This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ipv6-wg@ripe.net/
[ipv6-wg] On deploying IPv6 for consumers..
- Previous message (by thread): [ipv6-wg] On deploying IPv6 for consumers..
- Next message (by thread): [ipv6-wg] Proposal to Remove Routing Requirements from the IPv6 Address Allocation Policy Implemented
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andy Linton
asjl at lpnz.org
Thu Oct 8 04:50:17 CEST 2009
I noted Geert Jan de Groot's message on the list about PMTU problems. The following was posted on the NZ v6 list and might be of interest. andy Begin forwarded message: > From: Ben Stasiewicz <ben at wand.net.nz> > Date: 6 October 2009 5:24:43 PM > To: ipv6-techsig at listserver.internetnz.net.nz > Subject: [Ipv6-techsig] IPv6 PMTUD issues, some data > Reply-To: ben at wand.net.nz, ipv6-techsig at listserver.internetnz.net.nz > > Hi there, > > I'm a fourth-year Waikato University student who works for WAND in his > spare time. > > Earlier this year Geoff Huston wrote a very interesting article [1] in > which he describes and diagnoses a problem he had downloading an RFC > using IPv6. He determined that it was due to PMTUD failure (probably > caused by ICMPv6 filtering close to the web server) and suggests > lowering the MTU on interfaces used for IPv6 traffic to avoid this > problem. This and the resulting ipv6-techsig discussion [2] > motivated me > to do a university project (supervised by Dr. Matthew Luckie) that > investigates problems with PMTUD in IPv6. It aims to determine the > prevalence of PMTUD failure in IPv6 by running tests to a large number > of IPv6-enabled web servers on the Internet. > > As part of my investigation, I have written a module for scamper [3] > (an > Internet measurement tool created by Matthew) that can be used to > determine whether PMTUD for a given web server is successful. It is > based on the the IPv4 PMTUD test used by tbit [4]. I won't bore you > with > the exact details of the algorithm, but the general idea is: > > Establish a connection to the web server and make an HTTP request > for a > specific object. Do not acknowledge the response. Instead, send an > ICMPv6 Packet Too Big (PTB) message asking it to reduce the size of > its > packets to 1280 bytes. If the web server retransmits the HTTP response > using a smaller packet size, conclude that PMTUD was successful. > Otherwise if the retransmitted response packet is not smaller than the > original, retransmit the PTB message. If after two retransmissions > (three PTB messages) the server still hasn't reduced the size of its > HTTP response packet, conclude that PMTUD failed. > > The test halts if the original response packet is not larger than 1280 > bytes (the MTU specified in the PTB message). I can't specify a MTU > smaller than this because most hosts will ignore an MTU smaller than > 1280 bytes (the IPv6 Minimum Path MTU [5]). > > A test to a particular host will result in one of: > > RESULT_PMTUD_SUCCESS > The server successfully completed PMTUD. A smaller HTTP response > packet > was received from the server after sending it a PTB message. > > RESULT_PMTUD_FAIL > The server failed to complete PMTUD as we did not receive a smaller > response from it. The PTB messages are probably being filtered. > > RESULT_RX_TOOSMALL > The response packet was too small to be able to continue the test. It > must be at least 1281 bytes in size. > > RESULT_RX_NOACK > Did not receive an acknowledgement for the HTTP request. > > RESULT_RX_NODATA > The HTTP request was acknowledged, but no HTTP response was received. > > RESULT_TCP_RST > A TCP reset segment was received before the test could complete. > > RESULT_TCP_ERROR > Unexpected packet received in response to the HTTP request. > > RESULT_TCP_NOCONN > Failed to establish a TCP connection to the web server. > > Test Setup: > > I run the tests from a FreeBSD 7.2 box that sits in the lounge of my > flat. It has IPv6 connectivity using 6to4 and the tunnel interface on > our gateway box has an MTU of 1480 bytes. > > Test Parameters: > > An MSS of 1221 is advertised to avoid the effect of tunnels earlier in > the reverse path as much as possible. For reasons mentioned above, a > 1280 byte MTU is specified in the PTB message. > > Test Input: > > The list of IPv6 web servers was derived from the Alexa Top 1 Million > Websites list [6]. Of these 1 million domains, only 627 had globally > routable IPv6 addresses that could be connected to on port 80 (sad > eh?). > A script searched each of these for a URL to an object that was at > least > 1221 bytes in size. A request for such an object will hopefully result > in a large enough HTTP response packet. > > Test Results: > > Frequency of each result > > 371 PMTUD_SUCCESS > 214 RX_TOOSMALL > 22 RX_NODATA > 13 TCP_NOCONN > 9 PMTUD_FAIL > 5 TCP_RST > 2 RX_NOACK > 1 TCP_ERROR > > > In addition to the outright failures (PMTUD_FAILs), we believe that > the > results RX_NODATA and RX_NOACK also indicate PMTUD failure. They could > result when the server's HTTP response packets are discarded somewhere > along the path for being too big and the server never learns that this > is occurring (and neither do we). The server's response packets are > disappearing into a PMTU black hole. > > A large number of hosts send HTTP response packets that are too small > (RX_TOOSMALL). Some of these could actually indicate PMTUD success in > the presence of 1280 byte tunnels. I will look into this further. > > > Frequency of advertised MSS values > > 458 mss=1440 > 60 mss=1220 > 47 mss=1221 (the remote TCP echoing our advertised MSS) > 33 mss=1420 > 13 mss=1380 > 10 mss=0 (did not receive a SYN from the web server) > 2 mss=8940 > 2 mss=1410 > 2 mss=1300 > 1 mss=65455 > 1 mss=33160 > 1 mss=1460 > 1 mss=1436 > 1 mss=1432 > 1 mss=1416 > 1 mss=1412 > 1 mss=1374 > 1 mss=1370 > 1 mss=1340 > > > The vast majority of hosts advertised a 1440 byte MSS. We suspect that > the 1220 byte MSSs are from hosts that have been explicitly configured > with 1280 byte MTUs and had their PMTUD disabled so as to avoid the > ICMP > filtering problem. > > My current university project is almost complete, but in the Summer I > would like to continue my investigation into IPv6 PMTUD. Can any of > you > recommend another application layer protocol (preferably a simple one > like HTTP) that my PMTUD test could support in the future? Bittorrent > could be a good one (what do you think Nathan?). Is there anything > else > that you would be interested in me finding out? > > Questions and comments are most welcome. > > Cheers > Ben Stasiewicz > > [1] http://cidr-report.org/ispcol/2009-01/mtu6.html > > [2] > http://listserver.internetnz.net.nz/pipermail/ipv6-techsig/2009-February/000234.html > > [3] http://www.wand.net.nz/scamper/ > > [4] http://www.icir.org/mallman/papers/tcp-evo-ccr05.ps > > [5] http://www.ietf.org/rfc/rfc2460.txt > > [6] http://s3.amazonaws.com/alexa-static/top-1m.csv.zip > _______________________________________________ > IPv6-techsig mailing list > IPv6-techsig at listserver.internetnz.net.nz > http://listserver.internetnz.net.nz/mailman/listinfo/ipv6-techsig
- Previous message (by thread): [ipv6-wg] On deploying IPv6 for consumers..
- Next message (by thread): [ipv6-wg] Proposal to Remove Routing Requirements from the IPv6 Address Allocation Policy Implemented
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]