeroen or - if you are tunneled more than once, you might be ultra conservative and drop your MTU to 1220 - that should weed out the edge cases where even 1280 is too large. --bill
On 2010-08-21 09:18, bmanning@vacation.karoshi.com wrote: > On Fri, Aug 20, 2010 at 11:34:23PM +0200, Jeroen Massar wrote: >> On 2010-08-20 23:27, Franck Martin wrote: >>> I'm trying to debug a pesky PMTUD issue with IPv6 on Mac OS-X 10.6. >>> >>> It happens only from home, on wireless, when connected to a mac aiport >>> that does an automatic tunnel (teredo) to IPv6 backbone. >> >> Welcome to the great world of Teredo/6to4 where the endpoints/relays of >> the tunnel are anycasted in both IPv4 and IPv6 and thus can be quite >> difficult to debug, it can be done but requires quite a lot of vision in >> the network on both IPv4 and which will be generally near impossible. >> >>> There are IPv6 web site that I cannot browse until I lower the MTU to >> 1400. >> >> Why don't you just do 1280 which is the default? >> >> Do also note that you have two levels of PMTU, the IPv6 one and the IPv4 >> one. If you configure your MTU of the tunnel incorrectly compared to the >> relay that you are using you will not see the PMTU's coming through >> either or they might not accept your large packets. >> >> Both MTUs can be broken due to folks filtering ICMP which is generally a >> bad thing to do. >> >> Greets, >> Jeroen > > > or - if you are tunneled more than once, you might be ultra conservative > and drop your MTU to 1220 - that should weed out the edge cases where even 1280 > is too large. 1220? I am pretty sure the minimal IPv6 MTU is 1280 and that below it fragmentation should be handled by the medium that transports packets smaller than that.... Can you enlighten me Bill? :) Greets, Jeroen
participants (3)
-
bmanning@vacation.karoshi.com -
Franck Martin -
Jeroen Massar