Problems accessing community.kde.org with non-1500 mtu connection
Fabian Bläse
fabian at blaese.de
Sat Jun 22 11:05:30 BST 2019
Hey Ben,
sorry for the delay, I've been busy as well.
Due to their enterprise-foo security rules, they seem to not be interested in this problem.
I'm sorry that I don't have the time to discuss this with them any further.
You might want to check if any firewalls are active on your services (if that is configurable) that might block ICMP(v6) messages.
If not it looks like you have to contact them on your own. :-(
Regards,
Fabian
On 17.05.19 23:48, Ben Cooksley wrote:
> On Sun, May 5, 2019 at 8:22 AM Fabian Bläse <fabian at blaese.de> wrote:
>>
>> Hi,
>
> Hi Fabian,
>
>>
>> On 04.05.19 09:52, Ben Cooksley wrote:
>>> Okay. This is a rather strange issue as we've not seen any other
>>> reports of people having issues accessing our sites, which I would
>>> expect to receive if people were having issues with IPv4. My own
>>> ability to do local testing is limited unfortunately, but I can
>>> confirm my connection's MTU for IPv4 is most definitely less than 1500
>>> and has no issue accessing the affected sites.
>> For IPv4 this might be hidden by the fact, that mss clamping (dirty hack, only works for TCP) is done pretty much everywhere with smaller-than 1500 mtu.
>> Even some really big companies like ubiquiti (who even make routers..) screw up the behaviour with icmp packet too big messages with IPv4 on their websites.
>>
>> With IPv6 Path MTU Discovery gets far more important however, because it does not allow fragmentation on router level.
>>
>>> Would you mind testing against our providers site, Imperva.com?
>> I can't verify the behaviour for that site, because it isn't even connected to the (non-legacy, ipv6) internet.. (doesn't have an AAAA record)
>> Jokes aside, it probably has the same issues.
>> But because, as you already noticed, pings with big payload get dropped, I can't investigate this further (because, due to broken PMTUD on many sites, we have mss clamping active for IPv4)
>>
>>> As you're an ISP it might be easier to put you in direct contact with
>>> them as chances are their entire network is affected.
>> If you want I can contact them directly.
>
> If you could contact them directly I think that probably would be the
> fastest way to get a resolution on this (otherwise they'll respond to
> me, then i'll forward it on to you, which will just delay things). If
> you need details to contact them please let me know.
>
> Sorry for taking so long to get back to you on this - things have been
> quite busy lately.
>
>>
>> Fabian
>>
>
> Cheers,
> Ben
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mail.kde.org/pipermail/kde-www/attachments/20190622/6914d24f/attachment.sig>
More information about the kde-www
mailing list