Hello every one, I faced a problem when using DS-Lite that blew my mind. Up to now, I still cannot figure out why. So please help me explain this problem why client 1 cannnot ping the server successfully. There is the whole scenario (Fig. 1) below:
In this laboratory scenario, I am an attacker in the ISP corework network (shown in Fig. 8):
I sent a spoofed Packet Too Big from the attacker with source address (CPE1) and to the destination (AFTR) about the MTU (I set to 1280 bytes). My aim: CPE1 tells AFTR about the change of MTU in the next path (from AFTR to home network 1).
After that message, I tried Ping from client 1 to the server with data size 1400. And the Ping failed to get Reply. Client 1 generated a normal Request packet with 1400 bytes of Payload. I came through the DS-Lite tunnel (IPv4-in-IPv6) without any problem or fragmentation and reached the server. The server then replied with 1 Reply message (without fragmentation). When receiving the Reply message, AFTR then generated an Error message below. This message was decapsulated and reached the client.
My question is why this problem happened? Why there was no fragmentation to make the Ping successful? Is this a typical problem of fragmentation when having IPv4-IPv6 transition. In IPv6, only source can fragment the packet so AFTR (as the router) cannot fragment this packet? How to solve this problem?