Matt Domsch wrote:
On Thu, Sep 10, 2009 at 05:16:23AM +0000, Daniel Drown wrote:
That said, the various MSS fixes (point #2 and the origional poster's iptables command) avoid the problem for TCP.
rhel5, which is what we're running in production, has a kernel old enough that it doesn't have the iptables --clamp-mss-to-pmtu capability for ipv6.
The server side shouldn't need it. The option is used to make up for something broken on the other side of a lower MTU link. fp.o is native IPv6, isn't it? No tunnel?
We've had over 5000 successful connections using ipv6 this week, and about 5 _reported_ failures. In the same time, we've had millions of successful v4 connections. I'm inclined to believe the failures, while annoying, are still few and far between compared with the rest of our traffic. I'm not quite ready to turn off ipv6 again, or switch to forcing "knowledgable" users to use www.ipv6.fp.o, as it would drop our IPv6 userbase to effectively zero.
In a previous note, Mike M reported spending more hours (his, yours, and others') than he liked tracking down connectivity problems. It would be enlightening to know if there was a common thread.
infrastructure@lists.fedoraproject.org