There is a question about mtu of vxlan port. In below scene, there are two
node(compute or vm), and we send udp packets between two docker with
nic’s(eth0) mtu setting to 1500.
Vxlan port’s mtu is 65485 setting in ovs code(we don’t change it). It works
well that packet can be sent and receive to/from other docker.
But we add conntrack flow table in interface of one bridge, such as:
ovs-ofctl add-flow $1 "table=0,arp,action=resubmit(,1)"
ovs-ofctl add-flow $1 "table=0,ip,action=ct(commit,zone=1,table=1)"
ovs-ofctl add-flow $1 "table=1,actions=NORMAL"
1、 It is ok with packet length <= 1450 bytes;
2、 but when we send packet length > 1450 bytes, such as 2000 bytes, the
packet will be dropped at
the vxlan port in the sending node.
3、 if we modi the mtu of vxlan port from 65485 to 1450, it works well when
packet length >=1450.
First when send big udp packet(len>1450), it will be fragged when send from one
when add conntrack flow table, udp packet(length>1450) will be deal with
do_execute_actions in which “case OVS_ACTION_ATTR_CT” will be called. In this
switch case, handle_fragments routine is called to
defrag udp frags. When packet comes to vxlan port, packet is aggregated to one
packet with length >1450, then it is compared with mtu of vxlan port, it is
less than 65485(mtu length of vxlan port)
so it does not frag and pass through to eth0 (mtu=1450), then in routine
output_ip it return error code of -90.
When no conntrack flow table is added, big udp packet will not go through “case
OVS_ACTION_ATTR_CT” in do_execute_actions, then defrag will not been done. So
eack frags with lengh 1450, can go through vxlan port and eth0.
so my question is, why the mtu of vxlan port is set to 65485(so big!), and can
it be modified to 1450?
[vxlan port] |
[eth0] - - - - - - - - |- - - - - - - - -
- -- -- - [eth0]
discuss mailing list