There is a question about mtu of vxlan port. In below scene, there are two 
node(compute or vm), and we send udp packets between two docker with 
nic’s(eth0) mtu setting to 1500.
Vxlan port’s mtu is 65485 setting in ovs code(we don’t change it). It works 
well that packet can be sent and receive to/from other docker.

But we add conntrack flow table in interface of one bridge, such as:
   ovs-ofctl  add-flow $1 "table=0,arp,action=resubmit(,1)"
   ovs-ofctl  add-flow $1 "table=0,ip,action=ct(commit,zone=1,table=1)"
   ovs-ofctl  add-flow $1 "table=1,actions=NORMAL"

1、    It is ok with packet length <= 1450 bytes;

2、    but when we send packet length > 1450 bytes, such as 2000 bytes, the 
packet will be dropped at
the vxlan port in the sending node.

3、    if we modi the mtu of vxlan port from 65485 to 1450, it works well when 
packet length >=1450.

First when send big udp packet(len>1450), it will be fragged when send from one 
when add conntrack flow table, udp packet(length>1450) will be deal with 
do_execute_actions in which “case OVS_ACTION_ATTR_CT” will be called. In this 
switch case, handle_fragments routine is called to
defrag udp frags. When packet comes to vxlan port, packet is aggregated to one 
packet with length >1450, then it is compared with mtu of vxlan port, it is 
less than 65485(mtu length of vxlan port)
so it does not frag and pass through to eth0 (mtu=1450), then in routine 
output_ip it return error code of -90.

When no conntrack flow table is added, big udp packet will not go through “case 
OVS_ACTION_ATTR_CT” in do_execute_actions, then defrag will not been done. So 
eack frags with lengh 1450, can go through vxlan port and eth0.

so my question is, why the mtu of vxlan port is set to 65485(so big!),  and can 
it be modified to 1450?
discuss mailing list

Reply via email to