Hi,
I found PMTU blackhole problem at tools/mail.ietf.org.
The PMTU for tools.ietf.org and mail.ietf.org are decreased
to 1480 somewhere a few hops upward from ietf servers.
What's worse is that ICMPv6 Packet Too Big does not return.
tools.ietf.org has been assigned two IPv6 addresses, one works,
the other faces this problem.
mail.ietf.org has one IPv6 address and it is not workable.
$ host tools.ietf.org
tools.ietf.org has address 192.36.157.99
tools.ietf.org has address 194.146.105.14
tools.ietf.org has address 208.66.40.242
tools.ietf.org has IPv6 address 2001:1890:1112:1::2a
tools.ietf.org has IPv6 address 2a01:3f0::31:214:22ff:fe21:bb
$ ping6 -s 1452 2001:1890:1112:1::2a
PING6(1500=40+8+1452 bytes) 2001:fa8::xxxx --> 2001:1890:1112:1::2a
Request timeout for icmp_seq=0
$ host mail.ietf.org
mail.ietf.org has address 64.170.98.32
mail.ietf.org has IPv6 address 2001:1890:1112:1::20
mail.ietf.org mail is handled by 0 mail.ietf.org.
$ ping6 -s 1452 2001:1890:1112:1::20
PING6(1500=40+8+1452 bytes) 2001:fa8:1000::991f:ed22:a368:f41 -->
2001:1890:1112:1::20
Request timeout for icmp_seq=0
When mail servers and client OSes that accesses tools web site
implement TCP pmtu black hole detection/avoidance mechanism
documented in RFC 2923, the communication does not fail.
But, unfortunately, my FreeBSD based mail server does not implement
this mechanism, so it could not send e-mails to ietf.org.
Apart from IPv6 to IPv4 fallback, pmtu problem does not prevent
TCP connection establishment, but it kills a ongoing connection.
Anyway, I really appreciate if someone can fix ICMPv6 error messages
filtering.
Kindest regards,
--
Arifumi Matsumoto
Secure Communication Project
NTT Information Sharing Platform Laboratories
E-mail: arifumi(_at_)nttv6(_dot_)net
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf