Hi, I found PMTU blackhole problem at tools/mail.ietf.org. The PMTU for tools.ietf.org and mail.ietf.org are decreased to 1480 somewhere a few hops upward from ietf servers. What's worse is that ICMPv6 Packet Too Big does not return. tools.ietf.org has been assigned two IPv6 addresses, one works, the other faces this problem. mail.ietf.org has one IPv6 address and it is not workable. $ host tools.ietf.org tools.ietf.org has address 192.36.157.99 tools.ietf.org has address 194.146.105.14 tools.ietf.org has address 208.66.40.242 tools.ietf.org has IPv6 address 2001:1890:1112:1::2a tools.ietf.org has IPv6 address 2a01:3f0::31:214:22ff:fe21:bb $ ping6 -s 1452 2001:1890:1112:1::2a PING6(1500=40+8+1452 bytes) 2001:fa8::xxxx --> 2001:1890:1112:1::2a Request timeout for icmp_seq=0 $ host mail.ietf.org mail.ietf.org has address 64.170.98.32 mail.ietf.org has IPv6 address 2001:1890:1112:1::20 mail.ietf.org mail is handled by 0 mail.ietf.org. $ ping6 -s 1452 2001:1890:1112:1::20 PING6(1500=40+8+1452 bytes) 2001:fa8:1000::991f:ed22:a368:f41 --> 2001:1890:1112:1::20 Request timeout for icmp_seq=0 When mail servers and client OSes that accesses tools web site implement TCP pmtu black hole detection/avoidance mechanism documented in RFC 2923, the communication does not fail. But, unfortunately, my FreeBSD based mail server does not implement this mechanism, so it could not send e-mails to ietf.org. Apart from IPv6 to IPv4 fallback, pmtu problem does not prevent TCP connection establishment, but it kills a ongoing connection. Anyway, I really appreciate if someone can fix ICMPv6 error messages filtering. Kindest regards, -- Arifumi Matsumoto Secure Communication Project NTT Information Sharing Platform Laboratories E-mail: arifumi@xxxxxxxxx _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf