Uploaded image for project: 'Fast Datapath Product'
  1. Fast Datapath Product
  2. FDP-1295

OVN does not send ICMP needs frag to pod

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Undefined Undefined
    • None
    • None
    • ovn24.09
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • rhel-9
    • None
    • rhel-net-ovn
    • ssg_networking

       Problem Description:

       

      When configuring a logical router port to have a specific MTU like 1400, and then sending a packet to it that is larger than that, it should trigger an ICMP needs frag, but it doesn't. The use case here is OVN-Kubernetes with this type of setup:

       

      VM (1500 byte MTU)---linux bridge—pod eth0---ovn-worker logical switch---- (1400 byte MTU) ovn_cluster_router

       

      The packet egresses pod eth0 at 1500 bytes, hits the ovn_cluster_router, but ovn_cluster_router just forward the packet onward even with options:mtu=1400. Note, when ovn_cluster_router forwards the packet it will hairpin it back out the interface it came in on, which is where I think the problem is. This is with local gateway mode in OVNK, where the packet will come from the pod to ovn_cluster_router, then get routed back out rtos-ovn-worker LRP towards ovn-k8s-mp0 port on the ovn-worker logical switch.

       

       

      [root@ovn-worker ~]# ovn-nbctl list logical_router_port rtos-ovn-worker
_uuid               : f804db80-cf21-4deb-af4d-1d64bb514246
dhcp_relay          : []
enabled             : []
external_ids        : {}
gateway_chassis     : [9ba27b3b-9542-4888-ae3d-94efd56effb1]
ha_chassis_group    : []
ipv6_prefix         : []
ipv6_ra_configs     : {}
mac                 : "0a:58:0a:f4:01:01"
name                : rtos-ovn-worker
networks            : ["10.244.1.1/24"]
options             : {mtu="1400"}
peer                : []
status              : {hosting-chassis="356741f4-aa7b-4c46-8ff0-5d7161fc870c"}

       

       

       

      In shared gateway mode, OVN does actually send the ICMP needs frag, although it comes from the gateway router like this:

       

      GR  rtoj-GR_ovn-worker 100.64.0.4--------> ovn_cluster_router ---> ovn-worker ---> pod–>VM

       

      [root@ovn-worker ~]# ovn-nbctl list logical_router_port rtoj-GR_ovn-worker
_uuid               : a7fcc845-203e-4640-ad96-b7a4d1fac162
dhcp_relay          : []
enabled             : []
external_ids        : {}
gateway_chassis     : []
ha_chassis_group    : []
ipv6_prefix         : []
ipv6_ra_configs     : {}
mac                 : "0a:58:64:40:00:04"
name                : rtoj-GR_ovn-worker
networks            : ["100.64.0.4/16"]
options             : {gateway_mtu="1400"}
peer                : []
status              : {}

       

      Note in this case, the options have "gateway_mtu" as well ratheer than just "mtu".

       Impact Assessment: Describe the severity and impact (e.g., network down,availability of a workaround, etc.).

       

      The impact is that packets are dropped to the VM. One could say it is a misconfiguration that the VM has a 1500 byte MTU, which is valid. I think that lowers the priority of this fix somewhat.

       

       Software Versions: 

      ovn-24.09.1-10.fc41.x86_64

       

        Issue Type: new

       

       Reproducibility: can always reproduce

       

       Reproduction Steps: I'll add comments explaining how to reproduce it easily with ovn-kubernetes.

       

       Expected Behavior: VM should receive needs frag and lower its MTU, and then further packets should be transmitted and received between client and server.

       Observed Behavior: A needs frag is never sent, and the packets are just continued to be dropped due to the MTU being too large on the packet.

       

       

              ovnteam@redhat.com OVN Team
              trozet@redhat.com Tim Rozet
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: