[ipv6-wg] On deploying IPv6 for consumers..
- Previous message (by thread): [ipv6-wg] On deploying IPv6 for consumers..
- Next message (by thread): [ipv6-wg] Proposal to Remove Routing Requirements from the IPv6 Address Allocation Policy Implemented
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andy Linton
asjl at lpnz.org
Thu Oct 8 04:50:17 CEST 2009
I noted Geert Jan de Groot's message on the list about PMTU problems. The following was posted on the NZ v6 list and might be of interest. andy Begin forwarded message: > From: Ben Stasiewicz <ben at wand.net.nz> > Date: 6 October 2009 5:24:43 PM > To: ipv6-techsig at listserver.internetnz.net.nz > Subject: [Ipv6-techsig] IPv6 PMTUD issues, some data > Reply-To: ben at wand.net.nz, ipv6-techsig at listserver.internetnz.net.nz > > Hi there, > > I'm a fourth-year Waikato University student who works for WAND in his > spare time. > > Earlier this year Geoff Huston wrote a very interesting article [1] in > which he describes and diagnoses a problem he had downloading an RFC > using IPv6. He determined that it was due to PMTUD failure (probably > caused by ICMPv6 filtering close to the web server) and suggests > lowering the MTU on interfaces used for IPv6 traffic to avoid this > problem. This and the resulting ipv6-techsig discussion [2] > motivated me > to do a university project (supervised by Dr. Matthew Luckie) that > investigates problems with PMTUD in IPv6. It aims to determine the > prevalence of PMTUD failure in IPv6 by running tests to a large number > of IPv6-enabled web servers on the Internet. > > As part of my investigation, I have written a module for scamper [3] > (an > Internet measurement tool created by Matthew) that can be used to > determine whether PMTUD for a given web server is successful. It is > based on the the IPv4 PMTUD test used by tbit [4]. I won't bore you > with > the exact details of the algorithm, but the general idea is: > > Establish a connection to the web server and make an HTTP request > for a > specific object. Do not acknowledge the response. Instead, send an > ICMPv6 Packet Too Big (PTB) message asking it to reduce the size of > its > packets to 1280 bytes. If the web server retransmits the HTTP response > using a smaller packet size, conclude that PMTUD was successful. > Otherwise if the retransmitted response packet is not smaller than the > original, retransmit the PTB message. If after two retransmissions > (three PTB messages) the server still hasn't reduced the size of its > HTTP response packet, conclude that PMTUD failed. > > The test halts if the original response packet is not larger than 1280 > bytes (the MTU specified in the PTB message). I can't specify a MTU > smaller than this because most hosts will ignore an MTU smaller than > 1280 bytes (the IPv6 Minimum Path MTU [5]). > > A test to a particular host will result in one of: > > RESULT_PMTUD_SUCCESS > The server successfully completed PMTUD. A smaller HTTP response > packet > was received from the server after sending it a PTB message. > > RESULT_PMTUD_FAIL > The server failed to complete PMTUD as we did not receive a smaller > response from it. The PTB messages are probably being filtered. > > RESULT_RX_TOOSMALL > The response packet was too small to be able to continue the test. It > must be at least 1281 bytes in size. > > RESULT_RX_NOACK > Did not receive an acknowledgement for the HTTP request. > > RESULT_RX_NODATA > The HTTP request was acknowledged, but no HTTP response was received. > > RESULT_TCP_RST > A TCP reset segment was received before the test could complete. > > RESULT_TCP_ERROR > Unexpected packet received in response to the HTTP request. > > RESULT_TCP_NOCONN > Failed to establish a TCP connection to the web server. > > Test Setup: > > I run the tests from a FreeBSD 7.2 box that sits in the lounge of my > flat. It has IPv6 connectivity using 6to4 and the tunnel interface on > our gateway box has an MTU of 1480 bytes. > > Test Parameters: > > An MSS of 1221 is advertised to avoid the effect of tunnels earlier in > the reverse path as much as possible. For reasons mentioned above, a > 1280 byte MTU is specified in the PTB message. > > Test Input: > > The list of IPv6 web servers was derived from the Alexa Top 1 Million > Websites list [6]. Of these 1 million domains, only 627 had globally > routable IPv6 addresses that could be connected to on port 80 (sad > eh?). > A script searched each of these for a URL to an object that was at > least > 1221 bytes in size. A request for such an object will hopefully result > in a large enough HTTP response packet. > > Test Results: > > Frequency of each result > > 371 PMTUD_SUCCESS > 214 RX_TOOSMALL > 22 RX_NODATA > 13 TCP_NOCONN > 9 PMTUD_FAIL > 5 TCP_RST > 2 RX_NOACK > 1 TCP_ERROR > > > In addition to the outright failures (PMTUD_FAILs), we believe that > the > results RX_NODATA and RX_NOACK also indicate PMTUD failure. They could > result when the server's HTTP response packets are discarded somewhere > along the path for being too big and the server never learns that this > is occurring (and neither do we). The server's response packets are > disappearing into a PMTU black hole. > > A large number of hosts send HTTP response packets that are too small > (RX_TOOSMALL). Some of these could actually indicate PMTUD success in > the presence of 1280 byte tunnels. I will look into this further. > > > Frequency of advertised MSS values > > 458 mss=1440 > 60 mss=1220 > 47 mss=1221 (the remote TCP echoing our advertised MSS) > 33 mss=1420 > 13 mss=1380 > 10 mss=0 (did not receive a SYN from the web server) > 2 mss=8940 > 2 mss=1410 > 2 mss=1300 > 1 mss=65455 > 1 mss=33160 > 1 mss=1460 > 1 mss=1436 > 1 mss=1432 > 1 mss=1416 > 1 mss=1412 > 1 mss=1374 > 1 mss=1370 > 1 mss=1340 > > > The vast majority of hosts advertised a 1440 byte MSS. We suspect that > the 1220 byte MSSs are from hosts that have been explicitly configured > with 1280 byte MTUs and had their PMTUD disabled so as to avoid the > ICMP > filtering problem. > > My current university project is almost complete, but in the Summer I > would like to continue my investigation into IPv6 PMTUD. Can any of > you > recommend another application layer protocol (preferably a simple one > like HTTP) that my PMTUD test could support in the future? Bittorrent > could be a good one (what do you think Nathan?). Is there anything > else > that you would be interested in me finding out? > > Questions and comments are most welcome. > > Cheers > Ben Stasiewicz > > [1] http://cidr-report.org/ispcol/2009-01/mtu6.html > > [2] > http://listserver.internetnz.net.nz/pipermail/ipv6-techsig/2009-February/000234.html > > [3] http://www.wand.net.nz/scamper/ > > [4] http://www.icir.org/mallman/papers/tcp-evo-ccr05.ps > > [5] http://www.ietf.org/rfc/rfc2460.txt > > [6] http://s3.amazonaws.com/alexa-static/top-1m.csv.zip > _______________________________________________ > IPv6-techsig mailing list > IPv6-techsig at listserver.internetnz.net.nz > http://listserver.internetnz.net.nz/mailman/listinfo/ipv6-techsig
- Previous message (by thread): [ipv6-wg] On deploying IPv6 for consumers..
- Next message (by thread): [ipv6-wg] Proposal to Remove Routing Requirements from the IPv6 Address Allocation Policy Implemented
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ ipv6-wg Archives ]