Okay, I've done some reading up on the code. It seems the em driver
(in 4.4) have its HW VLAN tagging capability disabled, and thus I
cannot use that. Seems some changes have been commited since, I tried
(without much hope of it working :P) to backport this into 4.4, but
failed totally as expected ;)
Instead, I've modified my configuration to not use VLANs, since I'm
only using 3 internal networks (previously 3 VLANs) from this router
at this moment, and I got 4 ports, I managed to solve it anyway..
But it would still be nice to be able to do VLAN routing (together
with trunk, I'll never push 1GBit right now, but I might want to
later) in the future, since thats something I cannot do now.
Anyone know how common this problem with blocked ICMP packets is?
Anyone else had the same problem?
Thanks
Johan
On Nov 4, 2008, at 14:08 , Johan Strvm wrote:
Hi list
I've just deployed two redundant OpenBSD 4.4's as main gateways for
a network, and all in all its working great, as expected with
OpenBSD :)
Each box (HP DL320) have one Intel Quad GigE adapter each (82571EB),
connected to a HP 2810-48 GigE switch.
em0 and em1 are trunk0, and running the external link on top (Thus
normal 1500 MTU)
em2 and em3 are trunk1, and here I run a couple of VLAN's, and thus
the MTU is 1496.
The problems I'm having is this:
When some mailservers (out of my control) tries to send email to our
server (located on one of the VLANs), they connect all fine and
performs SMTP handshake etc, but then when the get around to sending
DATA followed by the actual mail, they start to using 1500b frames
with the DF bit set.
All fine in a normal env.. But for me, this of course fails, since
my net can only handle 1496 bytes. As expected my box sends ICMP
unreachable - need to frag (mtu 1496) to the remote server.
This works fine and is respected in most cases, the package is
retransmitted in smaller frames, but some sending servers seems to
ignore my ICMP (firewalled away at their end? shouldnt be a problem
here since other servers gets it and retransmits), and just keeps on
sending 1500b packets.. And my box continues to drop em and
returning ICMP unreach..
So, I started looking in to enabling jumbo frames on my local net
(or at least make sure i can transmit 1500b on the VLANs), but it
seems I've hit a stop at trunk, since from what I can tell I cannot
get > 1500b MTU there:
if_trunk.c:
...
case SIOCSIFMTU:
if (ifr->ifr_mtu > ETHERMTU) {
error = EINVAL;
break;
}
ifp->if_mtu = ifr->ifr_mtu;
break;
....
ETHERMTU is #defined as 1500
So... Dead end there? Is there any way to get > 1500b MTU on a trunk
somehow? Would it be possible to just hack if_trunk.c, and making
sure the underlying interface are running at at least 1502 bytes?
That would be enough for me.. That was what I first tried, changing
the MTU of em2/3 to 1502 in order to allow space for the VLAN tag,
hoping that the trunk interface would see this and change, but no.
I guess someone here probably had this problem sometime, how have
you solved it?
I could of course try to get in touch with the admins of these
servers but that is probably not the easiest task (the list of
servers I got problems with includes big global unnamed companies).
Thanks for any help, and many many thanks for the great OpenBSD 4.4
release! :)
Johan
