tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: IPV6 router works, but clients fail

On Thursday 02 July 2009 23:18:22 Miles Nordin wrote:
> >>>>> "rm" == Roy Marples <> writes:
>     rm> I've attached my current pf.conf As Brian pointed out in this
>     rm> thread, PF does not handle IPv6 fragments
> That's bad but it's not the problem.  There will never be any IPv6 TCP
> fragments, even with all this nonsense going on.  There can be UDP
> fragments, though.

So what is the problem?

>     rm> if I drop the MTU on my clients to 1492 then I don't need the
>     rm> scrub mss line. Anyone have an opinion on which would be
>     rm> better?
> the scrubbing is better.
> If all hosts on an ethernet do not have the same MTU set, this will
> cause a second level of brokenness---now you have two broken things
> instead of one.  That scenario's likely because you'll forget, or
> you'll have test systems or guests or VM's or whatever.

Well, I experimented. It turns out that rtadvd has a nice option to broadcast 
the MTU of the IPv6 link. Linux is clever here - this MTU is only applicable 
to the IPv6 and does not change the real MTU of the interface. So MTU is 1500 
both server and client, but for IPv6 it's 1492. Works like a champ.

Sadly, this is not the case in NetBSD.
Infact I couldn't get ANY MTU values to work for ipv4/ipv6 connectivity past 
the router unless I was scrubbing on the router.
What is more, NetBSD ignores (or seems to) the MTU in the IPv6 RA. Is this a 
bug or a known issue?



Home | Main Index | Thread Index | Old Index