From owner-freebsd-net@FreeBSD.ORG Thu May 14 21:42:38 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 25DE01065674 for ; Thu, 14 May 2009 21:42:38 +0000 (UTC) (envelope-from oberman@es.net) Received: from mailgw.es.net (mail4.es.net [IPv6:2001:400:6000:6::2]) by mx1.freebsd.org (Postfix) with ESMTP id D31BD8FC1F for ; Thu, 14 May 2009 21:42:37 +0000 (UTC) (envelope-from oberman@es.net) Received: from ptavv.es.net (ptavv.es.net [IPv6:2001:400:910::29]) by mailgw.es.net (8.14.3/8.14.3) with ESMTP id n4ELgZxG009386 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 14 May 2009 14:42:36 -0700 Received: from ptavv.es.net (ptavv.es.net [127.0.0.1]) by ptavv.es.net (Tachyon Server) with ESMTP id B09701CC12 for ; Thu, 14 May 2009 14:42:35 -0700 (PDT) To: freebsd-net@freebsd.org Date: Thu, 14 May 2009 14:42:35 -0700 From: "Kevin Oberman" Message-Id: <20090514214235.B09701CC12@ptavv.es.net> Subject: IPv6 fragmentation weirdness X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2009 21:42:38 -0000 I have recently noticed problems with data transfers via IPv6. Attempt to fetch files from dome sites was hanging as soon as the data started to flow. Felt like an MTU issue, so I tried sending various sizes of ICMP echo (ping) packets and discovered that I could not send a packet of over 1280 bytes. (ping6 -s 1232) If I disabled kernel fragmentation (-m), I could use packets up to the MTU of my interface (1500 bytes). The path is entirely native IPv6. No tunnels. All should allow full 1500 byte packets. I then captured the ICMP and discovered that the kernel was fragmenting all of them! Worse, the fragment was sent out before the ICMP! What the heck is going on! Thread synchronization? When I captured the packets (via tcpdump -s0 -w file host ftp.funet.fi), the first things captured is an IPv6 fragment of 72 bytes. 3 microseconds later, I get the ICMP6 packet of 1294 bytes. This pattern is consistent over repeated packets. This was with -s 1234 for a total ICMPv6 size of 1282. First, why is the kernel fragmenting this at all as it fits in the interface MTU? Second, why the heck is the fragment going out first? This should be OK, but I suspect many firewalls (which are often not happy with fragments) are not likely to pass a fragment which precedes the initial frame. Can anyone fetch anything from ftp.funet.fi via IPv6? I suspect it is something in the path that is blocking my traffic, so others may not see this, but I think the root issues is the kernel fragmenting packets way below MTU size. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751