SixXS::Sunset 2017-06-06

Diagnosing odd connection issue
[gb] Shadow Hawkins on Sunday, 11 May 2014 21:56:43
I have noticed that a few IPv6 enabled websites fail to load for me, despite my IPv6 functioning correctly. One in particular is www.citrix.com and I can't understand why... www.citrix.com is an alias for www.gslb.citrix.com. www.gslb.citrix.com has address 66.165.176.15 www.gslb.citrix.com has IPv6 address 2001:4868:10c:3::15 From my Linux server (where the tunnel is terminated) or from another server with a HE tunnel, I can run curl -6 www.citrix.com and it correctly returns the page, but running the same on my computer fails. Looking at Wireshark I can see my computer (using either Curl, Firefox or Chrome) sends the HTTP GET request, which the server ACK's... but no more data is ever received! If I block the IPv6 address in the firewall, forcing IPv4 it loads fine from all computers. Can anyone point me in the right direction?
Diagnosing odd connection issue
[ch] Jeroen Massar SixXS Staff on Sunday, 11 May 2014 22:22:22
First step: tracepath6 <destination> All hops should return a ICMP reply: $ tracepath6 2001:4868:10c:3::15 1?: [LOCALHOST] 0.123ms pmtu 1500 .. 8: g1-9.br2.ams.terremark.net 115.306ms asymm 19 9: 2001:4868:0:8000::266 118.937ms asymm 14 10: 2001:4868:0:8000::261 116.544ms asymm 17 11: 2001:4868:0:8000::c5 118.971ms asymm 15 12: 2001:4868:0:8000::39 150.472ms asymm 13 13: 2001:4868:0:8000::12 150.574ms asymm 15 14: 2001:4868:100:2::a 148.595ms asymm 16 15: no reply 16: no reply 17: no reply 18: no reply Well, what do you know. Some people still do not know what Path MTU discovery is.... http://www.gossamer-threads.com/lists/nsp/ipv6/31159 Yep, reported before, clearly they do not understand that filtering ICMPv6 is a bad idea...
Diagnosing odd connection issue
[gb] Shadow Hawkins on Monday, 12 May 2014 13:19:41
Okay... so the pMTU issue that is still present would be the cause of this... and why it works via my HE.net tunnel (from an AWS server) as it has a tunnel mtu of 1480 So unless citrix (or their webhosts) fix the issue all that can be done is to block the IPv6 address in the firewall, forcing an IPv4 connection?
Diagnosing odd connection issue
[ch] Jeroen Massar SixXS Staff on Monday, 12 May 2014 13:31:52
Okay... so the pMTU issue that is still present would be the cause of this...
Most very likely.
and why it works via my HE.net tunnel (from an AWS server) as it has a tunnel mtu of 1480
It is unknown what setup the Citrix folks use, but indeed, according to other folks they seem to use 1480 sized packets themselves.
So unless citrix (or their webhosts) fix the issue all that can be done is to block the IPv6 address in the firewall, forcing an IPv4 connection?
Correct. Vote with your money! ;)
Diagnosing odd connection issue
[gb] Shadow Hawkins on Monday, 12 May 2014 15:41:29
Jeroen Massar wrote:
> So unless citrix (or their webhosts) fix the issue all that can be done is to block the IPv6 address in the firewall, forcing an IPv4 connection? Correct.
Thankyou for the clarification... at least I know it's not a problem at my end.
Vote with your money! ;)
Indeed, that would be good idea... unfortunately they weren't going to be getting any money form me anyway... only need XenServer for a home lab! Whilst on the discussion of MTU's I was wondering about the tunnel MTU, after reading FAQ - MTU and was wondering what the best way was of calculating a suitable MTU (other than just using the default). Running tracepath gblon02.sixxs.net I get a pMTU of 1458, would I subtract the 72 from that?
Diagnosing odd connection issue
[ch] Jeroen Massar SixXS Staff on Monday, 12 May 2014 15:51:38
Running tracepath gblon02.sixxs.net I get a pMTU of 1458, would I subtract the 72 from that?
For AYIYA that would be correct. Do note that if the IPv4 Path MTU changes you'll have to update that, hence be aware of that.

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker