IPv6 and yum

Allen Kistler an037-ooai8 at yahoo.com
Wed Nov 11 05:46:43 UTC 2009


Wolfgang S. Rupprecht wrote:
> I was very pleasantly surprised to see that yum is now trying to connect
> to respositories over IPv6....

If I understand yum correctly, that's really either python-urlgrabber or
libcurl that's now using IPv6.

> On the down side, the connection often hangs sometime after the 3-way
> handshake.  Yum doesn't seem to time out even after several hours.  I
> end up having to dig up a handful of PID's and killing them by hand.
> 
> [snip]

If the handshake is completing, then it's probably an MTU issue.

Path MTU Discovery requires ICMP to work, but lots of sites block ICMP
because they erroneously think it's evil.  Basically, if a packet is too
big to traverse a link and its Don't-Fragment bit is set, the packet
should be discarded and an ICMP Packet-Too-Big message should be sent
back to the sender so it knows to decrease the MTU.  If the ICMP is
blocked, the sender never knows it should decrease its MTU, so it's
probably wondering why you're not ACKing anything.

1. Make sure you're not the one blocking ICMP.  If your IPv6 is through
   a tunnel, it could be a tunnel broker that's dropping ICMP.  In
   which case, there's option #2.

2. You can try MSS clamping on your outbound packets.  MSS clamping sets
   an option in your outbound TCP packets to tell the other side to use
   smaller packets.  MSS clamping is an ugly, ugly protocol hack, but
   sometimes it's necessary.

   I use 6to4, so in ip6tables I have

   -A FORWARD -o tun6to4 -p tcp --tcp-flags SYN,RST SYN
              -j TCPMSS --clamp-mss-to-pmtu

   in the mangle table on my 6to4 router.  YMMV




More information about the fedora-test-list mailing list