<div dir="auto"><div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, 24 Jun 2019, 04:03 Fabian Bläse, <<a href="mailto:fabian@blaese.de">fabian@blaese.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hey Ben,<br></blockquote></div></div><div dir="auto"><br></div><div dir="auto">Hi Fabian,</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Imperva Cloud Application Security Support has responded to my last mail:<br>
> At the moment, we do not support PMTU. <br>
> Our networking team is working on implementing PMTU support for several months now. We only have an approximate ETA, it should be implemented sometimes in Q3.<br>
> We will keep you updated with the team's progress.<br>
<br>
Because IPv6 does not support fragmentation that means that their IPv6 support is fundamentally broken at the moment.<br>
Let's hope that they get this fixed soon.</blockquote></div></div><div dir="auto"><br></div><div dir="auto">Thanks for sending through their response. Historically the timelines they've provided have been pretty accurate, so sounds like this will be fixed sometime in the next few months.</div><div dir="auto"><br></div><div dir="auto">Until then there isn't much we can do unfortunately. </div><div dir="auto"><br></div><div dir="auto">They'll likely inform you when they roll-out the fix (they did in my case when they fixed a different IPv6 issue I had reported following several user complaints which I had managed to reproduce)</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Due to most browsers quick fallback to IPv4, it should be possible to access your sites from all networks which still have IPv4 enabled. (If the IPv6 connections fails)<br>
We already have some (a tiny minority at the moment) IPv6 only networks which make use of NAT64/DNS64 however. In that scenario it might be possible that sites with broken PMTU are inaccessible.<br>
<br>
If you need any further information to debug this issue, just ask.<br>
I'll happily provide any information that helps fixing this issue.<br></blockquote></div></div><div dir="auto"><br></div><div dir="auto">Duly noted. </div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Best regards,<br>
Fabian<br></blockquote></div></div><div dir="auto"><br></div><div dir="auto">Thanks,</div><div dir="auto">Ben</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
On 23.06.19 10:29, Ben Cooksley wrote:<br>
> On Sat, Jun 22, 2019 at 10:05 PM Fabian Bläse <<a href="mailto:fabian@blaese.de" target="_blank" rel="noreferrer">fabian@blaese.de</a>> wrote:<br>
>><br>
>> Hey Ben,<br>
> <br>
> Hi Fabian,<br>
> <br>
>><br>
>> sorry for the delay, I've been busy as well.<br>
>><br>
>> Due to their enterprise-foo security rules, they seem to not be interested in this problem.<br>
>> I'm sorry that I don't have the time to discuss this with them any further.<br>
> <br>
> No worries. Their network setups have proven very unusual at times yes.<br>
> <br>
> I assume our services protected by them are still accessible normally<br>
> over IPv4 from your networks?<br>
> <br>
>><br>
>> You might want to check if any firewalls are active on your services (if that is configurable) that might block ICMP(v6) messages.<br>
>> If not it looks like you have to contact them on your own. :-(<br>
> <br>
> Our systems don't have any such firewalls so those shouldn't be an issue.<br>
> <br>
> Chances are they'll request additional information (such as packet<br>
> captures) to diagnose the issue. Will you be in a position to provide<br>
> these if needed?<br>
> <br>
>><br>
>> Regards,<br>
>> Fabian<br>
> <br>
> Cheers,<br>
> Ben<br>
<br>
</blockquote></div></div></div>