Hi,
recently, I've had problems connecting to any of Google's services. After I saw the same problem mentioned on /r/ipv6, I decided to take a closer look at it.
Here's what happens about 50% of the time I try to access Google:
curl -vvv https://www.google.de
* Rebuilt URL to: https://www.google.de/
* Hostname was NOT found in DNS cache
* Trying 2a00:1450:4001:803::1017...
* Connected to www.google.de (2a00:1450:4001:803::1017) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to www.google.de:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to www.google.de:443
...and here's the paket dump of that connection:
http://pastebin.com/Gs3uFrHE
Can someone make sense of that? What irritated me was line 43, packet #11 - "[TCP Previous segment not captured] Continuation Data". That looks like some packets get lost on the way from Google to my machine, right?
See this thread... https://forums.he.net/index.php?topic=3281.0
>:(
yeah, google is having an MTU issue around the MTU of 1233/1232, but also facebook might be having it too. Weird since my MTU is 1480. When I use a gogo6/freenet tunnel, no issues. Almost leads me to believe there is a problem router that might be shared.
su-2.05b# ping6 -c1 -s 1233 2607:f8b0:400a:804::1016
--- 2607:f8b0:400a:804::1016 ping6 statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
su-2.05b# ping6 -c1 -s 1232 2607:f8b0:400a:804::1016
1240 bytes from 2607:f8b0:400a:804::1016, icmp_seq=0 hlim=57 time=76.204 ms
--- 2607:f8b0:400a:804::1016 ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 76.204/76.204/76.204/0.000 ms
su-2.05b#
su-2.05b# ping6 -c1 -s 1232 connect.facebook.com
1240 bytes from 2a03:2880:2110:9f07:face:b00c:0:1, icmp_seq=0 hlim=50 time=146.474 ms
--- star.c10r.facebook.com ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 146.474/146.474/146.474/0.000 ms
su-2.05b# ping6 -c1 -s 1233 connect.facebook.com
--- star.c10r.facebook.com ping6 statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
su-2.05b#
su-2.05b# traceroute6 -In 2607:f8b0:400a:804::1016
traceroute6 to 2607:f8b0:400a:804::1016 (2607:f8b0:400a:804::1016) 64 hops max, 16 byte packets
1 2001:470:1f04:170b::1 49.205 ms 44.331 ms 48.802 ms
2 2001:470:0:45::1 45.083 ms 48.799 ms 44.453 ms
3 2001:470:0:31::2 54.859 ms 52.193 ms 54.351 ms
4 2001:4860:1:1:0:1b1b:0:9 39.223 ms 48.358 ms 39.705 ms
5 2001:4860::1:0:7ea 40.715 ms 56.790 ms 54.985 ms
6 2001:4860::8:0:6117 47.454 ms 42.494 ms 45.142 ms
7 2001:4860::8:0:61e0 57.932 ms 61.962 ms 2001:4860::8:0:61e1 60.498 ms
8 2001:4860::8:0:699a 64.155 ms 60.690 ms 2001:4860::8:0:6999 62.446 ms
9 2001:4860::1:0:795 61.544 ms 65.149 ms 65.766 ms
10 2001:4860:0:1::1b1 69.083 ms 60.397 ms 61.938 ms
11 2607:f8b0:400a:804::1016 57.420 ms 60.011 ms 62.369 ms
su-2.05b# traceroute6 -In connect.facebook.com
traceroute6 to star.c10r.facebook.com (2a03:2880:2110:9f07:face:b00c:0:1) 64 hops max, 16 byte packets
1 2001:470:1f04:170b::1 46.632 ms 67.262 ms 39.369 ms
2 2001:470:0:45::1 40.633 ms 52.413 ms 49.940 ms
3 2001:470:0:30::2 44.920 ms 39.943 ms 49.306 ms
4 2001:470:0:34::2 52.340 ms 50.076 ms 49.866 ms
5 2001:504:0:3::209:1 49.885 ms 53.139 ms 76.774 ms
6 2001:428::205:171:3:68 119.749 ms 117.501 ms 117.406 ms
7 2001:428:c02:10:0:3a:0:2 110.102 ms 112.479 ms 112.341 ms
8 2620:0:1cff:dead:beef::404 114.874 ms 115.023 ms 122.363 ms
9 2620:0:1cff:dead:beef::ce 119.867 ms 117.706 ms 117.595 ms
10 2620:0:1cff:dead:beef::65d 119.491 ms 120.011 ms 115.007 ms
11 2620:0:1cff:dead:beee::25b 112.388 ms 115.040 ms 114.954 ms
12 * * *
13 2a03:2880:2110:9f07:face:b00c:0:1 116.027 ms 123.066 ms 112.346 ms
su-2.05b#
The MTU problem makes sense, that's probably why a few packets didn't make it through.
The problem seems to be resolved on my end now, at least for google services.
Quote from: hlinden on November 08, 2014, 08:50:31 AM
The problem seems to be resolved on my end now, at least for google services.
Welp, it isn't.