Hurricane Electric's IPv6 Tunnel Broker Forums

Hi,
Can I set the max. MTU for a tunnel (limit the size of the IPv4 packets coming in to my computer). I'm on a DSL connection, and I think that MTU is causing the problem.

The problem: I can't connect to certain services (HTTP to python.org, he.net, ...) but I can connect to ipv6.google.com and kame.net. It looks to me like big packets get dropped.

Do you agree that this is an MTU issue?

A connection is set up, and then I can send a GET request, but some of the reply seems to be missing:(nothing strange about this, but there should be more...)
     12 145.853538  2001:470:1f0a:1717::2 2001:888:2000:d::a2   TCP      49248 > http [SYN] Seq=0 Win=5680 Len=0 MSS=1420 SACK_PERM=1 TSV=254868639 TSER=0 WS=7
     13 145.934188  2001:888:2000:d::a2   2001:470:1f0a:1717::2 TCP      http > 49248 [SYN, ACK] Seq=0 Ack=1 Win=5712 Len=0 MSS=1440 SACK_PERM=1 TSV=1164407370 TSER=254868639 WS=6
     14 145.934321  2001:470:1f0a:1717::2 2001:888:2000:d::a2   TCP      49248 > http [ACK] Seq=1 Ack=1 Win=5760 Len=0 TSV=254868720 TSER=1164407370
     15 145.934548  2001:470:1f0a:1717::2 2001:888:2000:d::a2   HTTP     GET / HTTP/1.1
     16 146.018438  2001:888:2000:d::a2   2001:470:1f0a:1717::2 TCP      http > 49248 [ACK] Seq=1 Ack=386 Win=6784 Len=0 TSV=1164407391 TSER=254868720


Here is the ifconfig for the IPv4 WAN interface (ppp0) and the tunnel interface (sit1):
ppp0      Link encap:Point-to-Point Protocol 
          inet addr:86.200.184.175  P-t-P:86.200.184.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:1071442 errors:0 dropped:0 overruns:0 frame:0
          TX packets:867121 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:1118805441 (1.0 GiB)  TX bytes:91711010 (87.4 MiB)

sit1      Link encap:IPv6-in-IPv4 
          inet6 addr: fe80::afe:fefe/64 Scope:Link
          inet6 addr: fe80::a00:1/64 Scope:Link
          inet6 addr: 2001:470:1f0a:1717::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:13884 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13602 errors:336 dropped:0 overruns:0 carrier:336
          collisions:0 txqueuelen:0
          RX bytes:11719760 (11.1 MiB)  TX bytes:2586065 (2.4 MiB)

I'm running the tunnel on a Fedora machine, I have tried things like disabling the firewall, etc.


Marius

Independent of this...have you assigned an address to your LAN connection from your routed /64 or /48?

Yes i have , and i'm running radvd (i'm actually only using a /64, didn't realise until later that i got a routed one by default)

Full ifconfig may be of interest, eth1 is just connected to the DSL modem (via USB, actually)
eth0      Link encap:Ethernet  HWaddr 00:19:B9:72:46:7A 
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::219:b9ff:fe72:467a/64 Scope:Link
          inet6 addr: 2001:470:9863:fafa::1/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1085235 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1355124 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:124122237 (118.3 MiB)  TX bytes:1431207448 (1.3 GiB)
          Interrupt:21

eth1      Link encap:Ethernet  HWaddr 00:25:69:F4:71:A5 
          inet addr:10.254.254.254  Bcast:10.254.254.254  Mask:255.255.255.255
          inet6 addr: fe80::225:69ff:fef4:71a5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1355919 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1096690 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1385455504 (1.2 GiB)  TX bytes:131405601 (125.3 MiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:125077 errors:0 dropped:0 overruns:0 frame:0
          TX packets:125077 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:50387653 (48.0 MiB)  TX bytes:50387653 (48.0 MiB)

ppp0      Link encap:Point-to-Point Protocol 
          inet addr:86.200.184.175  P-t-P:86.200.184.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:1072780 errors:0 dropped:0 overruns:0 frame:0
          TX packets:868690 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:1119329463 (1.0 GiB)  TX bytes:91952929 (87.6 MiB)

sit1      Link encap:IPv6-in-IPv4 
          inet6 addr: fe80::afe:fefe/64 Scope:Link
          inet6 addr: fe80::a00:1/64 Scope:Link
          inet6 addr: 2001:470:1f0a:1717::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1400  Metric:1
          RX packets:13902 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13624 errors:336 dropped:0 overruns:0 carrier:336
          collisions:0 txqueuelen:0
          RX bytes:11721248 (11.1 MiB)  TX bytes:2590433 (2.4 MiB)


Btw, i have the same trouble from computers on the LAN.

try setting tunnel interface mtu to 1280

Quote from: broquea on January 21, 2011, 01:49:31 PM
try setting tunnel interface mtu to 1280

That didn't help me.

Is there a way i can further debug this? I don't control any other ipv6-enabled hosts.
--or anyone who has got it working over a PPPoE WAN connection?

Actually, it kind of did work. I was testing on a host connected to the LAN, not the router itself. If I set the MTU here, then it works.

-- sorry, "here": on the other host on the LAN, not the router.

Seems there are 2 ways to do it automatically for the LAN hosts (from the mighty internets):
1) Mangle packets headed for WAN (actually any routed packets):
ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
2) Advertise smaller link MTU. In radvd.conf:
AdvLinkMTU 1464;

I didn't try (1), but (2) seems to work (may degrade LAN performance a little, i guess)

I don't have to bother with setting MTUs on LAN machines.  PMTU should take care of that.  Make sure you're not blocking ICMP and/or ICMPv6.

PMTU didn't work on my LAN and I was very RFC 4890 friendly.  I use PPPoE, this means my MTU should be 1492 (1500 minus 8 bytes for the PPPoE overhead).  My IPv6 MTU was coming up as 1500 and leading to issues (identified at http://www.test-ipv6.com).  The 6in4 tunnel should use about 20 bytes of overhead so this means (with PPPoE) an MTU of 1472 should be correct.  After using 1472 life was good and I didn't have large packet issues like you've described.

Here's my radvd.conf with my IPv6 address obfuscated by condensation to '2001::'; RDNS is the native IPv6 internal resolver.  Expand '2001::' to suite your environment.


interface eth0 {
AdvSendAdvert on;
AdvLinkMTU 1472;
AdvDefaultPreference high;
prefix 2001::/64 {AdvOnLink on; AdvAutonomous on;};
RDNSS 2001::f3 {};
};


Hope this helped, if so, please reply confirming so that it may help others in the future.  An MTU of 1280 was too low and performance degrading.  I also noted that I had to adjust the IPv6 MTU on the client, not the 6in4 router (hence the changes to radvd.conf), for the MTU issues to resolve themselves.

Thanks for the reply, packetmail. I came to the same conclusion, but i had put 1464 as the size. I think i can make it bigger, because i just took the value from ping -s. Anyway, it works, here is my radvd.conf:
interface eth0
{
  AdvSendAdvert on;
  MinRtrAdvInterval 30;
  MaxRtrAdvInterval 100;
  AdvLinkMTU 1464;
  prefix 2001:470:9863:fafa::1/64
  {
     AdvOnLink on;
     AdvAutonomous on;
     AdvRouterAddr on;
  };     
};