Description of problem:
UDP packet larger than MTU size can not be sent to its' own end point via the service. MTU here means "MTU size - OVNK header (100) - IP header (20)"
A pod ----(UDP)---> service IP ----------> A pod
Version-Release number of selected component (if applicable):
OCP 4.12.z 4.14.z 4.16.z
How reproducible:
Always
Steps to Reproduce on OCP:
1. create a pod and a service with an open UDP port (19765). e.g.
$ cat service.yaml apiVersion: v1 kind: Service metadata: name: udp-service spec: selector: app: udp ports: - name: udp-port protocol: UDP port: 19765 targetPort: 19765 type: ClusterIP $ cat udp-pod.yaml apiVersion: v1 kind: Pod metadata: labels: app: udp name: udppod spec: containers: - name: udp resources: securityContext: privileged: true capabilities: add: ["NET_RAW"] image: docker.io/dokken/centos-8 args: - bash - -c - sleep INF
2. In the pod, create a binary file that is bigger than the MTU size. If the MTU is 1500:
# yes 1 | head -n 10000 | tr '\n' ' ' | dd of=datafile bs=1373 count=1
2. Send the file in UDP protocol via the service IP of the same pod
# nc -lu 19765 & # nc -u <service IP> 19765 < datafile
Analysis from Jaime on OCP can be found here: https://issues.redhat.com/browse/OCPBUGS-43649?focusedId=25953350&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-25953350
- blocks
-
OCPBUGS-43649 UDP packet larger than MTU size can not be sent to its' own pod via the service.
- ASSIGNED
- is cloned by
-
FDP-1011 UDP packet larger than MTU size can not be sent to its' own pod via the service
- Testing
- is related to
-
FDP-913 OVN incorrectly relies on conntrack to reassemble IP fragments
- Closed
- links to
-
RHBA-2024:143263 ovn23.09 bug fix and enhancement update