Path MTU Discovery for IP version 6 with the BIG-IP LTM

We run a virtual machine F5 BIG-IP LTM VE with an IPv6 Gateway module. We do not have a native IPv6 connectivity yet. So we have an 6in4 tunnel (MTU =1480) setup on a Cisco Router.

 

 

More about the product :

 

License Type Evaluation Licensed Date May 25, 2011 License Expiration Date Aug 24, 2011 Active Modules

 

• BIG-IP VE Trial

 

o ADD IPV6 GATEWAY

 

o ADD RATE SHAPING

 

o ADD RAMCACHE

 

o 50 MBPS COMPRESSION

 

o SSL 500 TPS Per Core

 

We are facing an issue with packets larger than 1432 bytes are send to the LTM from the Internet. When icmpv6 echo are send the icmp reply from LTM doesn’t come back.

 

 

fronsac:~$ ping6 ipv6.sigma.fr -s 1432

 

PING ipv6.sigma.fr(2001:470:caa8:1082::149) 1432 data bytes

 

1440 bytes from 2001:470:caa8:1082::149: icmp_seq=1 ttl=44 time=28.5 ms

 

1440 bytes from 2001:470:caa8:1082::149: icmp_seq=2 ttl=44 time=28.9 ms

 

^C

 

--- ipv6.sigma.fr ping statistics ---

 

2 packets transmitted, 2 received, 0% packet loss, time 1004ms

 

rtt min/avg/max/mdev = 28.551/28.749/28.948/0.261 ms

 

 

fronsac:~$ ping6 ipv6.sigma.fr -s 1433

 

PING ipv6.sigma.fr(2001:470:caa8:1082::149) 1433 data bytes

 

^C

 

--- ipv6.sigma.fr ping statistics ---

 

4 packets transmitted, 0 received, 100% packet loss, time 3013ms

 

 

I tried also with the self adress :

 

lboue@fronsac:~$ ping6 -s 1500 2001:470:CAA8:1565::10 -s 1432

 

PING 2001:470:CAA8:1565::10(2001:470:caa8:1565::10) 1432 data bytes

 

1440 bytes from 2001:470:caa8:1565::10: icmp_seq=1 ttl=44 time=28.4 ms

 

^C

 

--- 2001:470:CAA8:1565::10 ping statistics ---

 

1 packets transmitted, 1 received, 0% packet loss, time 0ms

 

rtt min/avg/max/mdev = 28.426/28.426/28.426/0.000 ms

 

lboue@fronsac:~$ ping6 -s 1500 2001:470:CAA8:1565::10 -s 1433

 

PING 2001:470:CAA8:1565::10(2001:470:caa8:1565::10) 1433 data bytes

 

 

If I ping an linux host in the same subnet it works :

 

lboue@fronsac:~$ ping6 -s 1500 2001:470:CAA8:1565::11 -s 1433

 

PING 2001:470:CAA8:1565::11(2001:470:caa8:1565::11) 1433 data bytes

 

From 2001:470:0:7b::2 icmp_seq=1 Packet too big: mtu=1480

 

1441 bytes from 2001:470:caa8:1565::11: icmp_seq=3 ttl=54 time=28.8 ms

 

1441 bytes from 2001:470:caa8:1565::11: icmp_seq=4 ttl=54 time=28.9 ms

 

1441 bytes from 2001:470:caa8:1565::11: icmp_seq=5 ttl=54 time=29.3 ms

 

^C

 

 

When I set manually the MTU to 1480 from the web interface, it works :

 

fronsac:~$ ping6 ipv6.sigma.fr -s 1433

 

PING ipv6.sigma.fr(2001:470:caa8:1082::149) 1433 data bytes

 

From gige-gbge0.tserv10.par1.ipv6.he.net icmp_seq=1 Packet too big: mtu=1480

 

1441 bytes from 2001:470:caa8:1082::149: icmp_seq=2 ttl=44 time=29.7 ms

 

1441 bytes from 2001:470:caa8:1082::149: icmp_seq=3 ttl=44 time=29.7 ms

 

1441 bytes from 2001:470:caa8:1082::149: icmp_seq=4 ttl=44 time=28.9 ms

 

1441 bytes from 2001:470:caa8:1082::149: icmp_seq=5 ttl=44 time=29.9 ms

 

 

After that, from the console :

 

[root@GSF5LTMV6:Active] config ifconfig EXTERNAL

 

EXTERNAL Link encap:Ethernet HWaddr 00:0C:29:20:71:98

 

inet6 addr: fe80::20c:29ff:fe20:7198/64 Scope:Link

 

inet6 addr: 2001:470:caa8:1565::10/64 Scope:Global

 

UP BROADCAST RUNNING MULTICAST MTU:1480 Metric:1

 

 

 

To inderstand what is going on:

 

 

[root@GSF5LTMV6:Active] config tcpdump -ni EXTERNAL ip6

 

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

 

listening on EXTERNAL, link-type EN10MB (Ethernet), capture size 108 bytes

 

11:16:34.983903 IP6 2001:660:7301:4994::22 > 2001:470:caa8:1082::149: frag (0|1432) ICMP6, echo request, seq 9, length 1432

 

11:16:34.983917 IP6 2001:660:7301:4994::22 > 2001:470:caa8:1082::149: frag (1432|56)

 

11:16:34.983947 IP6 2001:470:caa8:1082::149 > 2001:660:7301:4994::22: frag (0|1448) ICMP6, echo reply, seq 9, length 1448

 

11:16:34.983953 IP6 2001:470:caa8:1082::149 > 2001:660:7301:4994::22: frag (1448|40)

 

11:16:34.987075 IP6 2001:470:caa8:80::1 > 2001:470:caa8:1082::149: ICMP6, packet too big, mtu 1480, length 1240

 

11:16:36.488155 IP6 2001:660:7301:4994::22 > 2001:470:caa8:1082::149: frag (0|1432) ICMP6, echo request, seq 10, length 1432

 

11:16:36.488173 IP6 2001:660:7301:4994::22 > 2001:470:caa8:1082::149: frag (1432|56)

 

11:16:36.488205 IP6 2001:470:caa8:1082::149 > 2001:660:7301:4994::22: frag (0|1448) ICMP6, echo reply, seq 10, length 1448

 

11:16:36.488212 IP6 2001:470:caa8:1082::149 > 2001:660:7301:4994::22: frag (1448|40)

 

11:16:36.491372 IP6 2001:470:caa8:80::1 > 2001:470:caa8:1082::149: ICMP6, packet too big, mtu 1480, length 1240

 

 

The router where the 6in4 tunnel is setup (2001:470:caa8:80::1) reply « packet too big » message but the LTE VE doesn’t change is MTU.

 

interface Tunnel0

 

description HE IPv6 Tunnel Broker

 

no ip address

 

ipv6 address 2001:470:1F12:50F::2/64

 

ipv6 enable

 

tunnel source 194.XX.XX.X

 

tunnel destination 216.66.84.42

 

tunnel mode ipv6ip

 

end

 

 

GSRTIP6sh run int fa0/0

 

Building configuration...

 

 

Current configuration : 329 bytes

 

!

 

interface FastEthernet0/0

 

description DMZ Interco

 

no ip address

 

duplex auto

 

speed auto

 

ipv6 address FE80::F1 link-local

 

ipv6 address 2001:470:CAA8:80::1/64

 

ipv6 mtu 1480

 

ipv6 nd prefix default no-advertise

 

ipv6 nd advertisement-interval

 

ipv6 nd ra suppress

 

ipv6 nd ra interval msec 3000

 

ipv6 nd ra lifetime 10

 

end

 

 

 

Do I have another option to fix this issue ?

 

Regards,