← Back to team overview

openstack team mailing list archive

Re: [QUANTUM] (Bug ?) L3 routing not correctly fragmenting packets ?

 

I also forgot to mention: I'm using a typical Openvswitch setup with GRE encapsulation.
I can't proof, but would GRE not able to work with PathMTU ?

-Sylvain

Le 11/03/2013 09:40, Sylvain Bauza a écrit :
Hi Rick, reply inline.

Le 08/03/2013 20:27, Rick Jones a écrit :
On 03/08/2013 09:55 AM, Aaron Rosen wrote:
Hi Sylvain,


This seems very odd to me. The reason this should happen is if your
client is sending packets with the DF (don't fragment) bit set in the
TCP header of the packets you are sending. I'd confirm that your
version of 'curl' is doing this (which it should definitely not do!).

Why shouldn't a TCP connection initiated by curl (or anything else) have Path MTU discovery enabled? (ie the DF bit set in the IP datagrams carrying the TCP segments)


[SBA] Thanks for the explanation of the DF flag
What should happen is the router should fragment the packets for you
and if a fragment is lost TCP will just re-transmit the full packet
again and things should eventually work....

Here I thought all the IETF demigods considered IP Fragmentation 'To Be Avoided (tm)' - hence the creation of Path MTU discovery in the first place. :)

FWIW, in the IPv6 world, routers do not fragment. That implies either functioning PathMTU discovery, or lowest common MTU...


Aaron


On Fri, Mar 8, 2013 at 9:08 AM, Sylvain Bauza
<sylvain.bauza@xxxxxxxxxxxx> wrote:
Hi,

I recently observed a strange behaviour with L3 Quantum routing (Openvswitch
setup with Provider Router). A simple curl to an external website is
sometimes failing due to packet size  :

192.168.10.3 > X.X.X.X: ICMP 192.168.10.3 unreachable - need to frag
(mtu 1454), length 556
IP (tos 0x0, ttl 48, id 25918, offset 0, flags [DF], proto TCP (6),
length 1500)

Why is the ICMP Destination Unreachable datagram being sent back so large? I would have expected it to be rather smaller - an Ethernet, IP and ICMP header, and then the original IP header and something like 8 bytes or so of the original IP datagram's payload.

I take it that ICMP is not getting back to the original sender? Or is being ignored?



[SBA] I take the point. That means that PathMTU is not working for my Quantum installation. I also had a Nova-network (FlatDHCP mode) and I didn't noticed the issue. So, I assume something is wrong with my config.



Only changing the VM MTU to 1454 does the trick ('ifconfig eth0 mtu 1454').

For info, 192.168.10.3 is the floating IP bound to 10.0.0.4 (private IP).

I suppose if 10.0.0.4 doesn't explicitly know about 192.168.10.3 it might indeed ignore the ICMP message. Assuming it isn't getting un-NATted on the way back.


[SBA] This *is* un-NAT'd on the way back. By tcpdump'ing with the '-i any' interface, I can see the DNAT mapping on the way back :


Do you have any idea on what I should fix (or at least workaround) to have PathMTU working ? By the way, I did check and both client (10.0.0.4) and server (X.X.X.X) have MTU set to 1500. I can't understand why the server is asking for a fragment size of 1454.

Thanks,
-Sylvain




Follow ups

References