• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

So, the current Akamai IPv6 problem

Started by Steak, October 29, 2014, 10:00:33 AM

Previous topic - Next topic

doktornotor

#15
Quote from: Goofball on November 07, 2014, 10:32:00 AM
Also seeing all sorts of oddball behavior with Google over IPv6 via HE.net tunnel today. Using tserv15.lax1.ipv6.he.net. About to turn down my tunnel so I can work without having to reload things 15 times.

+1. What's up with this? Google services completely broken since yesterday, 4 different locations, tserv27.prg1.ipv6.he.net, tserv1.bud1.ipv6.he.net

>:( >:( >:(

Quote from: hawk82 on November 07, 2014, 08:12:21 PM
Quote from: lobotiger on November 07, 2014, 03:10:57 PM
Quote from: SiD69 on November 07, 2014, 02:54:58 PM

MTU 1480 MSS 1220 = fix

Confirmed that the 1480MTU and 1220MSS numbers worked for my pfsense firewall.  Is this something that's going to have to be permanent or is there a problem somewhere?

LoboTiger
Tried that on my pfSense box, and still no dice. Do I need to reboot it for the change to take effect?

The only thing that worked here is 1280 MTU / 1220 MSS. (Don't forget to change the MTU at https://www.tunnelbroker.net/ (Advanced) as well.) Obviously, I don't consider this to be a permanent solution.

robertpenz


stblassitude

I'm using a FreeBSD 10-stable router with pf, and clamping the MSS to 1220 seems to have fixed the problem for me:
scrub on gif0 max-mss 1220
After reading through this thread fully, I did notice that the default MTU on gif0 was set to 1280 instead of 1480, and the MTU on tunnelbroker.net was set to 1480. I've since increased the MTU on gif0 to 1480.

hawk82

I changed the MSS setting on VPN connections under the Advanced tab in pfSense, not on the OPT1 interface. Oops. I changed that and for the moment Google pages are loading much better.

doktornotor

Quote from: hawk82 on November 08, 2014, 05:06:33 AM
I changed the MSS setting on VPN connections under the Advanced tab in pfSense, not on the OPT1 interface. Oops. I changed that and for the moment Google pages are loading much better.

Also note that the pfSense GUI has the MSS settings totally confusing/wrong. If you put 1220 into the MSS settings on the GIF tunnel, you end up with 1180, easy to check via

pfctl -sr | grep mss
scrub on gif0 all max-mss 1180 fragment reassemble


So, for pfSense, the MSS value should be 1260 if you have MTU set to 1280 which actually clamps it to 1220:


pfctl -sr | grep mss
scrub on gif0 all max-mss 1220 fragment reassemble


hoppmaep

Quote from: SiD69 on November 07, 2014, 02:54:58 PM
Quote from: hawk82 on November 07, 2014, 01:08:38 PM
Also confirming issues with loading pretty much any Google site via my HE.net tunnel, tserv13.ash1.ipv6.he.net. It was working fine last night.

Edit: I turned down the MTU from 1480 to 1470 and that seems to have resolved the issue.
Edit2: Disregard, Google pages loaded quickly for awhile but now crawling or barely loading again.

MTU 1480 MSS 1220 = fix

Google sites were unresponsive for me since yesterday, this fixes it. I wonder what happened on their end?

hawk82

Quote from: doktornotor on November 08, 2014, 06:14:17 AM
Also note that the pfSense GUI has the MSS settings totally confusing/wrong. If you put 1220 into the MSS settings on the GIF tunnel, you end up with 1180, easy to check via

pfctl -sr | grep mss
scrub on gif0 all max-mss 1180 fragment reassemble


So, for pfSense, the MSS value should be 1260 if you have MTU set to 1280 which actually clamps it to 1220:


pfctl -sr | grep mss
scrub on gif0 all max-mss 1220 fragment reassemble

Thanks, I confirmed your results and fix.

JulioQc

I personally lowered it to 1280 MTU with a slight improvement but some services such as google drive refuse to connect.

doktornotor

Quote from: JulioQc on November 08, 2014, 06:11:02 PM
I personally lowered it to 1280 MTU with a slight improvement but some services such as google drive refuse to connect.

You really need the MSS clamping, setting MTU is not enough. Regardless, the Google issue should be fixed now:

QuoteDamian Menscher <damian at google.com>
6:44 PM (3 hours ago)

The issue with IPv6 access to Google should now be resolved.  Please let us
know if you're still having problems.

JulioQc

Yes its working fine now.

How did you reach out to Google about this anyways?

therrmann

I can confirm that MTU 1460 (I am using an additional PPPoE) and MSS 1220 seems to fix at least TCP.

One has to keep in mind that this is a dirty hack that does not help for UDP, ICMP and various other things, and that violates the standards of networking and TCP.

But definitely much better than broken IPv6 or no IPv6.

Regards,
Thomas

trevorwarwick

It's going to be interesting to see what happens when Google roll out QUIC across their portfolio - supposed to be happening in the next few months.  Chrome browsers will then prefer to communicate with Google sites over UDP rather than TCP, but so far I can't find any documentation about how they intend to deal with MTU size issues.

I think we may at least expect some teething problems for people running over tunnels that don't provide the end to end 1500 MTU.

lobotiger

I think something might still be up.

I've noticed that when accessing G+ via the app on my phone, I don't get the infinite scroll under Everything.  Seems to stop after a short bit.  And then under What's Hot, I notice that the downloading indicator on the page (sideways scrolling colours) keeps going on forever.

Well, I just put back these MTU/MSS values and after restarting the app I'm no longer experiencing the same issues. 

Coincidence?

LoboTiger