[outages] HE IPv6 tunnel PMTU issues with juniper.net

Chuck Anderson cra at WPI.EDU
Wed Oct 1 13:58:47 EDT 2014 

On Wed, Oct 01, 2014 at 05:04:26PM +0000, Gary Gapinski via Outages wrote:
>     On 10/01/2014 03:27 PM, Chuck Anderson
>       via Outages wrote:
> 
>     Interesting.
>       Does the 1480 MTU setting from RA show up on your
>       interface configuration, or in a routing table entry?
> 
>     No, and no (found no easy way to check).

The Linux "/sbin/ip" command apparently can show mtu and advmss (as
seen in Google search results), but on my system it doesn't show them.
cat /proc/sys/net/ipv6/conf/<interface>/mtu does show it though.

> 
>     Is
>       your TCP
>       connection to www.juniper.net using an MSS of 1220? If so, then of
>       course you wouldn't see the issue.
> 
>     Found no easy way to check.

Given the lack of "advmss" output in "/sbin/ip -6 route show", I'm
using tcpdump to verify the initial SYN packet.

>     However, if I were in your place, I would be watching for ICMPv6
>     packets coming in your direction (including from your edge
>     router) while capturing the TCP connection startup (namely, watching
>     for PMTU to be determined).
> 
>     I am running Ubiquiti (EdgeOS), and it uses radvd. The following is
>     what I see in /etc/radvd.conf:
> 
>     interface eth2 {
> #   This section was automatically generated by the Vyatta
> #   configuration sub-system.  Do not edit it.
> #
> #   Generated by root on Sun Sep  7 13:01:05 2014
> #
>     IgnoreIfMissing on;
>     AdvSendAdvert on;
>     AdvOtherConfigFlag off;
>     AdvDefaultLifetime 180;
>     AdvLinkMTU 1480;

I did just set this on my OpenWrt router.  I see from "rdisc6" (and
tcpdump) that I'm now getting a Link MTU option.  But "/sbin/ip" still
doesn't show it anywhere.  /proc/sys/net/ipv6/conf/<interface>/mtu is
showing the change to 1480.

>     While watching a web browser conversation with www.juniper.net , I
>     see the initial SYN with MSS of 1420 and return SYN ACK with MSS
>     1440.

Right.  If you turn off the AdvLinkMTU option (or set it back to 1500)
such that the initial SYN sets an MSS of 1440, do you then have
problems reaching www.juniper.net?

More information about the Outages mailing list