• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

MTU issue? Pings being fragmented when they shouldn't be.

Started by jemann, February 04, 2013, 04:42:45 AM

Previous topic - Next topic

jemann

My home ADSL connection uses Bridged Ethernet over ATM without any PPP encapsulation so it can use an MTU of 1500 for IPv4 traffic.  I've tested this with the following pings:

root@atom:/root # ping -c 1 -D -s 1472 216.66.80.26
PING 216.66.80.26 (216.66.80.26): 1472 data bytes
1480 bytes from 216.66.80.26: icmp_seq=0 ttl=59 time=19.999 ms

--- 216.66.80.26 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 19.999/19.999/19.999/0.000 ms

root@atom:/root # ping -c 1 -D -s 1473 216.66.80.26                                                                                     
PING 216.66.80.26 (216.66.80.26): 1473 data bytes
ping: sendto: Message too long

--- 216.66.80.26 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss


Based on this, I believe my IPv6 tunnel to HE.net should be capable of an MTU of 1480.  However, pinging the peer at the other end of the tunnel is giving confusing results.

A 1480 byte ping packet (1432+8+40) with DNF set goes through OK:

# ping6 -c 1 -D -s 1432 2001:470:1f08:84e::1
...
11:45:30.243253 IP6 2001:470:1f08:84e::2 > 2001:470:1f08:84e::1: ICMP6, echo request, seq 0, length 1440
11:45:30.263261 IP6 2001:470:1f08:84e::1 > 2001:470:1f08:84e::2: ICMP6, echo reply, seq 0, length 1440


but when I try it without DNF set, the outgoing ping request packet is fragmented as if the MTU is only 1280:

# ping6 -c 1 -s 1432 2001:470:1f08:84e::1
...
11:45:40.043251 IP6 2001:470:1f08:84e::2 > 2001:470:1f08:84e::1: frag (0|1232) ICMP6, echo request, seq 0, length 1232
11:45:40.043281 IP6 2001:470:1f08:84e::2 > 2001:470:1f08:84e::1: frag (1232|208)
11:45:40.063644 IP6 2001:470:1f08:84e::1 > 2001:470:1f08:84e::2: ICMP6, echo reply, seq 0, length 1440


I have two tunnels, each to FreeBSD hosts, and the same fragmentation is occurring on both of them.  I've checked the tunnel MTU settings in the tunnelbroker web interface and they're both set to 1480.  The tunnel interfaces on my FreeBSD hosts also have their MTU set to 1480.

What's wrong here?

kasperd

First of all, there is no DF flag in IPv6. In IPv6 routers are never allowed to fragment packets in transit. There is a DF flag on the IPv4 header, when you are using a tunnel. But ping6 doesn't know about the tunnel and thus cannot choose whether that flag is set or not. I don't know which ping6 version you are using, so I cannot tell you what the flags mean. But I don't think the D flag means, what you think it means. Check the documentation to find out, what it really means.

If there was an ICMP or ICMPv6 error indicating a link MTU has been exceeded, then the kernel will cache that information for some time. If you didn't actually capture that packet, then it may be tricky to find out exactly why packets are suddenly fragmented.

I tried to ping 2001:470:1f08:84e::2 with various sized packets, to see if I could tell you some more about your connection. But the connection appeared to be flaky, even when I was pinging with small packets (64 bytes of data).