• enabling net.ipv4.tcp_mtu_probing=2 on Debian servers

    From Michael Richardson@21:1/5 to All on Tue Sep 19 23:50:02 2017
    I use an IPsec tunnel from my laptop to get IPv6 in coffee shops, etc.
    In IPv4 land, there are "hacks" to get around the ICMP loss problem, but they don't work (by design) in IPv6.

    There are bugs in the kernel which I have yet to properly dignose which means that some v6 ICMP too big messages are not sent when the packet comes in
    on "eth0" and goes out again on eth0 (but, encrypted, see).
    But regardless, ICMPs get filtered in IPv6 out there, and I don't believe
    that they will really ever get through.

    Since the rfc4821 was published ten years ago, the Linux kernel has had an option:

    which enabled RFC4821 on TCP connections. This solves the problem, but annoyingly, it needs to be enabled in each direction. Why it never got
    enabled by default back in 2007, I have yet to learn. I suspect cautionary principle, followed by a lack of lobby, and lack of real life data to support that is causes no harm.

    I argued the point (unsuccessfully) that PLPMTU should be the default in RFC8200 (STD97), although RFC8201 does mention it, there is no clear recommendation at this point, the lack of data is the cause.

    Ideally, I'd like help lobbying to make this the default in the kernel, but
    to do that, I think we need data. This email is BCC'ed to some Google people (including Matt Mathis) who I keep bugging to turn this on for Google
    front-end servers (or enough to get some statistics to argue for doing it for all of them)

    But, this email is to see if IPv6 enthusiasts would help get it turned on for Debian servers, and later on by default in Debian's default kernels. I'm not sure if there is a process/proceedure for proposing such a tuning change, but I'm hoping that IPv6 enthusiasts here can educate me on the political process involved.

    ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [


    iQEzBAEBCAAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAlnBf2wACgkQgItw+93Q 3WUA6Qf8DLnv1IyWtFd5tW3gyriiM+czUwykQT52PCjn7yXAoMu/n7EImBRDsLKu UTAbByhtsnPCjY2aeMMAKPzhrPWaGpKm6wgO9aUaL4UyBbUbgBPRNK/EWaCtc2xl v61iarXdh9Yp39BBxWeQdyz0EJncECSkt8MlISGz+8vosbVrP/3C69+6BJYcp43Z 6jxOv9Uh2K2ZdTZPuLSNw90vzaQWCrbNq5BGhFWManAIQd47rC4rfzn+KTnd2A+Q rL0pmvTLqHqD0VO9Y1SlzVWdxGdCDtCpE8/ahBrBJ5yt7EgbW/SpwiX8jn51Dvs3 XPqn+dHaP9xm16lAboRiaCd3ohCCkw==
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)