Community discussions

MikroTik App
  4. RouterOS
  5. General

IPv6 gre

Post Reply
 
savage
Forum Guru
Forum Guru
Topic Author
Posts: 1263
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:
Contact savage

IPv6 gre

Fri Jul 05, 2019 4:46 pm

Hi Guys,

Two routers, identical configuration:
Code: Select all
/interface gre
add allow-fast-path=no ipsec-secret="blah" local-address=192.168.24.98 mtu=1520 name=gre-tunnel1 remote-address=192.168.24.54
/ipv6 address
add address=X:X:X:101::16/126 advertise=no interface=gre-tunnel1
/ip address
add address=1.1.1.1/30 interface=gre-tunnel1 network=1.1.1.0
On IPv4 I can ping using a 1500 byte payload. No fragmentation.

On IPv6 I can't ping using a 1500 byte payload, and get a packet too large with a return size of 1280

Why can I pass IPv4 at 1500 bytes, but not IPv6?

Both are CHR routers, latest 6.45.1-stable.

Thnx
Top
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: IPv6 gre

Fri Jul 05, 2019 5:01 pm

What happens if you set do-not-fragment while pinging the IPv4 address?
Top
 
savage
Forum Guru
Forum Guru
Topic Author
Posts: 1263
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:
Contact savage

Re: IPv6 gre

Fri Jul 05, 2019 5:02 pm

What happens if you set do-not-fragment while pinging the IPv4 address?
do-not-fragment=yes then as expected, IPv4 fails as well as IPv6
do-not-fragment=no then as expected IPv4 works, but not as expected IPv6 does not.

I don't believe do-not-fragment is applied to IPv6 traffic on a IPv4 gre tunnel... It doesn't look like it to me in any case.
Top
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: IPv6 gre

Fri Jul 05, 2019 5:10 pm

Hi Guys,

Two routers, identical configuration:
Code: Select all
/interface gre
add allow-fast-path=no ipsec-secret="blah" local-address=192.168.24.98 mtu=1520 name=gre-tunnel1 remote-address=192.168.24.54
/ipv6 address
add address=X:X:X:101::16/126 advertise=no interface=gre-tunnel1
/ip address
add address=1.1.1.1/30 interface=gre-tunnel1 network=1.1.1.0
On IPv4 I can ping using a 1500 byte payload. No fragmentation.

On IPv6 I can't ping using a 1500 byte payload, and get a packet too large with a return size of 1280

Why can I pass IPv4 at 1500 bytes, but not IPv6?

Both are CHR routers, latest 6.45.1-stable.

Thnx
Because IPv6 doesn't fragment. This decision was made in order to save CPU power on routers. It has nothing to do with Mikrotik - it is an IPv6 "feature". That size of 1280 is the largest possible packet, between these two hosts, given your actual network setup. Every time a connection is made, it is tested, to see the maximum packet size without fragmentation.
Top
 
sindy
Forum Guru
Forum Guru
Posts: 10206
Joined: Mon Dec 04, 2017 9:19 pm

Re: IPv6 gre

Fri Jul 05, 2019 5:20 pm

There is a substantial difference in how fragmentation works in IPv4 and in IPv6. Whereas in IPv4, any device along the path may fragment a received packet if fragmentation is not expressly prohibited by means of the DF bit, in IPv6, the behaviour is closer to TCP MSS handling - if a packet doesn't fit to MTU somewhere along the path, such fact is reported back to the sender endpoint and it reduces the PDU size so that it would fit, i.e. it accommodates the PDU size to avoid fragmentation further on the path. In case of IPv6, the sender fragments the packets already when sending them if it sees that as the most appropriate way of handling the situation. See more e.g. here.
Top
 
savage
Forum Guru
Forum Guru
Topic Author
Posts: 1263
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:
Contact savage

Re: IPv6 gre

Fri Jul 05, 2019 6:07 pm

Thnx for the explanation guys. Makes sense.
Top
Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot], almdandi, Bing [Bot] and 164 guests
  4. RouterOS
  5. General