From owner-freebsd-net@FreeBSD.ORG  Sun Feb  6 13:05:08 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9D8641065672
	for <freebsd-net@freebsd.org>; Sun,  6 Feb 2011 13:05:08 +0000 (UTC)
	(envelope-from bzeeb-lists@lists.zabbadoz.net)
Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3])
	by mx1.freebsd.org (Postfix) with ESMTP id 2C9728FC16
	for <freebsd-net@freebsd.org>; Sun,  6 Feb 2011 13:05:08 +0000 (UTC)
Received: from localhost (amavis.fra.cksoft.de [192.168.74.71])
	by mail.cksoft.de (Postfix) with ESMTP id 8721E41C64A;
	Sun,  6 Feb 2011 14:05:06 +0100 (CET)
X-Virus-Scanned: amavisd-new at cksoft.de
Received: from mail.cksoft.de ([192.168.74.103])
	by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new,
	port 10024)
	with ESMTP id xyATl7yQv8eU; Sun,  6 Feb 2011 14:05:05 +0100 (CET)
Received: by mail.cksoft.de (Postfix, from userid 66)
	id A90D041C679; Sun,  6 Feb 2011 14:05:05 +0100 (CET)
Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net
	[10.111.66.10])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.int.zabbadoz.net (Postfix) with ESMTP id B8CF14448F3;
	Sun,  6 Feb 2011 13:03:40 +0000 (UTC)
Date: Sun, 6 Feb 2011 13:03:40 +0000 (UTC)
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
X-X-Sender: bz@maildrop.int.zabbadoz.net
To: Mike Tancsa <mike@sentex.net>
In-Reply-To: <4D4E799A.50902@sentex.net>
Message-ID: <20110206130139.B80258@maildrop.int.zabbadoz.net>
References: <alpine.BSF.2.00.1102052005340.16359@goat.gigo.com>
	<4D4E799A.50902@sentex.net>
X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-net@freebsd.org, Jason Fesler <jfesler@gigo.com>
Subject: Re: MSS rewrite / MSS clamping?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Feb 2011 13:05:08 -0000

On Sun, 6 Feb 2011, Mike Tancsa wrote:

> On 2/5/2011 11:07 PM, Jason Fesler wrote:
>> I'm in search of MSS clamping for FreeBSD servers; in particular, for
>> IPv6.  I'm finding pretty much nothing (except iptables..) on the net.
>
> Hi,
> 	I am curious as to where you would be running into MTU issues on IPv6
> where you would need to manually compensate ? Broken tunnel providers ?

ICMP is bad and so filtering ICMPv6 must be good?  Right?  Even
vendors selling firewalls do it to their own webserver.

MSS clamping is a bad workaround for broken PMTU, and the real answer
really is, get the paths fixed!

Ther alternative I occactionally do is a destination route with a
lower MTU but you cannot go endlessly down with IPv6 as there's the
minimum.

-- 
Bjoern A. Zeeb                                 You have to have visions!
          Stop bit received. Insert coin for new address family.