• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

So, the current Akamai IPv6 problem

Started by Steak, October 29, 2014, 10:00:33 AM

Previous topic - Next topic

Steak

For about a month now, there's been problems connecting to any site hosted by akamai under 2a02:26f0:: over an IPv6 tunnel.

This isn't an HE problem, it seems to affect anyone using a tunnelbroker, for example, see this thread on sixxs:

https://www.sixxs.net/forum/?msg=general-12378937

Unfortunately this includes content servers for a lot of major websites such as Facebook, Twitter, Linkedin, Cisco - meaning any webpage which unconditionally loads javascript from those sites (such as any site with facebook integration loading from connect.facebook.com) will hang and never finish loading (you'd expect the browser to time the connection out, but it doesn't)

I've tried all sorts of MTU tweaks to try and manually hack around the problem until they fix it, but nothing works.

I was wondering if anyone else here had successfully come up with a workaround?

cholzhauer

I haven't had any issues nor have my users reported any issues.  What tunnel server are you using?

DJX

I can connect to everything but Cisco.com
It has been this way for months.

Tracing route to cisco.com [2001:420:1101:1::a]
over a maximum of 30 hops:

  1     3 ms     1 ms     1 ms  core3750x.djxmmx.net [2001:470:xxxx:xxxx:xxxx:xxxx:xxxx:fffe]
  2    35 ms    34 ms    34 ms  djx-1.tunnel.tserv13.ash1.ipv6.he.net [2001:470:7:a40::1]
  3    29 ms    39 ms    29 ms  ge4-12.core1.ash1.he.net [2001:470:0:90::1]
  4    46 ms    35 ms    38 ms  100ge5-1.core1.nyc4.he.net [2001:470:0:299::2]
  5    37 ms    38 ms    37 ms  as7018-att.10gigabitethernet2-3.core1.nyc4.he.net [2001:470:0:1dd::2]
  6    72 ms    77 ms    73 ms  n54ny22crs.ipv6.att.net [2001:1890:ff:ffff:12:122:130:170]
  7    77 ms    74 ms    71 ms  wswdc22crs.ipv6.att.net [2001:1890:ff:ffff:12:122:3:38]
  8    69 ms    71 ms    71 ms  attga21crs.ipv6.att.net [2001:1890:ff:ffff:12:122:1:173]
  9    74 ms    70 ms    71 ms  dlstx22crs.ipv6.att.net [2001:1890:ff:ffff:12:122:28:174]
10    72 ms    73 ms    86 ms  dlstx405me3.ipv6.att.net [2001:1890:ff:ffff:12:122:119:9]
11    73 ms    73 ms    75 ms  2001:1890:c00:8701::11b7:3f7f
12    77 ms    73 ms    74 ms  rcdn9-cd1-dmzbb-gw1-ten1-1.cisco.com [2001:420:1100:5::1]
13    79 ms    76 ms    76 ms  rcdn9-cd2-dmzdcc-gw2-por1.cisco.com [2001:420:1100:1::1]
14    75 ms    75 ms    78 ms  rcdn9-16b-dcz05n-gw2-por2.cisco.com [2001:420:1100:10e::1]
15    74 ms    74 ms    74 ms  www1.cisco.com [2001:420:1101:1::a]

Steak

Quote from: cholzhauer on October 30, 2014, 08:20:49 AM
I haven't had any issues nor have my users reported any issues.  What tunnel server are you using?

tserve5.lon1

Steak

Also worth mentioning, the Akamai problem only seems to exist on their London cluster, so it'll only happen if you resolve to that node.

therrmann

I am seeing exactly the same problems, and it took me quite a while to find out that it was an MTU issue with akamai.

But today I am also seeing problems with www.google.com, rendering IPv6 almost completely unuseable. After many complaints by coworkers, I have now disabled the tunnel on my router, so that IPv6 works in the LAN and happy eyeballs falls back to IPv4 for internet addresses.

As far as I can tell, this must be a major issue for everybody using IPv6 tunnels, so why are there so little problem reports on the internet about this thing? How can I locate the problem in more detail?

Regards
Thomas

lobotiger

Ok so it's not just my tunnel that's experiencing ipv6 related problems then.

Noticed it first thing this morning when I couldn't retrieve my gmail because it's mostly all ipv6.  I rebooted my desktop, firewall and I'm about to turn down the HE tunnel because it's affecting too many services hosted by Google.

Any status updates or ways to get it resolved?

LoboTiger

Cabal696

Same issue here with a lot of Google services today. Obviously not related to the Akamai issue, but a real pain.

Goofball

Also seeing all sorts of oddball behavior with Google over IPv6 via HE.net tunnel today. Using tserv15.lax1.ipv6.he.net. About to turn down my tunnel so I can work without having to reload things 15 times.

LobsterSiD

#9
I'm having same problem since some days (3-4). I'm on tserv4.nyc4
Have to refresh sometime 10-15 time before google.ca or gmail load

broquea

Kind of suspecting its the destinations screwing stuff up. Pretty sure I've seen similar reports on ipv6-ops and nanog mailing lists in the last week or so. If it is them, then won't be much to fix on the broker side :(

hawk82

#11
Also confirming issues with loading pretty much any Google site via my HE.net tunnel, tserv13.ash1.ipv6.he.net. It was working fine last night.

Edit: I turned down the MTU from 1480 to 1470 and that seems to have resolved the issue.
Edit2: Disregard, Google pages loaded quickly for awhile but now crawling or barely loading again.

LobsterSiD

Quote from: hawk82 on November 07, 2014, 01:08:38 PM
Also confirming issues with loading pretty much any Google site via my HE.net tunnel, tserv13.ash1.ipv6.he.net. It was working fine last night.

Edit: I turned down the MTU from 1480 to 1470 and that seems to have resolved the issue.
Edit2: Disregard, Google pages loaded quickly for awhile but now crawling or barely loading again.

MTU 1480 MSS 1220 = fix

lobotiger

Quote from: SiD69 on November 07, 2014, 02:54:58 PM
Quote from: hawk82 on November 07, 2014, 01:08:38 PM
Also confirming issues with loading pretty much any Google site via my HE.net tunnel, tserv13.ash1.ipv6.he.net. It was working fine last night.

Edit: I turned down the MTU from 1480 to 1470 and that seems to have resolved the issue.
Edit2: Disregard, Google pages loaded quickly for awhile but now crawling or barely loading again.

MTU 1480 MSS 1220 = fix

Confirmed that the 1480MTU and 1220MSS numbers worked for my pfsense firewall.  Is this something that's going to have to be permanent or is there a problem somewhere?

LoboTiger

hawk82

Quote from: lobotiger on November 07, 2014, 03:10:57 PM
Quote from: SiD69 on November 07, 2014, 02:54:58 PM
Quote from: hawk82 on November 07, 2014, 01:08:38 PM
Also confirming issues with loading pretty much any Google site via my HE.net tunnel, tserv13.ash1.ipv6.he.net. It was working fine last night.

Edit: I turned down the MTU from 1480 to 1470 and that seems to have resolved the issue.
Edit2: Disregard, Google pages loaded quickly for awhile but now crawling or barely loading again.

MTU 1480 MSS 1220 = fix

Confirmed that the 1480MTU and 1220MSS numbers worked for my pfsense firewall.  Is this something that's going to have to be permanent or is there a problem somewhere?

LoboTiger
Tried that on my pfSense box, and still no dice. Do I need to reboot it for the change to take effect?