Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6 over pfSense 802.1q VLAN limits ICMP6 data size to 1240 bytes

    Scheduled Pinned Locked Moved IPv6
    ipv6icmp6size
    4 Posts 2 Posters 616 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ChrisJenk
      last edited by

      While investigating some issues I discovered that if you have an 802.1q VLAN configured on a Netgate 6100 (running 23.09.1) and have set the MTU for the VLAN interface to 9000 (jumbo frames - all associated infrastructure is configured to support jumbo frames and this has been verified to work) then ICMP6 traffic via this interface is limited in the maximum data size (as passed via the ping6 -s option + 8 bytes for ICMP header) that can be passed to 1240 bytes. This is very strange. This limit does not apply for IPv4 ICMP traffic (with do-not-fragment set) nor does it apply to non-VLAN ICMP6 traffic. Note the the ping/ICMP[6] traffic is not being generated on the Netgate itself but on a system attached to the VLAN's parent interface.

      Note that it is only ICMP6 traffic size that is being limited; regular IPv6 data traffic maximum segment size is 8928 as expected.

      Has anyone encountered this before and if so have you found any way to increase this limit to something reasonable for jumbo frames? Is this a pfSense issue or a FreeBSD issue?

      In case you wonder why I care, I have my own script for determining path mtu which works across a wide variety of environments and networks but in this one specific case this strange limitation breaks my script. Not a disaster of course but kind of annoying.

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @ChrisJenk
        last edited by

        @ChrisJenk

        It sounds like it's taking the minimum IPv6 MTU and then subtracting the IPv6 header size from it. I have no idea why it would do that, though I suspect a bug (feature? ๐Ÿ˜‰ ) in FreeBSD.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        C 1 Reply Last reply Reply Quote 1
        • C
          ChrisJenk @JKnott
          last edited by

          @JKnott Yeah, that was kind of the conclusion I came to after a lot of experiments. Weird how it only affects VLANS + IPv6 though. I guess that's the nature of bugs ๐Ÿ˜Š The parent interface for the VLAN is also part of a bridge, maybe that combination is just too much for it, though everything works except large ping sizes.

          C 1 Reply Last reply Reply Quote 0
          • C ChrisJenk referenced this topic on
          • C ChrisJenk referenced this topic on
          • C
            ChrisJenk @ChrisJenk
            last edited by

            UPDATE: This issue is not specific to the use of large mtg (jumbo frames). It affects ICMP6 generally in this configuration. I don't know if the issue is due to the VLAN or the combination of a VLAN on a bridge. IPv4 is not affected and ICMP message sizes (with do-not-fragment set) respect the configured mtu.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.