I use an IPsec tunnel from my laptop to get IPv6 in coffee shops, etc.
In IPv4 land, there are "hacks" to get around the ICMP loss problem, but they
don't work (by design) in IPv6.
There are bugs in the kernel which I have yet to properly dignose which means
that some v6 ICMP too big messages are not sent when the packet comes in
on "eth0" and goes out again on eth0 (but, encrypted, see).
But regardless, ICMPs get filtered in IPv6 out there, and I don't believe
that they will really ever get through.
Since the rfc4821 was published ten years ago, the Linux kernel has had an
option:
net.ipv4.tcp_mtu_probing=2
which enabled RFC4821 on TCP connections. This solves the problem, but
annoyingly, it needs to be enabled in each direction. Why it never got
enabled by default back in 2007, I have yet to learn. I suspect cautionary
principle, followed by a lack of lobby, and lack of real life data to support
that is causes no harm.
I argued the point (unsuccessfully) that PLPMTU should be the default in
RFC8200 (STD97), although RFC8201 does mention it, there is no clear
recommendation at this point, the lack of data is the cause.
Ideally, I'd like help lobbying to make this the default in the kernel, but
to do that, I think we need data. This email is BCC'ed to some Google people
(including Matt Mathis) who I keep bugging to turn this on for Google
front-end servers (or enough to get some statistics to argue for doing it for
all of them)
But, this email is to see if IPv6 enthusiasts would help get it turned on for
Debian servers, and later on by default in Debian's default kernels. I'm not
sure if there is a process/proceedure for proposing such a tuning change, but
I'm hoping that IPv6 enthusiasts here can educate me on the political process
involved.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
Attachment:
signature.asc
Description: PGP signature