• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Set MTU of tunnel (or other problem)

Started by fa2k, January 21, 2011, 01:27:45 PM

Previous topic - Next topic

fa2k

Hi,
Can I set the max. MTU for a tunnel (limit the size of the IPv4 packets coming in to my computer). I'm on a DSL connection, and I think that MTU is causing the problem.

The problem: I can't connect to certain services (HTTP to python.org, he.net, ...) but I can connect to ipv6.google.com and kame.net. It looks to me like big packets get dropped.

Do you agree that this is an MTU issue?

A connection is set up, and then I can send a GET request, but some of the reply seems to be missing:(nothing strange about this, but there should be more...)
     12 145.853538  2001:470:1f0a:1717::2 2001:888:2000:d::a2   TCP      49248 > http [SYN] Seq=0 Win=5680 Len=0 MSS=1420 SACK_PERM=1 TSV=254868639 TSER=0 WS=7
     13 145.934188  2001:888:2000:d::a2   2001:470:1f0a:1717::2 TCP      http > 49248 [SYN, ACK] Seq=0 Ack=1 Win=5712 Len=0 MSS=1440 SACK_PERM=1 TSV=1164407370 TSER=254868639 WS=6
     14 145.934321  2001:470:1f0a:1717::2 2001:888:2000:d::a2   TCP      49248 > http [ACK] Seq=1 Ack=1 Win=5760 Len=0 TSV=254868720 TSER=1164407370
     15 145.934548  2001:470:1f0a:1717::2 2001:888:2000:d::a2   HTTP     GET / HTTP/1.1
     16 146.018438  2001:888:2000:d::a2   2001:470:1f0a:1717::2 TCP      http > 49248 [ACK] Seq=1 Ack=386 Win=6784 Len=0 TSV=1164407391 TSER=254868720


Here is the ifconfig for the IPv4 WAN interface (ppp0) and the tunnel interface (sit1):
ppp0      Link encap:Point-to-Point Protocol 
          inet addr:86.200.184.175  P-t-P:86.200.184.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:1071442 errors:0 dropped:0 overruns:0 frame:0
          TX packets:867121 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:1118805441 (1.0 GiB)  TX bytes:91711010 (87.4 MiB)

sit1      Link encap:IPv6-in-IPv4 
          inet6 addr: fe80::afe:fefe/64 Scope:Link
          inet6 addr: fe80::a00:1/64 Scope:Link
          inet6 addr: 2001:470:1f0a:1717::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:13884 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13602 errors:336 dropped:0 overruns:0 carrier:336
          collisions:0 txqueuelen:0
          RX bytes:11719760 (11.1 MiB)  TX bytes:2586065 (2.4 MiB)


I'm running the tunnel on a Fedora machine, I have tried things like disabling the firewall, etc.


Marius

cholzhauer

Independent of this...have you assigned an address to your LAN connection from your routed /64 or /48?

fa2k

Yes i have , and i'm running radvd (i'm actually only using a /64, didn't realise until later that i got a routed one by default)

Full ifconfig may be of interest, eth1 is just connected to the DSL modem (via USB, actually)
eth0      Link encap:Ethernet  HWaddr 00:19:B9:72:46:7A 
          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::219:b9ff:fe72:467a/64 Scope:Link
          inet6 addr: 2001:470:9863:fafa::1/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1085235 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1355124 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:124122237 (118.3 MiB)  TX bytes:1431207448 (1.3 GiB)
          Interrupt:21

eth1      Link encap:Ethernet  HWaddr 00:25:69:F4:71:A5 
          inet addr:10.254.254.254  Bcast:10.254.254.254  Mask:255.255.255.255
          inet6 addr: fe80::225:69ff:fef4:71a5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1355919 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1096690 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1385455504 (1.2 GiB)  TX bytes:131405601 (125.3 MiB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:125077 errors:0 dropped:0 overruns:0 frame:0
          TX packets:125077 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:50387653 (48.0 MiB)  TX bytes:50387653 (48.0 MiB)

ppp0      Link encap:Point-to-Point Protocol 
          inet addr:86.200.184.175  P-t-P:86.200.184.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:1072780 errors:0 dropped:0 overruns:0 frame:0
          TX packets:868690 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:1119329463 (1.0 GiB)  TX bytes:91952929 (87.6 MiB)

sit1      Link encap:IPv6-in-IPv4 
          inet6 addr: fe80::afe:fefe/64 Scope:Link
          inet6 addr: fe80::a00:1/64 Scope:Link
          inet6 addr: 2001:470:1f0a:1717::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1400  Metric:1
          RX packets:13902 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13624 errors:336 dropped:0 overruns:0 carrier:336
          collisions:0 txqueuelen:0
          RX bytes:11721248 (11.1 MiB)  TX bytes:2590433 (2.4 MiB)

fa2k

Btw, i have the same trouble from computers on the LAN.

broquea

try setting tunnel interface mtu to 1280

fa2k

#5
Quote from: broquea on January 21, 2011, 01:49:31 PM
try setting tunnel interface mtu to 1280
That didn't help me.

Is there a way i can further debug this? I don't control any other ipv6-enabled hosts.
--or anyone who has got it working over a PPPoE WAN connection?

fa2k

#6
Actually, it kind of did work. I was testing on a host connected to the LAN, not the router itself. If I set the MTU here, then it works.

-- sorry, "here": on the other host on the LAN, not the router.

fa2k

Seems there are 2 ways to do it automatically for the LAN hosts (from the mighty internets):
1) Mangle packets headed for WAN (actually any routed packets):
ip6tables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
2) Advertise smaller link MTU. In radvd.conf:
AdvLinkMTU 1464;

I didn't try (1), but (2) seems to work (may degrade LAN performance a little, i guess)

jimb

I don't have to bother with setting MTUs on LAN machines.  PMTU should take care of that.  Make sure you're not blocking ICMP and/or ICMPv6.

packetmail

#9
PMTU didn't work on my LAN and I was very RFC 4890 friendly.  I use PPPoE, this means my MTU should be 1492 (1500 minus 8 bytes for the PPPoE overhead).  My IPv6 MTU was coming up as 1500 and leading to issues (identified at http://www.test-ipv6.com).  The 6in4 tunnel should use about 20 bytes of overhead so this means (with PPPoE) an MTU of 1472 should be correct.  After using 1472 life was good and I didn't have large packet issues like you've described.

Here's my radvd.conf with my IPv6 address obfuscated by condensation to '2001::'; RDNS is the native IPv6 internal resolver.  Expand '2001::' to suite your environment.


interface eth0 {
AdvSendAdvert on;
AdvLinkMTU 1472;
AdvDefaultPreference high;
prefix 2001::/64 {AdvOnLink on; AdvAutonomous on;};
RDNSS 2001::f3 {};
};


Hope this helped, if so, please reply confirming so that it may help others in the future.  An MTU of 1280 was too low and performance degrading.  I also noted that I had to adjust the IPv6 MTU on the client, not the 6in4 router (hence the changes to radvd.conf), for the MTU issues to resolve themselves.

fa2k

Thanks for the reply, packetmail. I came to the same conclusion, but i had put 1464 as the size. I think i can make it bigger, because i just took the value from ping -s. Anyway, it works, here is my radvd.conf:
interface eth0
{
  AdvSendAdvert on;
  MinRtrAdvInterval 30;
  MaxRtrAdvInterval 100;
  AdvLinkMTU 1464;
  prefix 2001:470:9863:fafa::1/64
  {
     AdvOnLink on;
     AdvAutonomous on;
     AdvRouterAddr on;
  };     
};