Problems accessing community.kde.org with non-1500 mtu connection

Fabian Bläse fabian at blaese.de
Fri Oct 4 12:42:38 BST 2019 

Hey there,

just a quick status report (as whe have Q4 now):
PMTU is still broken with services at Imperva. I have reminded them about this issue.

community.kde.org ist therefore still unreachable in networks with MTUs smaller then 1500.

You can check if the issue still exists on this site: https://ipv6alizer.se?address=https://community.kde.org

Regards,
Fabian

On 23.06.19 21:24, Ben Cooksley wrote:
> On Mon, 24 Jun 2019, 04:03 Fabian Bläse, <fabian at blaese.de <mailto:fabian at blaese.de>> wrote:
> 
>     Hey Ben,
> 
> 
> Hi Fabian,
> 
> 
>     Imperva Cloud Application Security Support has responded to my last mail:
>     > At the moment, we do not support PMTU.
>     > Our networking team is working on implementing PMTU support for several months now. We only have an approximate ETA, it should be implemented sometimes in Q3.
>     > We will keep you updated with the team's progress.
> 
>     Because IPv6 does not support fragmentation that means that their IPv6 support is fundamentally broken at the moment.
>     Let's hope that they get this fixed soon.
> 
> 
> Thanks for sending through their response. Historically the timelines they've provided have been pretty accurate, so sounds like this will be fixed sometime in the next few months.
> 
> Until then there isn't much we can do unfortunately. 
> 
> They'll likely inform you when they roll-out the fix (they did in my case when they fixed a different IPv6 issue I had reported following several user complaints which I had managed to reproduce)
> 
> 
>     Due to most browsers quick fallback to IPv4, it should be possible to access your sites from all networks which still have IPv4 enabled. (If the IPv6 connections fails)
>     We already have some (a tiny minority at the moment) IPv6 only networks which make use of NAT64/DNS64 however. In that scenario it might be possible that sites with broken PMTU are inaccessible.
> 
>     If you need any further information to debug this issue, just ask.
>     I'll happily provide any information that helps fixing this issue.
> 
> 
> Duly noted. 
> 
> 
>     Best regards,
>     Fabian
> 
> 
> Thanks,
> Ben
> 
> 
> 
>     On 23.06.19 10:29, Ben Cooksley wrote:
>     > On Sat, Jun 22, 2019 at 10:05 PM Fabian Bläse <fabian at blaese.de <mailto:fabian at blaese.de>> wrote:
>     >>
>     >> Hey Ben,
>     >
>     > Hi Fabian,
>     >
>     >>
>     >> sorry for the delay, I've been busy as well.
>     >>
>     >> Due to their enterprise-foo security rules, they seem to not be interested in this problem.
>     >> I'm sorry that I don't have the time to discuss this with them any further.
>     >
>     > No worries. Their network setups have proven very unusual at times yes.
>     >
>     > I assume our services protected by them are still accessible normally
>     > over IPv4 from your networks?
>     >
>     >>
>     >> You might want to check if any firewalls are active on your services (if that is configurable) that might block ICMP(v6) messages.
>     >> If not it looks like you have to contact them on your own. :-(
>     >
>     > Our systems don't have any such firewalls so those shouldn't be an issue.
>     >
>     > Chances are they'll request additional information (such as packet
>     > captures) to diagnose the issue. Will you be in a position to provide
>     > these if needed?
>     >
>     >>
>     >> Regards,
>     >> Fabian
>     >
>     > Cheers,
>     > Ben
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mail.kde.org/pipermail/kde-www/attachments/20191004/84ca673c/attachment.sig>

More information about the kde-www mailing list