ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms

[marka at isc.org (Mark Andrews)]

> On 5 Mar 2019, at 5:18 pm, Mark Tinka <mark.tinka at seacom.mu> wrote:
> 
> 
> 
> On 5/Mar/19 00:25, Mark Andrews wrote:
> 
>> 
>> Then Cloudflare should negotiate MSSâ??s that donâ??t generate PTBâ??s if
>> they have installed broken ECMP devices.  The simplest way to do that
>> is to set the interface MTUs to 1280 on all the servers.  Why should
>> the rest of the world have to put up with their inability to purchase
>> devices that work with RFC compliant data streams.
> 
> I've had this issue with cdnjs.cloudflare.com for the longest time at my
> house. But as some of you may recall, my little unwanted TCP MSS hack
> for IPv6 last weekend fixed that issue for me.
> 
> Not ideal, and I so wish IPv6 would work as designed, butâ?¦

It does work as designed except when crap middleware is added.  ECMP
should be using the flow label with IPv6.  It has the advantage that
it works for non-0-offset fragments as well as 0-offset fragments and
also works for transports other than TCP and UDP.  This isnâ??t a protocol
failure.  It is shitty implementations.

> Mark.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org