Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3260
Views
0
Helpful
5
Replies

Testing/demonstrating ipv6 fragmentation with only routers?

Seth Beauchamp
Level 1
Level 1

‎01-11-2017 06:35 PM - edited ‎03-01-2019 05:52 PM

I have a 3 router set up, A-B-C. ipv6 addresses on loopbacks. All links using mtu of 1500. I also added no ipv6 unreachable on all the links between the routers as well as the loopbacks thinking this would break pmtud. Pinging between loopbacks using a 9000 packet size i figured pmtud wouldn't work and the packets would get dropped. However, the ping still go through. Is there any way i can demonstrate packet loss due to MTU in this scenario? I didn't see a specific way to filter packet too big messages, and since im pinging i can't block all icmp. I am guessing disabling unreachables still allows a packet too big message to be returned?

Im still getting familiar with ipv6, so clearly im misunderstanding something here.

Labels:
0 Helpful
5 Replies 5

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-11-2017 07:13 PM

The scenario you describe is effective a host-to-host ping, since it is between the routers own interfaces.

I don't think you can tell the router not to fragment its own packets, so it will just send the 9000 bytes in 1500 byte chunks.

You need something more like this to test it:

r1 --r2 --- r3 --- r4

Where:

r1 to r2, IPv6 MTU=9000

r2 to r3, IPv6 MTU=1500

r3 to r4,IPv6 MTU=9000

0 Helpful

Seth Beauchamp
Level 1
Level 1
In response to Philip D'Ath

‎01-12-2017 06:19 AM

Got it set up like you suggested. The first ping looks like this:

R4#ping 2001:150:9:9::9 so lo0 si 9000
Type escape sequence to abort.
Sending 5, 9000-byte ICMP Echos to 2001:150:9:9::9, timeout is 2 seconds:
Packet sent with a source address of 2001:150:4:4::4
B..!!

Then pings are fine after that. I thought I would not see that B still come through. Either way, this can demonstrate ipv6 recovering from a low mtu in the path.

0 Helpful

timway001
Level 1
Level 1
In response to Seth Beauchamp

‎04-03-2018 08:14 AM - edited ‎04-03-2018 08:15 AM

Did you do "no ip unreachables" or "no ipv6 unreachables"? Did you issue those commands on the interfaces the traffic would egress the router?

0 Helpful

Harold Ritter
Level 12
Level 12

‎04-03-2018 09:29 AM

"no ipv6 unreachable" will not prevent the  icmpv6 packet too big (PTB) messages to be generated. You could put an IPv6 ACL to block the PTB messages though. The ACL would look something like this:

 

ipv6 access-list test
 deny icmp any any packet-too-big
 permit ipv6 any any

You could apply it inbound on the interface of the router where you issue the pings. This should do the trick.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

timway001
Level 1
Level 1
In response to Harold Ritter

‎04-03-2018 10:05 AM - edited ‎04-03-2018 10:07 AM

Doh, ICMPv6 destination unreachable is type 1 and packet too big is type 2 unlike ICMP (v4) where both functions fall underneath ICMP type 3 destination unreachable (because of DF bit set).

 

Good catch.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card