← Back to team overview

kernel-packages team mailing list archive

[Bug 1463911] Re: IPV6 fragmentation and mtu issue


SRU Justification:


	This bug causes issues when ip6tables modules are loaded with IPv6
fragmented packets traversing a bridge.  The extant conntrack processing
will reassemble the IPv6 fragments for netfilter processing, but is
incapable of re-fragmenting these datagrams for subsequent forwarding.
This causes the fragmented IPv6 datagrams to be dropped.


	This is resolved by backporting functionality from mainline that
re-fragments the IPv6 datagrams upon bridge egress.


        The patch commit log includes a test case; to summarize:

	A bridge is configured with two ports and interfaces are attached
to these ports.  A traffic source beyond one port generates fragmented
IPv6 datagrams, e.g., ping6 -s 2000, destined for a host beyond the

	With ip6tables modules unloaded, the IPv6 fragments will traverse
the bridge.  Loading ip6tables, e.g., "ip6tables -t nat -L", will cause
IPv6 fragmented datagrams to be dropped on the unpatched kernel.

        These datagrams are correctly forwarded with the patch applied.

You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.

  IPV6 fragmentation and mtu issue

Status in neutron:
Status in OpenStack Compute (nova):
Status in linux package in Ubuntu:

Bug description:
  Fragmented IPv6 packets are REJECTED by ip6tables on compute nodes.
  The traffic is goign through an intra-VM network and the packet loss
  is hurting the system.

  There is a patch for this issue:

  I would like to know is there any bug report or official release date
  for this issue ?

  This is pretty critical for my deployment.

  Thanks in advance,



To manage notifications about this bug go to: