[openstack-dev] [TripleO][Neutron] PMTUd broken in gre networks

Ian Wells ijw.ubuntu at cack.org.uk
Tue Jan 21 21:01:41 UTC 2014

On 21 January 2014 21:23, Robert Collins <robertc at robertcollins.net> wrote:

> In OpenStack we've got documentation[1] that advises setting a low MTU
> for tenants to workaround this issue (but the issue itself is
> unsolved) - this is a problem because PMTU is fairly important :)
> Lowering *every* tenant when one tenant somewhere hits a new tunnel
> with a lower physical packet size limit isn't an answer.

The right answer is probably that (a) GRE drops packets it can't take (it
used to return a spoofed PMTU exceeded, which was faintly naughty cos it's
not a router, and it breaks non-IP protocols; sounds like it fragments now,
which is probably no better), (b) we use the DHCP option to advertise the
right MTU, and (c) we require Neutron plugins to work out the MTU, which
for any encap except VLAN is (host interface MTU - header size).

At this point we probably discover that nothing respects the MTU option in
DHCP, mind you (I'm not saying it doesn't work; I'm just saying, have you
ever tried it?)

This solution is pedantically correct and I would actually like to see it
implemented, but there's probably something more pragmatic that can be done.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140121/e58f649e/attachment.html>

More information about the OpenStack-dev mailing list