IPv6 MTU issue

IPv6中间的路由器不会对过通的IPv6报文进行分片,分片只会在源节点进行。

中间的防火墙可能会阻止ICMP too big的报文,导致源端无法获知MTU失效。

Since modern networks use MTUs of 1500 bytes or larger, they raised the IPv4 MTU minimum of 576 bytes to 1500 bytes for IPv6.

 IPv6 hosts will accept a Path MTU that is as low as 1280 bytes, but not necessarily smaller.

Path MTU historically depends on an ICMP/ICMPv6 Packet Too Big message from the system that discards a datagram because it is too large for the next link. 

There is a newer proposal in RFC 4821 that tries various packet sizes to see what works; that helps, but isn’t yet widely implemented.

Do not filter out ICMPv6 Packet Too Big or Destination Unreachable messages, and while you might rate-limit them, do not configure routers to not send them, nor your hosts not to accept them. They enable the network to inform the transport of issues, and as a result, to work around them. More generally, RFC 4890 contains “Recommendations for Filtering ICMPv6 Messages in Firewalls,” which includes filters in the network and those in hosts.

 

From <https://blogs.cisco.com/enterprise/ipv6-mtu-gotchas-and-other-icmp-issues>

 

RFC8200
IPv6 requires that every link in the Internet have an MTU of 1280
octets or greater. This is known as the IPv6 minimum link MTU. On
any link that cannot convey a 1280-octet packet in one piece, link-
specific fragmentation and reassembly must be provided at a layer
below IPv6.

MTU:链路上最小的报文大小,如果报文小于这个值就无法发送。(直接丢弃还是自动补足?)路由器收到大于MTU的报文直接丢弃,并返回ICMPv6 Packet Too Big消息。源节点必须对报文进行分片或者减小报文的长度。
IPv4和IPv6区别:
1. IPv4最小MTU=576bytes,IPv6最小MTU=1280bytes。
2. IPv4的源节点和中间路由器都能对报文进行分片。而IPv6只有源节点才能对报文分片。(是否以及如何获知整条链路的最小MTU?)和IPv4一样的是重组只在目的节点进行。
3. 使用ICMPv6消息报告报文超长。
4. 重新定义了Path MTU Discovery。(具体细节要明确)(RFC1981)(RFC8201)Path MTU Discovery is a good feature, but it is static. It requires that hosts keep track of MTUs for different routes, and update them regularly.
5. IPv4报头里面有fragment字段,IPv6去除了这个字段,添加了fragment扩展报头。

posted @ 2018-09-08 09:20  Analylx  阅读(1852)  评论(0编辑  收藏  举报