[grahamedgecombe]

We've been experimenting with Azure's IPv6 support at work recently. The fact it uses NAT is insane - though we could tolerate that. Even worse is that the NAT is broken - it doesn't update the ICMPv6 checksum when it rewrites the source/destination address, so the machines on both ends drop all ICMPv6 traffic that passes through Azure.

This is rather bad considering the importance of ICMPv6 in IPv6 (for Path MTU Discovery, for example).

Their support is being rather useless, despite us having to pay for the privilege of reporting a bug in their own infrastructure to them!

[jiggawatts]

Path MTU Discovery is broken in Azure's IPv4 stack as well, which is even more sad. Similarly to you, I had to report to them that their VPN tunnels only send PMTUD in one direction, so you get this wonderful experience where TCP streams with big packets work in one direction, but not the other! With most ACK packets being small, this can take a surprising amount of time to discover and troubleshoot.

[api]

Microsoft sells to a lot of crusty enterprises, and I bet a lot of the IT folks there think NAT is for security and refused to use IPv6 if it wasn't NATed. They probably deployed it that way to placate that particular piece of brain dead security cargo cultism.

Azure sucks anyway. Their prices are not good and their management console is horrible.