Hi list
I've just deployed two redundant OpenBSD 4.4's as main gateways for a
network, and all in all its working great, as expected with OpenBSD :)
Each box (HP DL320) have one Intel Quad GigE adapter each (82571EB),
connected to a HP 2810-48 GigE switch.
em0 and em1 are trunk0, and running the external link on top (Thus
normal 1500 MTU)
em2 and em3 are trunk1, and here I run a couple of VLAN's, and thus
the MTU is 1496.
The problems I'm having is this:
When some mailservers (out of my control) tries to send email to our
server (located on one of the VLANs), they connect all fine and
performs SMTP handshake etc, but then when the get around to sending
DATA followed by the actual mail, they start to using 1500b frames
with the DF bit set.
All fine in a normal env.. But for me, this of course fails, since my
net can only handle 1496 bytes. As expected my box sends ICMP
unreachable - need to frag (mtu 1496) to the remote server.
This works fine and is respected in most cases, the package is
retransmitted in smaller frames, but some sending servers seems to
ignore my ICMP (firewalled away at their end? shouldnt be a problem
here since other servers gets it and retransmits), and just keeps on
sending 1500b packets.. And my box continues to drop em and returning
ICMP unreach..
So, I started looking in to enabling jumbo frames on my local net (or
at least make sure i can transmit 1500b on the VLANs), but it seems
I've hit a stop at trunk, since from what I can tell I cannot get >
1500b MTU there:
if_trunk.c:
...
case SIOCSIFMTU:
if (ifr->ifr_mtu > ETHERMTU) {
error = EINVAL;
break;
}
ifp->if_mtu = ifr->ifr_mtu;
break;
....
ETHERMTU is #defined as 1500
So... Dead end there? Is there any way to get > 1500b MTU on a trunk
somehow? Would it be possible to just hack if_trunk.c, and making sure
the underlying interface are running at at least 1502 bytes? That
would be enough for me.. That was what I first tried, changing the MTU
of em2/3 to 1502 in order to allow space for the VLAN tag, hoping that
the trunk interface would see this and change, but no.
I guess someone here probably had this problem sometime, how have you
solved it?
I could of course try to get in touch with the admins of these servers
but that is probably not the easiest task (the list of servers I got
problems with includes big global unnamed companies).
Thanks for any help, and many many thanks for the great OpenBSD 4.4
release! :)
Johan
