[nsd-users] Possible fragmentation issue transferring larger zones over IPv6?

Darren Pilgrim list_nsd at bluerosetech.com
Sun Mar 30 18:31:41 UTC 2014

On 3/30/2014 9:24 AM, Anand Buddhdev wrote:
> On 29/03/2014 22:37, Darren Pilgrim wrote:
>> I'm not sure how to document this other than showing you the "operation
>> timed out: tcp" log entries and zonestatus output that shows the slaves
>> are not getting the zone.
> If NSD is emitting packets that are bigger than the IPv6 path MTU to the
> slave, then a device along the path will send back an ICMP message
> asking the source to fragment. If this ICMP message never reaches the
> master, it won't know that it needs to fragment the packets, and will
> keep sending bigger packets, and result in a timeout.
> On the master, run tcpdump, and then send out large packets to the slave
> (ping6 will do) and see if you're getting back the relevant ICMP
> message, and whether the network stack on the master is adapting itself
> to such a notificaiton.

It looks like something mid-path in the master's ISP that's breaking 
PMTU.  I can get large pings between the slaves, but I can only get 
large pings a few steps through the master's ISP.  I was really hoping 
it was something dumb like I had left the fragment rules out of my rulesets.

Thanks for your help.

