NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Netgear R7000 IPv6 ICMP Filtered
When going to http://ipv6-test.com/ The test only gives my 17/20 The reason is that ICMP is filtered which according to that site is a bad thing. I know it is definately the router doing ...
malacath wrote:Is this website correct?
Yes.
Is filtering ICMP really a problem?
Will it cause problems when websites start going ipv6 only?
It can be a problem. IPv6 relies on something calling PMTUD (Path MTU Discovery) to work. Blocking ICMPv6 prevents PMTUD from working. Unfortunately, unblocking ICMPv6 has a downside. It can expose your devices to a certain kind of DoS attack (atomic fragment attack). This puts you in a "Damned if you do. Damned if you don't." situation. There is work ongoing in the IETF (the standards group for TCP/IP Protocols) to figure out how to fix this.
In the meantime, you may find that things will work even without ICMPv6. Consider yourself lucky.
malacath wrote:
Is this website correct?
Yes.
Is filtering ICMP really a problem?
Will it cause problems when websites start going ipv6 only?
It can be a problem. IPv6 relies on something calling PMTUD (Path MTU Discovery) to work. Blocking ICMPv6 prevents PMTUD from working. Unfortunately, unblocking ICMPv6 has a downside. It can expose your devices to a certain kind of DoS attack (atomic fragment attack). This puts you in a "Damned if you do. Damned if you don't." situation. There is work ongoing in the IETF (the standards group for TCP/IP Protocols) to figure out how to fix this.
In the meantime, you may find that things will work even without ICMPv6. Consider yourself lucky.