ping with large package size fails
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Expired
|
Undecided
|
Unassigned |
Bug Description
We are using neutron rocky, with security driver set to iptables_hybrid, the cluster is deployed on top of a kubernetes cluster. And all the networks are set to mtu 1500
The problem I am facing right now is that ping across compute nodes fails with a packet size larger than mtu.
ping -s 2000 172.20.93.171
Surprisingly, if I ping an IP address from the same node, it works without any issue.
I have done a simple tcpdump on qvb like (both on remote and local compute node)
tcpdump -i qbvxxxx host 172.20.93.171 and icmp
And I saw the traffic, but if I am listening on tap or qbr, no traffic is captured.
I try to add a log iptable rule to debug, by
iptables -t raw -I PREROUTING 1 -m physdev --physdev-in qvb373214e3-8d -p icmp -s 172.20.93.173/12 -j LOG --log-prefix=
Weird enough, there are no packets counted when packet size set to 2000.
Packets larger than the MTU have typically always had issues traversing bridges, and there won't be any path MTU info returned to inform the sender. They're most likely being dropped "entering" the tap where the MTU is being enforced.
I guess my question is - why should a 2000 byte packet successfully traverse a network that has a 1500 byte MTU? I would actually expect it to fail. Does using the '-M want' flag to ping make it succeed, which would correctly fragment the packet on transmit? Sorry for seeming negative.
Not sure this is a bug in neutron, I think we'd see the same issue manually configuring a bridge connecting two L2 networks and sending a packets larger than the MTU.