yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #47193
[Bug 1542108] Re: MTU concerns for the Linux bridge agent
Reviewed: https://review.openstack.org/283790
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=4df8d9a7016ab20fce235833d792b89309ec98a7
Submitter: Jenkins
Branch: master
commit 4df8d9a7016ab20fce235833d792b89309ec98a7
Author: Kevin Benton <kevin@xxxxxxxxxx>
Date: Mon Feb 22 16:41:45 2016 -0800
Make agent interface plugging utilize network MTU
This changes the 'plug' and 'plug_new' interfaces of the
LinuxInterfaceDriver to accept an MTU argument. It then
updates the dhcp agent and l3 agent to pass the MTU that
is set on the network that the port belongs to. This allows
it to take into account the overhead calculations that are
done for encapsulation types.
It's necessary for the L3 agent to have the MTU because it
must recognize when fragmentation is needed so it can fragment
or generate an ICMP error.
It's necessary for the DHCP agent to have the MTU so it doesn't
interfere when it plugs into a bridge with a larger than 1500
MTU (the bridge would reduce its MTU to match the agent).
If an operator sets 'network_device_mtu', the value of that
will be used instead to preserve previous behavior.
Closes-Bug: #1549470
Closes-Bug: #1542108
Closes-Bug: #1542475
DocImpact: Neutron agents now support arbitrary MTU
configurations on each network (including
jumbo frames). This is accomplished by checking
the MTU value defined for each network on which
it is wiring VIFs.
Co-Authored-By: Matt Kassawara <mkassawara@xxxxxxxxx>
Change-Id: Ic091fa78dfd133179c71cbc847bf955a06cb248a
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1542108
Title:
MTU concerns for the Linux bridge agent
Status in neutron:
Fix Released
Bug description:
I ran some experiments with the Linux bridge agent [1] to determine
the source of MTU problems and offer a potential solution. The
environment for these experiments contains the following items:
1) A physical (underlying) network supporting MTU of 1500 or 9000 bytes.
2) One controller node running the neutron server, Linux bridge agent, L3 agent, DHCP agent, and metadata agent.
3) One compute node running the Linux bridge agent.
4) A neutron provider/public network.
5) A neutron self-service/private network.
6) A neutron router between the provider and self-service networks.
7) The self-service network uses the VXLAN protocol with IPv4 endpoints which adds 50 bytes of overhead.
8) An instance on the self-service network with a floating IP address from an allocation pool on the provider network.
Background:
1. For tunnel interfaces, Linux automatically subtracts protocol
overhead from the parent interface MTU. For example, if eth0 has a
1500 MTU, a VXLAN interface using it as a parent device has a 1450
MTU.
2. For bridge devices, Linux assumes a 1500 MTU and changes the MTU to
the lowest MTU of any port on the bridge. For example, a bridge
without ports has a 1500 MTU. If eth0 has a 9000 MTU and you add it as
a port on the bridge, the bridge changes to a 9000 MTU. If eth1 has a
1500 MTU and you add it as a port on the bridge, the bridge changes to
a 1500 MTU.
3. Only devices that operate at layer-3 can participate in path MTU
discovery (PMTUD). Therefore, a change of MTU in a layer-2 device such
as a bridge or veth pair causes that device to discard packets larger
than the smallest MTU.
Observations:
1. For any physical network MTU, instances must use a MTU value that
accounts for overlay protocol overhead. Neutron currently offers a way
to provide a correct value via DHCP. However, it only addresses
packets outbound from instances. The next two items address packets
inbound to instances.
2. For any physical network MTU, each end of the veth pair between the
self-service network router interface (qr) in the router namespace
(qrouter) and the self-service network bridge on the controller node
(qbr) contains a different MTU. The qr end has a 1500 MTU, the default
value, and the qbr end has a 1450 MTU because the bridge contains a
VXLAN interface with a 1450 MTU. Thus, the veth pair discards packets
with a payload larger than 1450 bytes.
3. For a physical network MTU larger than 1500, each end of the veth
pair between the provider network router gateway (qg) in the router
namespace (qrouter) and the provider network bridge on the controller
node (qbr) contains a different MTU. The qg end has a 1500 MTU, the
default value, and the qbr end inherits the larger MTU of physical
network interface. Thus, the veth pair discards packets with a payload
larger than 1500 bytes.
Potential solution:
As per background item (3), MTU disparities must occur in a device
that operates at layer-3. For example, a router namespace that
contains interfaces with IP addresses. We can accomplish this task in
neutron by always using the same MTU on both ends of a veth pair. In
observation item (2), both ends of the veth pair should use 1450, the
self-service network MTU. In observation item (3), both ends of the
veth pair should use 9000, the provider network MTU. If a packet from
the provider network to the instance has a payload larger than 1450
bytes, the router can send an ICMP message to the source telling it to
use a 1450 MTU.
[1] http://lists.openstack.org/pipermail/openstack-
dev/2016-January/084241.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1542108/+subscriptions
References
