Problems accessing community.kde.org with non-1500 mtu connection

Ben Cooksley bcooksley at kde.org
Sat May 4 08:52:58 BST 2019


On Fri, May 3, 2019 at 12:06 AM Fabian Bläse <fabian at blaese.de> wrote:
>
> Hi Ben,

Hi Fabian,

>
> On 01.05.19 09:48, Ben Cooksley wrote:
> > I've investigated this issue, and it appears that our Web Application
> > Firewall service provider's systems block abnormally sized pings (with
> > IPv4 at least)
> > Therefore it would seem we'll need to take a different tack to
> > investigating this issue
> I've mainly tested IPv6.
> The server does send correct replies to my big-sized IPv6 ping as can be seen in the previously attached tcpdump.
> However they don't get fragmented correctly (according to the mtu sent inside the packet too big icmp) by your server.

I see.

>
> > Would you mind describing the access issues you're having with
> > community.kde.org, and confirming whether this issue also affects
> > sites such as dot.kde.org, forum.kde.org and krita.org? If it does,
> > can you confirm that labplot.kde.org isn't affected?
> I've got the same problems as Tobias.
>
> The network in question is 2a0b:f4c0::/32 (2a0b:f4c0::/40 in particular).
> The MTU can vary due to different tunnel protocols used. The most commonly used MTUs are 1448 and 1420.
> The ISP is F3 Netze e.V. (which is ourselves)
>
> My own client is located inside 2a0b:f4c0:c8:6d::/64 however this problem seems to occur for the whole network.
>
> I've also tested a different network (2a06:e881:3400::/44, icmp packet too big gets issued by 2a03:3f40:32::5165 there) and it seems to be broken there as well.

Okay. This is a rather strange issue as we've not seen any other
reports of people having issues accessing our sites, which I would
expect to receive if people were having issues with IPv4. My own
ability to do local testing is limited unfortunately, but I can
confirm my connection's MTU for IPv4 is most definitely less than 1500
and has no issue accessing the affected sites.

Would you mind testing against our providers site, Imperva.com?

As you're an ISP it might be easier to put you in direct contact with
them as chances are their entire network is affected.

>
> Fabian
>
>
>

Cheers,
Ben


More information about the kde-www mailing list