Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Pages: 1 [2]

Author Topic: So, the current Akamai IPv6 problem  (Read 11725 times)

doktornotor

  • Newbie
  • *
  • Posts: 9
Re: So, the current Akamai IPv6 problem
« Reply #15 on: November 08, 2014, 03:23:02 AM »

Also seeing all sorts of oddball behavior with Google over IPv6 via HE.net tunnel today. Using tserv15.lax1.ipv6.he.net. About to turn down my tunnel so I can work without having to reload things 15 times.

+1. What's up with this? Google services completely broken since yesterday, 4 different locations, tserv27.prg1.ipv6.he.net, tserv1.bud1.ipv6.he.net

 >:( >:( >:(


MTU 1480 MSS 1220 = fix

Confirmed that the 1480MTU and 1220MSS numbers worked for my pfsense firewall.  Is this something that's going to have to be permanent or is there a problem somewhere?

LoboTiger
Tried that on my pfSense box, and still no dice. Do I need to reboot it for the change to take effect?

The only thing that worked here is 1280 MTU / 1220 MSS. (Don't forget to change the MTU at https://www.tunnelbroker.net/ (Advanced) as well.) Obviously, I don't consider this to be a permanent solution.
« Last Edit: November 08, 2014, 03:42:38 AM by doktornotor »
Logged

robertpenz

  • Newbie
  • *
  • Posts: 3
Re: So, the current Akamai IPv6 problem
« Reply #16 on: November 08, 2014, 04:19:11 AM »

Setting MSS in the syn packets to 1420 works for me. I blogged about it here: http://robert.penz.name/971/google-services-seems-to-be-down-if-youre-accessing-them-via-an-ipv6-tunnel-providers/
Logged

stblassitude

  • Newbie
  • *
  • Posts: 1
Re: So, the current Akamai IPv6 problem
« Reply #17 on: November 08, 2014, 04:30:53 AM »

I'm using a FreeBSD 10-stable router with pf, and clamping the MSS to 1220 seems to have fixed the problem for me:
Code: [Select]
scrub on gif0 max-mss 1220After reading through this thread fully, I did notice that the default MTU on gif0 was set to 1280 instead of 1480, and the MTU on tunnelbroker.net was set to 1480. I've since increased the MTU on gif0 to 1480.
Logged

hawk82

  • Newbie
  • *
  • Posts: 8
Re: So, the current Akamai IPv6 problem
« Reply #18 on: November 08, 2014, 05:06:33 AM »

I changed the MSS setting on VPN connections under the Advanced tab in pfSense, not on the OPT1 interface. Oops. I changed that and for the moment Google pages are loading much better.
Logged

doktornotor

  • Newbie
  • *
  • Posts: 9
Re: So, the current Akamai IPv6 problem
« Reply #19 on: November 08, 2014, 06:14:17 AM »

I changed the MSS setting on VPN connections under the Advanced tab in pfSense, not on the OPT1 interface. Oops. I changed that and for the moment Google pages are loading much better.

Also note that the pfSense GUI has the MSS settings totally confusing/wrong. If you put 1220 into the MSS settings on the GIF tunnel, you end up with 1180, easy to check via

Code: [Select]
pfctl -sr | grep mss
scrub on gif0 all max-mss 1180 fragment reassemble

So, for pfSense, the MSS value should be 1260 if you have MTU set to 1280 which actually clamps it to 1220:

Code: [Select]
pfctl -sr | grep mss
scrub on gif0 all max-mss 1220 fragment reassemble
Logged

hoppmaep

  • Newbie
  • *
  • Posts: 1
Re: So, the current Akamai IPv6 problem
« Reply #20 on: November 08, 2014, 07:04:43 AM »

Also confirming issues with loading pretty much any Google site via my HE.net tunnel, tserv13.ash1.ipv6.he.net. It was working fine last night.

Edit: I turned down the MTU from 1480 to 1470 and that seems to have resolved the issue.
Edit2: Disregard, Google pages loaded quickly for awhile but now crawling or barely loading again.

MTU 1480 MSS 1220 = fix

Google sites were unresponsive for me since yesterday, this fixes it. I wonder what happened on their end?
Logged

hawk82

  • Newbie
  • *
  • Posts: 8
Re: So, the current Akamai IPv6 problem
« Reply #21 on: November 08, 2014, 11:54:50 AM »

Also note that the pfSense GUI has the MSS settings totally confusing/wrong. If you put 1220 into the MSS settings on the GIF tunnel, you end up with 1180, easy to check via

Code: [Select]
pfctl -sr | grep mss
scrub on gif0 all max-mss 1180 fragment reassemble

So, for pfSense, the MSS value should be 1260 if you have MTU set to 1280 which actually clamps it to 1220:

Code: [Select]
pfctl -sr | grep mss
scrub on gif0 all max-mss 1220 fragment reassemble
Thanks, I confirmed your results and fix.
Logged

JulioQc

  • Newbie
  • *
  • Posts: 4
Re: So, the current Akamai IPv6 problem
« Reply #22 on: November 08, 2014, 06:11:02 PM »

I personally lowered it to 1280 MTU with a slight improvement but some services such as google drive refuse to connect.
Logged

doktornotor

  • Newbie
  • *
  • Posts: 9
Re: So, the current Akamai IPv6 problem
« Reply #23 on: November 09, 2014, 12:46:29 AM »

I personally lowered it to 1280 MTU with a slight improvement but some services such as google drive refuse to connect.

You really need the MSS clamping, setting MTU is not enough. Regardless, the Google issue should be fixed now:

Quote
Damian Menscher <damian at google.com>
6:44 PM (3 hours ago)

The issue with IPv6 access to Google should now be resolved.  Please let us
know if you're still having problems.
Logged

JulioQc

  • Newbie
  • *
  • Posts: 4
Re: So, the current Akamai IPv6 problem
« Reply #24 on: November 09, 2014, 06:37:18 PM »

Yes its working fine now.

How did you reach out to Google about this anyways?
Logged

therrmann

  • Newbie
  • *
  • Posts: 4
Re: So, the current Akamai IPv6 problem
« Reply #25 on: November 09, 2014, 10:51:10 PM »

I can confirm that MTU 1460 (I am using an additional PPPoE) and MSS 1220 seems to fix at least TCP.

One has to keep in mind that this is a dirty hack that does not help for UDP, ICMP and various other things, and that violates the standards of networking and TCP.

But definitely much better than broken IPv6 or no IPv6.

Regards,
Thomas
Logged

trevorwarwick

  • Newbie
  • *
  • Posts: 11
Re: So, the current Akamai IPv6 problem
« Reply #26 on: November 10, 2014, 01:23:43 AM »

It's going to be interesting to see what happens when Google roll out QUIC across their portfolio - supposed to be happening in the next few months.  Chrome browsers will then prefer to communicate with Google sites over UDP rather than TCP, but so far I can't find any documentation about how they intend to deal with MTU size issues.

I think we may at least expect some teething problems for people running over tunnels that don't provide the end to end 1500 MTU.
Logged

lobotiger

  • Newbie
  • *
  • Posts: 25
Re: So, the current Akamai IPv6 problem
« Reply #27 on: November 27, 2014, 03:26:42 PM »

I think something might still be up.

I've noticed that when accessing G+ via the app on my phone, I don't get the infinite scroll under Everything.  Seems to stop after a short bit.  And then under What's Hot, I notice that the downloading indicator on the page (sideways scrolling colours) keeps going on forever.

Well, I just put back these MTU/MSS values and after restarting the app I'm no longer experiencing the same issues. 

Coincidence?

LoboTiger
Logged
Pages: 1 [2]