ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms

[marka at isc.org (Mark Andrews)]

> On 5 Mar 2019, at 6:06 am, Saku Ytti <saku at ytti.fi> wrote:
> 
> Hey Jean,
> 
>>    I confess using IPv6 behind a 6in4 tunnel because the "Business-Class" service
>>    of the concerned operator doesn't handle IPv6 yet.
>> 
>>    as such, I realised that, as far as I can figure, ICMPv6 packet "too-big" (rfc 4443)
>>    seem to be ignored or filtered at ~60% of ClouFlare's http farms
> 
> Might be related to this:
> https://blog.cloudflare.com/path-mtu-discovery-in-practice/
> 
> If you run ECMP then the hash algorithms make no guarantees ICMP
> messages generated by transit devices reach the correct host.


Then Cloudflare should negotiate MSSâ??s that donâ??t generate PTBâ??s if
they have installed broken ECMP devices.  The simplest way to do that
is to set the interface MTUs to 1280 on all the servers.  Why should
the rest of the world have to put up with their inability to purchase
devices that work with RFC compliant data streams.

Mark

> -- 
>  ++ytti

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org