ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
211
Views
0
Helpful
0
Replies
Highlighted
Beginner

IPv6 tunnel MTU problem

Hello,

to get IPv6 connectivity, I use a tunnel by Hurricane Electrics. This is a ip6inip tunnel.

interface Tunnel0
 description Hurricane Electric IPv6 Tunnel Broker
 no ip address
 ipv6 address 2001:470:xxx:xxx/64
 ipv6 enable
 ipv6 mtu 1472
 tunnel source Dialer0
 tunnel mode ipv6ip
 tunnel destination 216.66.80.30

The tunnel itself works, I can browse the web via IPv6, I tried that out and I use it for months.

With some sites I encounter problems (yahoo.com, rt.com).

The browser does TLS handshaking, but never finishes for minutes.

It is an MTU problem, because if I set MTU to 1472 (like the tunnel) on my PC (multiple Linux machines), it does work fine. I operate an 886va ISR.

 

At another location I operate a FritzBox (home router) and also an IPv6 tunnel by hurricane. The clients also have MTU of 1500, but no problems with some site's TLS.

Somebody told me about IPv6 MTU discovery being blocked by default in Cisco IOS.

Is that true?

How can I avoid that?

I like to forward all IPv6 packets.

Should I create an access list with the following content and enable it on the tunnel interface?

ipv6 access-list aclv6
 permit ipv6 any any

Kind regards

 

This widget could not be displayed.