ProxySG on Azure with ipv6 dual stack connectivity issue
Article ID: 407417
Updated On:
Products
Issue/Introduction
SWG and Azure dual-stack solution with IPv4 is working well, but there is no connectivity with the IPv6 is enabled. You can ping to the configured IPv6 address of ProxySG but when you try to send the traffic via Proxy or try to connect to the Proxy on https. There is no response.
Environment
ProxySG on Azure with Dual Stack
Cause
The root cause of the bug is that the HYPER-V NETVSC driver is essentially incorrectly detecting that the hardware supports IPV6 TCP checksum offloading.
Resolution
Workaround :
Need to issue a "hidden" command on the SG to get the IPV6 data path to work, the command they need to issue is.
tcp-ip transmit-checksum disable
so it would look like this from the CLI:
Blue Coat SG-VA Series #
Blue Coat SG-VA Series #conf t
Enter configuration commands, one per line. End with CTRL-Z.
Blue Coat SG-VA Series#(config)tcp-ip transmit-checksum disable
ok
FIX: It will be fixed in new upcoming version
Additional Information
Follow up questions:
Q: Is it safe to run with this disabled?
A: Yes it is safe to run with this disabled, it will come a slightly higher CPU usage as now the stack is doing the checksumming instead of the hardware layer, likely this will not be noticed.
Feedback
