← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1747496] [NEW] MTUs are not set for VIFs if using kernel ovs + hybrid plug = false

 

Public bug reported:

Description
===========
over the last few cyles supprot for mtu other then the default of 1500 has
gernerally been improved in both nova and neutron.
At the same time it was decided to remove the responsibility for VIF plugging from
the virt drivers and centrailse it in os-vif.

over the last few cycles os-vif has been enhanced to support setting the mtu on all codepaths
and this work was completed in pike, however there are stills codepaths in the nova libvirt driver where os-vif is not used to plug the VIF and instead it is done by libvirt.

when the VIF_TYPE is ovs and hybrid_plug=False libvirt plug the VM's
VIFs iteself and os-vif is only responcible for creating the bridge it
will be plugged into. in this case as the mtu is not set in teh libvirt
xml and since os-vif is not respocible for pluggin the vif nothing set
the mtu on the tap device that is added to ovs. This scenario arrises
whenever libvirt is the nova virt driver and the no-op or openvswitch
security group drivers are used.

the end result is that in the vm the quest correctly recives the non
default(e.g. jumbo frame) mtu form the neutron dhcp server and
configures the mtu in its kernel but the mtu of the tap device added to
the ovs bridge  is left at the default of 1500 preventing jumboframes
from being used by the guest.

Steps to reproduce
==================
using a host with a non default mtu

deploy devstack normally useing libvirt + kvm/qemu
and enable the openvsiwtch or no-op neutron security group driver


[[post-config|/etc/neutron/plugins/ml2/ml2_conf.ini]]
[securitygroup]
firewall_driver = openvswitch

or

[[post-config|/etc/neutron/plugins/ml2/ml2_conf.ini]]
[securitygroup]
firewall_driver = noop

spawn a singel vm via nova.

and retrive the name of the interface for ovsdb or
via virsh dumpxml.

then run ifconfig <interface name> and check the mtu.

note if openvsiwtch direver is used you will need to allow icmp/ssh
in the security groups to be able to validate network conncetivity.

Expected result
===============
tap should have same mtu as is set on neutron network.
and a ping of max mtu e.g. ping -s 9000 ... for a network mtu of 9000 should work.

Actual result
=============
tap mtu will be 1500
it is not possible to ping the vm with a packet larger then 

Environment
===========
1. it was seen on pike but this effect all versions of openstack. 
   before the introduction of os-vif we did not support neutron network mtus
   and after we started to use os-vif we enable neutron mtu support only for
   the os-vif codepath so this never worked.

2. Which hypervisor did you use?
   libvirt with kvm. this is not libvirt version
   specific as we do not generate the libvirt xml to set the mtu
   https://libvirt.org/formatdomain.html#mtu

2. Which storage type did you use?
   N/a but i used ceph

3. Which networking type did you use?
   neutron with kernel ovs and noop or openvsiwtch security group driver.
   not this will not happen with the iptables driver as that set hybrid_plug=True
   so os-vif is used to plug the VIF and it sets the mtu correctly.
   to

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1747496

Title:
  MTUs are not set for VIFs if using kernel ovs + hybrid plug = false

Status in OpenStack Compute (nova):
  New

Bug description:
  Description
  ===========
  over the last few cyles supprot for mtu other then the default of 1500 has
  gernerally been improved in both nova and neutron.
  At the same time it was decided to remove the responsibility for VIF plugging from
  the virt drivers and centrailse it in os-vif.

  over the last few cycles os-vif has been enhanced to support setting the mtu on all codepaths
  and this work was completed in pike, however there are stills codepaths in the nova libvirt driver where os-vif is not used to plug the VIF and instead it is done by libvirt.

  when the VIF_TYPE is ovs and hybrid_plug=False libvirt plug the VM's
  VIFs iteself and os-vif is only responcible for creating the bridge it
  will be plugged into. in this case as the mtu is not set in teh
  libvirt xml and since os-vif is not respocible for pluggin the vif
  nothing set the mtu on the tap device that is added to ovs. This
  scenario arrises whenever libvirt is the nova virt driver and the no-
  op or openvswitch security group drivers are used.

  the end result is that in the vm the quest correctly recives the non
  default(e.g. jumbo frame) mtu form the neutron dhcp server and
  configures the mtu in its kernel but the mtu of the tap device added
  to the ovs bridge  is left at the default of 1500 preventing
  jumboframes from being used by the guest.

  Steps to reproduce
  ==================
  using a host with a non default mtu

  deploy devstack normally useing libvirt + kvm/qemu
  and enable the openvsiwtch or no-op neutron security group driver

  
  [[post-config|/etc/neutron/plugins/ml2/ml2_conf.ini]]
  [securitygroup]
  firewall_driver = openvswitch

  or

  [[post-config|/etc/neutron/plugins/ml2/ml2_conf.ini]]
  [securitygroup]
  firewall_driver = noop

  spawn a singel vm via nova.

  and retrive the name of the interface for ovsdb or
  via virsh dumpxml.

  then run ifconfig <interface name> and check the mtu.

  note if openvsiwtch direver is used you will need to allow icmp/ssh
  in the security groups to be able to validate network conncetivity.

  Expected result
  ===============
  tap should have same mtu as is set on neutron network.
  and a ping of max mtu e.g. ping -s 9000 ... for a network mtu of 9000 should work.

  Actual result
  =============
  tap mtu will be 1500
  it is not possible to ping the vm with a packet larger then 

  Environment
  ===========
  1. it was seen on pike but this effect all versions of openstack. 
     before the introduction of os-vif we did not support neutron network mtus
     and after we started to use os-vif we enable neutron mtu support only for
     the os-vif codepath so this never worked.

  2. Which hypervisor did you use?
     libvirt with kvm. this is not libvirt version
     specific as we do not generate the libvirt xml to set the mtu
     https://libvirt.org/formatdomain.html#mtu

  2. Which storage type did you use?
     N/a but i used ceph

  3. Which networking type did you use?
     neutron with kernel ovs and noop or openvsiwtch security group driver.
     not this will not happen with the iptables driver as that set hybrid_plug=True
     so os-vif is used to plug the VIF and it sets the mtu correctly.
     to

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1747496/+subscriptions


Follow ups