Welcome to Hurricane Electric's Tunnelbroker.net forums!
Started by igwanv6, June 17, 2012, 06:56:41 PM
# ping6 2001:470:1f06:1c0::2 -s 1424 -M doPING 2001:470:1f06:1c0::2(2001:470:1f06:1c0::2) 1424 data bytes1432 bytes from 2001:470:1f06:1c0::2: icmp_seq=1 ttl=59 time=177 ms1432 bytes from 2001:470:1f06:1c0::2: icmp_seq=2 ttl=59 time=173 ms1432 bytes from 2001:470:1f06:1c0::2: icmp_seq=3 ttl=59 time=191 ms^C--- 2001:470:1f06:1c0::2 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2003msrtt min/avg/max/mdev = 173.375/180.731/191.250/7.647 ms# ping6 2001:470:1f06:1c0::2 -s 1425 -M doPING 2001:470:1f06:1c0::2(2001:470:1f06:1c0::2) 1425 data bytes^C--- 2001:470:1f06:1c0::2 ping statistics ---8 packets transmitted, 0 received, 100% packet loss, time 7003ms
traceroute to 2001:470:1f06:1c0::2 (2001:470:1f06:1c0::2), 30 hops max, 80 byte packets 1 2001:470:1f0b:1da2:635a:c32:ae34:df91 0.559 ms 0.187 ms 0.195 ms 2 2001:470:1f0a:1da2::1 42.833 ms 48.560 ms 54.246 ms 3 2001:470:0:69::1 54.363 ms 39.479 ms 39.518 ms 4 2001:470:0:1d2::1 52.212 ms 52.269 ms 52.203 ms 5 2001:470:0:128::1 124.441 ms 124.452 ms 124.513 ms 6 2001:470:20::2 136.985 ms 139.459 ms 141.907 ms 7 * * * 8 * * * 9 * * *10 * * *
# ping6 2001:470:1f06:1c0::2 -s 1433PING 2001:470:1f06:1c0::2(2001:470:1f06:1c0::2) 1433 data bytesFrom 2001:470:20::2 icmp_seq=1 Packet too big: mtu=1480^C
I tried to set my own TTL to 1280 bytes and then ping with packets larger than 1280 bytes, but still way below your 1472 byte limit. I never got a reply from your IP.
Quote from: igwanv6 on June 19, 2012, 06:56:39 PMWell I finally got the 'Packet Too Big', but with mtu=1480, not mtu=1472 which I set in the options of the tunnel (on HE side). But I only manage to get it every ten minutes or so... Probably rate limited to hell on HE side.
Quote from: igwanv6 on June 19, 2012, 06:56:39 PMI noticed the proto 41 packets sent by the tunnel server have the DF flag set. My ISP rejects those packets > 1492 with the correct error code (fragmentation needed but DF set).
Quote from: igwanv6 on June 19, 2012, 06:56:39 PMBut the tunnel server doesn't care and sends up to 1500 bytes IPv4 packets/fragments anyway.
Quote from: igwanv6 on June 19, 2012, 06:56:39 PMI just tested that. I _do_ get the two fragments on my side but my router doesn't answer. Probably the firewall on my router blocking the fragment.
Quote from: kcochran on June 19, 2012, 08:47:32 PMYour MTU change wasn't sticking. Now will.
Quote from: kasperd on June 20, 2012, 03:21:35 AMYou'll need to fix that as well. Otherwise it is probably never going to work. Though TCP can segment the data stream and thus doesn't have to send fragmented packets, there are some TCP stacks that will not change segmentation on retransmission. Thus if the TCP stack sends a segment and gets a too big message back, then it will make later segments smaller, but the segment that triggered the message in the first place will just be retransmitted at the same segment size, but using fragmentation.
Quote from: igwanv6 on June 21, 2012, 05:01:54 AMThe firewall was blocking incoming icmp fragments in its input chain (no problem with forwarding).