Hi,
Can I set the max. MTU for a tunnel (limit the size of the IPv4 packets coming in to my computer). I'm on a DSL connection, and I think that MTU is causing the problem.
The problem: I can't connect to certain services (HTTP to python.org, he.net, ...) but I can connect to ipv6.google.com and kame.net. It looks to me like big packets get dropped.
Do you agree that this is an MTU issue?
A connection is set up, and then I can send a GET request, but some of the reply seems to be missing:(nothing strange about this, but there should be more...)
12 145.853538 2001:470:1f0a:1717::2 2001:888:2000:d::a2 TCP 49248 > http [SYN] Seq=0 Win=5680 Len=0 MSS=1420 SACK_PERM=1 TSV=254868639 TSER=0 WS=7
13 145.934188 2001:888:2000:d::a2 2001:470:1f0a:1717::2 TCP http > 49248 [SYN, ACK] Seq=0 Ack=1 Win=5712 Len=0 MSS=1440 SACK_PERM=1 TSV=1164407370 TSER=254868639 WS=6
14 145.934321 2001:470:1f0a:1717::2 2001:888:2000:d::a2 TCP 49248 > http [ACK] Seq=1 Ack=1 Win=5760 Len=0 TSV=254868720 TSER=1164407370
15 145.934548 2001:470:1f0a:1717::2 2001:888:2000:d::a2 HTTP GET / HTTP/1.1
16 146.018438 2001:888:2000:d::a2 2001:470:1f0a:1717::2 TCP http > 49248 [ACK] Seq=1 Ack=386 Win=6784 Len=0 TSV=1164407391 TSER=254868720
Here is the ifconfig for the IPv4 WAN interface (ppp0) and the tunnel interface (sit1):
ppp0 Link encap:Point-to-Point Protocol
inet addr:86.200.184.175 P-t-P:86.200.184.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:1071442 errors:0 dropped:0 overruns:0 frame:0
TX packets:867121 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1118805441 (1.0 GiB) TX bytes:91711010 (87.4 MiB)
sit1 Link encap:IPv6-in-IPv4
inet6 addr: fe80::afe:fefe/64 Scope:Link
inet6 addr: fe80::a00:1/64 Scope:Link
inet6 addr: 2001:470:1f0a:1717::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:13884 errors:0 dropped:0 overruns:0 frame:0
TX packets:13602 errors:336 dropped:0 overruns:0 carrier:336
collisions:0 txqueuelen:0
RX bytes:11719760 (11.1 MiB) TX bytes:2586065 (2.4 MiB)
I'm running the tunnel on a Fedora machine, I have tried things like disabling the firewall, etc.
Marius
Independent of this...have you assigned an address to your LAN connection from your routed /64 or /48?
Yes i have , and i'm running radvd (i'm actually only using a /64, didn't realise until later that i got a routed one by default)
Full ifconfig may be of interest, eth1 is just connected to the DSL modem (via USB, actually)
eth0 Link encap:Ethernet HWaddr 00:19:B9:72:46:7A
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::219:b9ff:fe72:467a/64 Scope:Link
inet6 addr: 2001:470:9863:fafa::1/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1085235 errors:0 dropped:0 overruns:0 frame:0
TX packets:1355124 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:124122237 (118.3 MiB) TX bytes:1431207448 (1.3 GiB)
Interrupt:21
eth1 Link encap:Ethernet HWaddr 00:25:69:F4:71:A5
inet addr:10.254.254.254 Bcast:10.254.254.254 Mask:255.255.255.255
inet6 addr: fe80::225:69ff:fef4:71a5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1355919 errors:0 dropped:0 overruns:0 frame:0
TX packets:1096690 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1385455504 (1.2 GiB) TX bytes:131405601 (125.3 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:125077 errors:0 dropped:0 overruns:0 frame:0
TX packets:125077 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:50387653 (48.0 MiB) TX bytes:50387653 (48.0 MiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:86.200.184.175 P-t-P:86.200.184.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:1072780 errors:0 dropped:0 overruns:0 frame:0
TX packets:868690 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1119329463 (1.0 GiB) TX bytes:91952929 (87.6 MiB)
sit1 Link encap:IPv6-in-IPv4
inet6 addr: fe80::afe:fefe/64 Scope:Link
inet6 addr: fe80::a00:1/64 Scope:Link
inet6 addr: 2001:470:1f0a:1717::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1400 Metric:1
RX packets:13902 errors:0 dropped:0 overruns:0 frame:0
TX packets:13624 errors:336 dropped:0 overruns:0 carrier:336
collisions:0 txqueuelen:0
RX bytes:11721248 (11.1 MiB) TX bytes:2590433 (2.4 MiB)
Btw, i have the same trouble from computers on the LAN.
try setting tunnel interface mtu to 1280
Quote from: broquea on January 21, 2011, 01:49:31 PM
try setting tunnel interface mtu to 1280
That didn't help me.
Is there a way i can further debug this? I don't control any other ipv6-enabled hosts.
--or anyone who has got it working over a PPPoE WAN connection?
Actually, it kind of did work. I was testing on a host connected to the LAN, not the router itself. If I set the MTU here, then it works.
-- sorry, "here": on the other host on the LAN, not the router.
Seems there are 2 ways to do it automatically for the LAN hosts (from the mighty internets):
1) Mangle packets headed for WAN (actually any routed packets):
ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
2) Advertise smaller link MTU. In radvd.conf:
AdvLinkMTU 1464;
I didn't try (1), but (2) seems to work (may degrade LAN performance a little, i guess)
I don't have to bother with setting MTUs on LAN machines. PMTU should take care of that. Make sure you're not blocking ICMP and/or ICMPv6.
PMTU didn't work on my LAN and I was very RFC 4890 friendly. I use PPPoE, this means my MTU should be 1492 (1500 minus 8 bytes for the PPPoE overhead). My IPv6 MTU was coming up as 1500 and leading to issues (identified at http://www.test-ipv6.com). The 6in4 tunnel should use about 20 bytes of overhead so this means (with PPPoE) an MTU of 1472 should be correct. After using 1472 life was good and I didn't have large packet issues like you've described.
Here's my radvd.conf with my IPv6 address obfuscated by condensation to '2001::'; RDNS is the native IPv6 internal resolver. Expand '2001::' to suite your environment.
interface eth0 {
AdvSendAdvert on;
AdvLinkMTU 1472;
AdvDefaultPreference high;
prefix 2001::/64 {AdvOnLink on; AdvAutonomous on;};
RDNSS 2001::f3 {};
};
Hope this helped, if so, please reply confirming so that it may help others in the future. An MTU of 1280 was too low and performance degrading. I also noted that I had to adjust the IPv6 MTU on the client, not the 6in4 router (hence the changes to radvd.conf), for the MTU issues to resolve themselves.
Thanks for the reply, packetmail. I came to the same conclusion, but i had put 1464 as the size. I think i can make it bigger, because i just took the value from ping -s. Anyway, it works, here is my radvd.conf:
interface eth0
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
AdvLinkMTU 1464;
prefix 2001:470:9863:fafa::1/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};