fp.o content via IPv6

Daniel Drown dan-fedora-i at drown.org
Wed Sep 9 21:41:27 UTC 2009 

On Tue, 08 Sep 2009, Allen Kistler wrote:
> In case other 6to4 clients can't figure out why fp.o is beyond their
> reach over IPv6, here's some fixing I did to make access to fp.o over
> 6to4 work for me.
> 
> I hadn't had a problem with hanging connections to other IPv6 sites, but
> I have for fp.o.  I heard from Mike M on IRC that others had reduced
> their MTU to get 6to4 to work with fp.o.
> 
> Starting there, my eventual solution was to put the following in the
> mangle table in ip6tables on my 6to4 router (all one line, of course):
> 
> -A FORWARD -o tun6to4 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
> --clamp-mss-to-pmtu
> 
> 6to4 has an MTU of 1480 for most people, but 1472 for DSL.  Probably
> something isn't generating an ICMP packet-too-big to send back to fp.o
> when the link MTU drops.  Alternatively the packet could be getting
> dropped in transit or ignored by fp.o.  Of course, clamping MSS in
> ip6tables only works for TCP.

I also have 6to4 setup on my home machine.  I'm no IPv6 expert (or networking
expert, really), but I believe two things should be happening here:

1. the packet too big ICMP message should be coming from your tunnel box
2. the MSS and path MTU should already be set even before it gets to this
    point, in the router advertisement messages.

I suspect that since you have a smaller MTU than default, changing the MTU on
your tunnel interface should solve the #1 problem (ip -6 link set dev tun6to4 mtu
1472)

Changing your radvd.conf (if you're using radvd) to have "AdvLinkMTU 1472;"
should fix #2.

To verify the changes took effect, you can look for the router advertisement
message, seen via "tcpdump -nvs 1500 ip6":

16:18:48.435516 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 64)
fe80::200:ff:fe00:0 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement,
length 64
...
          mtu option (5), length 8 (1):  1480                                                                           

You can see this in "ip -6 route | grep default" in a client box:

default via fe80::200:ff:fe00:0 dev peth2  proto kernel  metric 1024  expires
0sec mtu 1480 advmss 1420 hoplimit 64

(I should mention that curl over my 6to4 tunnel works fine with a mtu of 1480
getting the fedoraproject front page)

More information about the Fedora-infrastructure-list mailing list