Matt Domsch wrote:
On Thu, Sep 10, 2009 at 05:16:23AM +0000, Daniel Drown wrote:
> That said, the various MSS fixes (point #2 and the origional poster's
> iptables command) avoid the problem for TCP.
rhel5, which is what we're running in production, has a kernel old
enough that it doesn't have the iptables --clamp-mss-to-pmtu
capability for ipv6.
The server side shouldn't need it. The option is used to make up for
something broken on the other side of a lower MTU link. fp.o is native
IPv6, isn't it? No tunnel?
We've had over 5000 successful connections using ipv6 this week,
about 5 _reported_ failures. In the same time, we've had millions of
successful v4 connections. I'm inclined to believe the failures,
while annoying, are still few and far between compared with the rest
of our traffic. I'm not quite ready to turn off ipv6 again, or switch
to forcing "knowledgable" users to use www.ipv6.fp.o
, as it would drop
our IPv6 userbase to effectively zero.
In a previous note, Mike M reported spending more hours (his, yours, and
others') than he liked tracking down connectivity problems. It would be
enlightening to know if there was a common thread.