• March 28, 2024, 04:37:35 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: 1 [2]

Author Topic: DLink DIR 626-L IPv6 Firewall bug + 3 quirks  (Read 29558 times)

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441
Re: DLink DIR 626-L IPv6 Firewall bug + 3 quirks
« Reply #15 on: September 07, 2013, 06:49:06 AM »

Hi network1027,

Quote
I have troubles managing the Packet too big and parameter problems. The problem is that they need to pass Router1, but to get bounced back by OS router. I set a low MTU on OS Router, but it didn't generate a packet too big message, it started fragmenting. ( By the way, isn't packet fragmentation prohibited in IPv6 ? Thus the reason for the packet too big message ? )

Yes, an IPv6 router must not fragment forwarded IPv6 packets (but of course it may fragment IPv6 packets originated by itself). Only a host as a source of an IPv6 packet is allowed to fragment it. Are you sure OS Router (W2K8 R2?) really fragmented a packet originated by PC1?

I would agree to your approach to reduce the MTU on OS router's link to Router2 below 1500 (given all downstream links have an Ethernet MTU of 1500) to provoke a Packet Too Big ICMPv6 message sent by OS router. But be careful: MTU is also advertised by RA which might override manually changed interface MTU values (Router2 RAs announcing MTU=1500 might override a manually changed MTU value on OS router's link to Router2).

As a workaround you could configure Router2 to operate 6to4, tunneling IPv6 packets through the IPv4 Internet towards some 6to4 relay connecting to the IPv6 Internet. This would reduce the MTU on the link between OS router and Router2 to a value of 1480 (inspect RA sent by Router2). Hence Router2 should send Packet Too Big for any IPv6 packet greater than 1480 bytes.

<EDIT>
Correction for "This would reduce the MTU on the link between OS router and Router2 to a value of 1480 (inspect RA sent by Router2)": The MTU beyond Router2 would be reduced to MTU=1480, not the MTU for the link between OS router and Router2. But maybe (depending on Router2's configuration) Router2 also announces this reduced MTU for the LAN between OS router and Router2 (inspect RA sent by Router2), and this reduced MTU is accepted by OS router, then OS router will send an ICMPv6 "Packet Too Big" for IPv6 packets > 1480 bytes. Otherwise it is Router2 sending ICMPv6 "Packet Too Big".
</EDIT>
« Last Edit: September 08, 2013, 01:21:49 PM by PacketTracer »
Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441
Re: DLink DIR 626-L IPv6 Firewall bug + 3 quirks
« Reply #16 on: February 15, 2014, 07:22:28 AM »

... this case of IPv6 firewall failure has been added as case [3] to a list of other cases, see here.

PT
« Last Edit: March 01, 2014, 04:15:09 AM by PacketTracer »
Logged
Pages: 1 [2]