• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Question regarding PMTUD on Windows 7/2008-R2

Started by Quill, May 06, 2011, 02:18:16 AM

Previous topic - Next topic

Quill

I wonder if I might ask for a little help understanding the PMTUD process.

1. The default MTU for the ipv6 interface in Windows is 1500.
2. On my connection to the Internet, the maximum allowed for ipv6 is 1460
3. My router, running Tomato-RAF, automatically set itself for an MTU or 1460

When I attempt to connect to an ipv6 site, such as ipv6.he.net via a browser, the connection times out. This is due to the packet being to large for the underlying network. When I monitor the traffic with Wireshark, I can see the router sending an ICMpv6 Type 2 (Packet to big) back to the Windows node, but Windows doesn't seem to adjust it's MTU accordingly, The only way I can get connections is if I manually change the MTU on Windows to 1460.

My understanding of PMTUD seems to differ from what I appear to be seeing. From RFC 1981:

QuoteThis memo describes a technique to dynamically discover the PMTU of a
path.  The basic idea is that a source node initially assumes that
the PMTU of a path is the (known) MTU of the first hop in the path.
If any of the packets sent on that path are too large to be forwarded
by some node along the path, that node will discard them and return
ICMPv6 Packet Too Big messages [ICMPv6].  Upon receipt of such a
message, the source node reduces its assumed PMTU for the path based
on the MTU of the constricting hop as reported in the Packet Too Big
message.

Am I missing something obvious here?

Thanks.

snarked

No, you're not missing anything (in understanding the process).  Windows is not acting properly (no surprise there).

Quill

Quote from: snarked on May 06, 2011, 11:07:37 AM
No, you're not missing anything (in understanding the process).  Windows is not acting properly (no surprise there).

Thanks for the reply. Interestingly, I tried the same experiment with OpenSUSE and the result was the same?

snarked

You may see the ICMP6 packet come in, but are you certain you're accepting it?  Check the firewall.

Quill

Quote from: snarked on May 08, 2011, 11:40:46 AM
You may see the ICMP6 packet come in, but are you certain you're accepting it?  Check the firewall.

On the Windows test machine, the default firewall was turned off and the service was disabled. No other security applications were installed. On the Suse test machine I disabled the firewall. As I'm not hugely familiar with Linux, I took the shortest path to the problem but I don't know if this was the best approach.