I wonder if I might ask for a little help understanding the PMTUD process.
1. The default MTU for the ipv6 interface in Windows is 1500.
2. On my connection to the Internet, the maximum allowed for ipv6 is 1460
3. My router, running Tomato-RAF, automatically set itself for an MTU or 1460
When I attempt to connect to an ipv6 site, such as ipv6.he.net via a browser, the connection times out. This is due to the packet being to large for the underlying network. When I monitor the traffic with Wireshark, I can see the router sending an ICMpv6 Type 2 (Packet to big) back to the Windows node, but Windows doesn't seem to adjust it's MTU accordingly, The only way I can get connections is if I manually change the MTU on Windows to 1460.
My understanding of PMTUD seems to differ from what I appear to be seeing. From RFC 1981:
QuoteThis memo describes a technique to dynamically discover the PMTU of a
path. The basic idea is that a source node initially assumes that
the PMTU of a path is the (known) MTU of the first hop in the path.
If any of the packets sent on that path are too large to be forwarded
by some node along the path, that node will discard them and return
ICMPv6 Packet Too Big messages [ICMPv6]. Upon receipt of such a
message, the source node reduces its assumed PMTU for the path based
on the MTU of the constricting hop as reported in the Packet Too Big
message.
Am I missing something obvious here?
Thanks.
No, you're not missing anything (in understanding the process). Windows is not acting properly (no surprise there).
Quote from: snarked on May 06, 2011, 11:07:37 AM
No, you're not missing anything (in understanding the process). Windows is not acting properly (no surprise there).
Thanks for the reply. Interestingly, I tried the same experiment with OpenSUSE and the result was the same?
You may see the ICMP6 packet come in, but are you certain you're accepting it? Check the firewall.
Quote from: snarked on May 08, 2011, 11:40:46 AM
You may see the ICMP6 packet come in, but are you certain you're accepting it? Check the firewall.
On the Windows test machine, the default firewall was turned off and the service was disabled. No other security applications were installed. On the Suse test machine I disabled the firewall. As I'm not hugely familiar with Linux, I took the shortest path to the problem but I don't know if this was the best approach.