Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: nsp: ipv6

IPv6 PMTU issues to www.citrix.com

 

 

nsp ipv6 RSS feed   Index | Next | Previous | View Threaded


gert at space

Jul 6, 2012, 2:23 AM

Post #1 of 2 (485 views)
Permalink
IPv6 PMTU issues to www.citrix.com

Hi,

someone from Citrix here, or with contacts to their networking folks?

We're getting complaints from one of our (tunneled) customers that
IPv6 connects to 2001:4868:10c:3::15 sometimes (!) return no data
after the TCP handshake succeeds - and sometimes it works.

The client's IPv6 MTU is 1400, and forcing MSS to 1340 makes it work in
every case, so this looks like "load balanced to different servers, some
of them have working PMTUd, some not".

>From a different test host with an IPv6 MTU of 1492, it worked all
the time - so I checked with tcpdump, and it seems the servers always
send out with a somewhat smaller segment size anyway:

11:20:47.364247 IP6 2001:4868:10c:3::15.80 > 2001:608:2:2::250.55317: . 23121:24481(1360) ack 40 win 64410

(client asked for MSS 1440, server never sends anything bigger than 1360,
but that's still too big for some cases)

so maybe they are aware that their PTMU is not working fully reliable...

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279


owens at nysernet

Jul 6, 2012, 8:06 AM

Post #2 of 2 (472 views)
Permalink
Re: IPv6 PMTU issues to www.citrix.com [In reply to]

On Fri, Jul 06, 2012 at 11:23:52AM +0200, Gert Doering wrote:
> The client's IPv6 MTU is 1400, and forcing MSS to 1340 makes it work in
> every case, so this looks like "load balanced to different servers, some
> of them have working PMTUd, some not".

Based on the name, I think you're right about the load balancer:
www.citrix.com. 28800 IN CNAME www.gslb.citrix.com.

> so maybe they are aware that their PTMU is not working fully reliable...

They block PMTUD and they're trying to clamp the MSS to avoid MTU problems, but they aren't trying hard enough:

[cookiemonster:~/Projects/IPv6] owens% sudo /usr/local/bin/scamper -F ipfw -I "tbit -M 1280 -u 'http://www.citrix.com/lang/English/home.asp' 2001:4868:10c:3::15"
tbit from 2620:f:1:1201:21b:63ff:fea4:4d92 to 2001:4868:10c:3::15
server-mss 1360, result: pmtud-fail
app: http, url: http://www.citrix.com/lang/English/home.asp
[ 0.049] TX SYN 64 seq = 0:0
[ 0.105] RX SYN/ACK 64 seq = 0:1
[ 0.105] TX 60 seq = 1:1
[ 0.149] TX 254 seq = 1:1(194)
[ 0.209] RX 1420 seq = 1:195(1360)
[ 0.209] TX PTB 1280 mtu = 1280
[ 0.209] RX 1420 seq = 1361:195(1360)
[ 0.209] RX 1420 seq = 2721:195(1360)
[ 0.209] RX 1420 seq = 4081:195(1360)
[ 0.209] RX 1420 seq = 5441:195(1360)
[ 0.209] RX 1420 seq = 6801:195(1360)
[ 0.773] RX 1420 seq = 1:195(1360)
[ 0.773] TX PTB 1280 mtu = 1280
[ 2.210] RX 1420 seq = 1:195(1360)
[ 2.210] TX PTB 1280 mtu = 1280
[ 5.038] RX 1420 seq = 1:195(1360)
[ 5.038] TX PTB 1280 mtu = 1280
[ 10.616] RX 1420 seq = 1:195(1360)

MSS of 1220 would work, 1420 won't.

And no, I don't have any contacts there. . .

Bill.

nsp ipv6 RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.