Hi,
Currently OpenStack have any framework to notify the Tennant/Service-VM for
such kind of notification based on VM’s interest ?
VM may be very much interested for such kind of notification like
1. Path MTU.
2. Based on specific incoming Tennant traffic, block/Allow particular
traffic flow at infrastructure level itself, instead of at VM.
This may require OpenStack infrastructure notification support to
Tenant/Service VM.
…
Thanks & regards,
Keshava
From: Ian Wells [mailto:ijw.ubu...@cack.org.uk]
Sent: Tuesday, October 28, 2014 11:40 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [neutron] vm can not transport large file under
neutron ml2 + linux bridge + vxlan
Path MTU discovery works on a path - something with an L3 router in the way -
where the outbound interface has a smaller MTU than the inbound one. You're
transmitting across an L2 network - no L3 routers present. You send a 1500
byte packet, the network fabric (which is not L3, has no address, and therefore
has no means to answer you) does all that it can do with that packet - it drops
it. The sender retransmits, assuming congestion, but the same thing happens.
Eventually the sender decides there's a network problem and times out.
This is a common problem with Openstack deployments, although various features
of the virtual networking let you get away with it, with some configs and not
others. OVS used to fake a PMTU exceeded message from the destination if you
tried to pass an overlarge packet - not in spec, but it hid the problem nicely.
I have a suspicion that some implementations will fragment the containing UDP
packet, which is also not in spec and also solves the problem (albeit with poor
performance).
The right answer for you is to set the MTU in your machines to the same MTU
you've given the network, that is, 1450 bytes. You can do this by setting a
DHCP option for MTU, providing your VMs support that option (search the web for
the solution, I don't have it offhand) or lower the MTU by hand or by script
when you start your VM.
The right answer for everyone is to properly determine and advertise the
network MTU to VMs (which, with provider networks, is not even consistent from
one network to the next) and that's the spec Kyle is referring to. We'll be
fixing this in Kilo.
--
Ian.
On 27 October 2014 20:14, Li Tianqing <jaze...@163.com<mailto:jaze...@163.com>>
wrote:
--
Best
Li Tianqing
At 2014-10-27 17:42:41, "Ihar Hrachyshka"
<ihrac...@redhat.com<mailto:ihrac...@redhat.com>> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA512
>
>On 27/10/14 02:18, Li Tianqing wrote:
>> Hello, Right now, we test neutron under havana release. We
>> configured network_device_mtu=1450 in neutron.conf, After create
>> vm, we found the vm interface's mtu is 1500, the ping, ssh, is ok.
>> But if we scp large file between vms then scp display 'stalled'.
>> And iperf is also can not completed. If we configured vm's mtu to
>> 1450, then iperf, scp all is ok. If we iperf with -M 1300, then the
>> iperf is ok too. The vms path mtu discovery is set by default. I do
>> not know why the vm whose mtu is 1500 can not send large file.
>
>There is a neutron spec currently in discussion for Kilo to finally
>fix MTU issues due to tunneling, that also tries to propagate MTU
>inside instances: https://review.openstack.org/#/c/105989/
The problem is i do not know why the vm with 1500 mtu can not send large file?
I found the packet send out all with DF, and is it because the DF set default
by linux cause the packet
be dropped? And the application do not handle the return back icmp packet with
the smaller mtu?
>
>/Ihar
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
>
>iQEcBAEBCgAGBQJUThORAAoJEC5aWaUY1u571u4H/3EqEVPL1Q9KgymrudLpAdRh
>fwNarwPWT8Ed+0x7WIXAr7OFXX1P90cKRAZKTlAEEI94vOrdr0s608ZX8awMuLeu
>+LB6IA7nMpgJammfDb8zNmYLHuTQGGatXblOinvtm3XXIcNbkNu8840MTV3y/Jdq
>Mndtz69TrjTrjn7r9REJ4bnRIlL4DGo+gufXPD49+yax1y/woefqwZPU13kO6j6R
>Q0+MAy13ptg2NwX26OI+Sb801W0kpDXby6WZjfekXqxqv62fY1/lPQ3oqqJBd95K
>EFe5NuogLV7UGH5vydQJa0eO2jw5lh8qLuHSShGcDEp/N6oQWiDzXYYYoEQdUic=
>=jRQ/
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>OpenStack-dev mailing list
>OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org>
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
