Nice work Mark! It only started for me about a week ago. I've had my HE tunnel for years. I wonder if they just enabled IPv6 service to that particular web property, or if they made a recent config change. Anyways, I wonder if someone from Google reads the outages list, or if NANOG should be CC'd to get their attention. On Sat, Nov 8, 2014 at 11:26 AM, Mark Kamichoff via Outages < outages@outages.org> wrote:
On Sat, Nov 08, 2014 at 08:07:56AM -0500, Stephen Frost via Outages wrote:
I've been having issues w/ google IPv6 (more-or-less all services operating over 80/443 have been really bad, though imap/993 has had issues also) for at least 18 hours from a SixXS tunnel which terminates in Ashburn.
"me too" (I'm in Seattle, USA)
I've narrowed down this issue to Google ignoring ICMPv6 PTBs. It sometimes works sporadically for me, though. Here's an example w/some tcpdumps:
http://www.prolixium.com/share/txt/google-ipv6-pmtud-fail.txt
Relevant lines are the following:
13:51:34.046171 IP6 2001:48c8:1:2::2 > 2607:f8b0:4005:802::1006: ICMP6, packet too big, mtu 1280, length 1240 13:51:34.562579 IP6 2607:f8b0:4005:802::1006.443 > 2001:48c8:1:105:21c:c0ff:feb2:8dbd.33936: Flags [.], seq 1:1429, ack 279, win 232, options [nop,nop,TS val 3392471676 ecr 756572814], length 1428
Google never lowers the packet length and so the connection times out. As others have mentioned, this only really affects tunneled users.
I've seen other organizations break this over the years but I never thought Google would make the list..
- Mark
-- Mark Kamichoff prox@prolixium.com http://www.prolixium.com/
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages