I use an IPsec tunnel from my laptop to get IPv6 in coffee shops, etc. In IPv4 land, there are "hacks" to get around the ICMP loss problem, but they don't work (by design) in IPv6. There are bugs in the kernel which I have yet to properly dignose which means that some v6 ICMP too big messages are not sent when the packet comes in on "eth0" and goes out again on eth0 (but, encrypted, see). But regardless, ICMPs get filtered in IPv6 out there, and I don't believe that they will really ever get through. Since the rfc4821 was published ten years ago, the Linux kernel has had an option: net.ipv4.tcp_mtu_probing=2 which enabled RFC4821 on TCP connections. This solves the problem, but annoyingly, it needs to be enabled in each direction. Why it never got enabled by default back in 2007, I have yet to learn. I suspect cautionary principle, followed by a lack of lobby, and lack of real life data to support that is causes no harm. I argued the point (unsuccessfully) that PLPMTU should be the default in RFC8200 (STD97), although RFC8201 does mention it, there is no clear recommendation at this point, the lack of data is the cause. Ideally, I'd like help lobbying to make this the default in the kernel, but to do that, I think we need data. This email is BCC'ed to some Google people (including Matt Mathis) who I keep bugging to turn this on for Google front-end servers (or enough to get some statistics to argue for doing it for all of them) But, this email is to see if IPv6 enthusiasts would help get it turned on for Debian servers, and later on by default in Debian's default kernels. I'm not sure if there is a process/proceedure for proposing such a tuning change, but I'm hoping that IPv6 enthusiasts here can educate me on the political process involved. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
Attachment:
signature.asc
Description: PGP signature