Re: Dealing with ICMPv6 network unreachable.

To: Greg Troxel <gdt%ir.bbn.com@localhost>
Subject: Re: Dealing with ICMPv6 network unreachable.
From: Dennis Ferguson <dennis.c.ferguson%gmail.com@localhost>
Date: Fri, 3 Apr 2015 10:17:42 -0700

On 2 Apr, 2015, at 17:09 , Greg Troxel <gdt%ir.bbn.com@localhost> wrote:
>> Anyway, the problem is that because it's added a default route, various
>> programs will try IPv6 first. For each address tried, the router issues
>> an ICMPv6 unreachable message of code 0. This is displayed with ping -v
>> as well, so it is hitting userland. However, applications are ignoring
>> it. My simple test case is wget (available in pkgsrc).
> 
> Three thoughts about what might be going on:
> 
>  I am unclear on codes in ICMPv6; it could be that 0 is irregular and
>  getting filtered out by us, even though maybe it shouldn't be.
> 
>  It seems that the proper response of TCP to net/host unreachable is
>  arguable.  In the case you mention, it's best to abort, but a
>  transient unreachable situation on a TCP connection shouldn't kill the
>  connection.

I think it works best if errors (either unreachables or sending errors
reported by the local stack) are reported immediately when the TCP packet
that resulted in the error is a SYN packet but are ignored, falling back
to a timeout, when the connection has gotten beyond that.  It is very
true that this is arguable though.

>  It strikes me as odd that without a public address TCP is being tried.
>  Does your interface have any global addresses, or just the LL one?
>  If the router is handing out global addresses which don't work, it's a
>  much harder question about doing per-protocol black-hole detection
>  (leading down the path to happy eyeballs).

I'm not sure the first bit is right.  I think TCP connections using the
LL address are okay, even when the remote address is global scope, as
long as the remote host is connected to the same wire.  Since a host
can't necessarily tell whether the global addressee is on the same wire,
however, the only thing it can do is attempt to open the connection and
let the router tell it whether this is okay or not.  This doesn't work
so well if the host entirely ignores the unreachables the router sends back.

I do think that if IPv6, or IPv4 for that matter, is broken for you then
a good solution is just to configure the broken protocol off, use the
one that works and just get on with it.  That the IPv6 implementation
makes it hard to do this is a problem.

Dennis Ferguson

Follow-Ups:
- Re: Dealing with ICMPv6 network unreachable.
  - From: Greg Troxel

References:
- Dealing with ICMPv6 network unreachable.
  - From: Roy Marples
- Re: Dealing with ICMPv6 network unreachable.
  - From: Greg Troxel

Prev by Date: Re: Dealing with ICMPv6 network unreachable.
Next by Date: Re: Dealing with ICMPv6 network unreachable.
Previous by Thread: Re: Dealing with ICMPv6 network unreachable.
Next by Thread: Re: Dealing with ICMPv6 network unreachable.
Indexes:

Home | Main Index | Thread Index | Old Index