<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 28 October 2014 00:18, A, Keshava <span dir="ltr"><<a href="mailto:keshava.a@hp.com" target="_blank">keshava.a@hp.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Hi,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Currently OpenStack have any framework to notify the Tennant/Service-VM for such kind of notification based on VM’s interest ?</span></p></div></div></blockquote><div><br></div><div>It's possible to use DHCP or RA to notify a VM of the MTU but there are limitations (RAs don't let you increase the MTU, only decrease it, and obviously VMs must support the MTU element of DHCP) and Openstack doesn't currently use it. You can statically configure the DHCP MTU number that DHCP transmits; this is useful to work around problems but not really the right answer to the problem.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="blue" vlink="purple" lang="EN-US"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">VM may be very much interested for such kind of notification like
<u></u><u></u></span></p>
<p style="margin-left:.75in">
<u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><span>1.<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Path MTU.</span></p></div></div></blockquote><div>This will be correctly discovered from the ICMP PMTU exceeded message, and Neutron routers should certainly be expected to send that. (In fact the namespace implementation of routers would do this if the router ever had different MTUs on its ports; it's in the kernel network stack.) There's no requirement for a special notification, and indeed you couldn't do it that way anyway.<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="blue" vlink="purple" lang="EN-US"><div><p style="margin-left:.75in"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p style="margin-left:.75in">
<u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><span>2.<span style="font:7.0pt "Times New Roman"">
</span></span></span><u></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Based on specific incoming Tennant traffic, block/Allow particular traffic flow at infrastructure level itself, instead of at VM.
</span></p></div></div></blockquote><div>I don't see the relevance; and you appear to be describing security groups.<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="blue" vlink="purple" lang="EN-US"><div><p style="margin-left:.75in"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p style="margin-left:.75in"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">This may require OpenStack infrastructure notification support to Tenant/Service VM.</span></p></div></div></blockquote><div>Not particularly, as MTU doesn't generally change, and I think we would forbid changing the MTU of a network after creation. It's only an initial configuration thing, therefore. It might involve better cloud-init support for network configuration, something that gets discussed periodically. <br><br>-- <br></div><div>Ian.<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="blue" vlink="purple" lang="EN-US"><div><p style="margin-left:.75in"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> …<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thanks & regards,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Keshava<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> Ian Wells [mailto:<a href="mailto:ijw.ubuntu@cack.org.uk" target="_blank">ijw.ubuntu@cack.org.uk</a>]
<br>
<b>Sent:</b> Tuesday, October 28, 2014 11:40 AM<br>
<b>To:</b> OpenStack Development Mailing List (not for usage questions)<br>
<b>Subject:</b> Re: [openstack-dev] [neutron] vm can not transport large file under neutron ml2 + linux bridge + vxlan<u></u><u></u></span></p><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Path MTU discovery works on a path - something with an L3 router in the way - where the outbound interface has a smaller MTU than the inbound one. You're transmitting across an L2 network - no L3 routers present.
You send a 1500 byte packet, the network fabric (which is not L3, has no address, and therefore has no means to answer you) does all that it can do with that packet - it drops it. The sender retransmits, assuming congestion, but the same thing happens. Eventually
the sender decides there's a network problem and times out.<br>
<br>
This is a common problem with Openstack deployments, although various features of the virtual networking let you get away with it, with some configs and not others. OVS used to fake a PMTU exceeded message from the destination if you tried to pass an overlarge
packet - not in spec, but it hid the problem nicely. I have a suspicion that some implementations will fragment the containing UDP packet, which is also not in spec and also solves the problem (albeit with poor performance).<br>
<br>
The right answer for you is to set the MTU in your machines to the same MTU you've given the network, that is, 1450 bytes. You can do this by setting a DHCP option for MTU, providing your VMs support that option (search the web for the solution, I don't have
it offhand) or lower the MTU by hand or by script when you start your VM.<u></u><u></u></p>
</div>
<p class="MsoNormal">The right answer for everyone is to properly determine and advertise the network MTU to VMs (which, with provider networks, is not even consistent from one network to the next) and that's the spec Kyle is referring to. We'll be fixing
this in Kilo.<br>
-- <u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Ian.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On 27 October 2014 20:14, Li Tianqing <<a href="mailto:jazeltq@163.com" target="_blank">jazeltq@163.com</a>> wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:black"><br>
<br>
<br>
<br>
<u></u><u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:black">--<u></u><u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:black">Best<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:black"> Li Tianqing<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Arial","sans-serif";color:black"><u></u> <u></u></span></p>
<pre><span style="color:black"><br>At 2014-10-27 17:42:41, "Ihar Hrachyshka" <<a href="mailto:ihrachys@redhat.com" target="_blank">ihrachys@redhat.com</a>> wrote:<u></u><u></u></span></pre>
<pre><span style="color:black">>-----BEGIN PGP SIGNED MESSAGE-----<u></u><u></u></span></pre>
<pre><span style="color:black">>Hash: SHA512<u></u><u></u></span></pre>
<pre><span style="color:black">><u></u> <u></u></span></pre>
<pre><span style="color:black">>On 27/10/14 02:18, Li Tianqing wrote:<u></u><u></u></span></pre>
<pre><span style="color:black">>> Hello, Right now, we test neutron under havana release. We<u></u><u></u></span></pre>
<pre><span style="color:black">>> configured network_device_mtu=1450 in neutron.conf, After create<u></u><u></u></span></pre>
<pre><span style="color:black">>> vm, we found the vm interface's mtu is 1500, the ping, ssh, is ok.<u></u><u></u></span></pre>
<pre><span style="color:black">>> But if we scp large file between vms then scp display 'stalled'.<u></u><u></u></span></pre>
<pre><span style="color:black">>> And iperf is also can not completed. If we configured vm's mtu to<u></u><u></u></span></pre>
<pre><span style="color:black">>> 1450, then iperf, scp all is ok. If we iperf with -M 1300, then the<u></u><u></u></span></pre>
<pre><span style="color:black">>> iperf is ok too. The vms path mtu discovery is set by default. I do<u></u><u></u></span></pre>
<pre><span style="color:black">>> not know why the vm whose mtu is 1500 can not send large file.<u></u><u></u></span></pre>
<pre><span style="color:black">><u></u> <u></u></span></pre>
<pre><span style="color:black">>There is a neutron spec currently in discussion for Kilo to finally<u></u><u></u></span></pre>
<pre><span style="color:black">>fix MTU issues due to tunneling, that also tries to propagate MTU<u></u><u></u></span></pre>
<div>
<pre><span style="color:black">>inside instances: <a href="https://review.openstack.org/#/c/105989/" target="_blank">https://review.openstack.org/#/c/105989/</a><u></u><u></u></span></pre>
</div>
<div>
<pre><span style="color:black"><u></u> <u></u></span></pre>
</div>
<div>
<pre><span style="color:black">The problem is i do not know why the vm with 1500 mtu can not send large file? <u></u><u></u></span></pre>
</div>
<div>
<pre><span style="color:black">I found the packet send out all with DF, and is it because the DF set default by linux cause the packet<u></u><u></u></span></pre>
</div>
<div>
<pre><span style="color:black">be dropped? And the application do not handle the return back icmp packet with the smaller mtu?<u></u><u></u></span></pre>
</div>
<div>
<pre><span style="color:black"><u></u> <u></u></span></pre>
</div>
<div>
<pre><span style="color:black"> <u></u><u></u></span></pre>
</div>
<pre><span style="color:black">><u></u> <u></u></span></pre>
<pre><span style="color:black">>/Ihar<u></u><u></u></span></pre>
<pre><span style="color:black">>-----BEGIN PGP SIGNATURE-----<u></u><u></u></span></pre>
<pre><span style="color:black">>Version: GnuPG/MacGPG2 v2.0.22 (Darwin)<u></u><u></u></span></pre>
<pre><span style="color:black">><u></u> <u></u></span></pre>
<pre><span style="color:black">>iQEcBAEBCgAGBQJUThORAAoJEC5aWaUY1u571u4H/3EqEVPL1Q9KgymrudLpAdRh<u></u><u></u></span></pre>
<pre><span style="color:black">>fwNarwPWT8Ed+0x7WIXAr7OFXX1P90cKRAZKTlAEEI94vOrdr0s608ZX8awMuLeu<u></u><u></u></span></pre>
<pre><span style="color:black">>+LB6IA7nMpgJammfDb8zNmYLHuTQGGatXblOinvtm3XXIcNbkNu8840MTV3y/Jdq<u></u><u></u></span></pre>
<pre><span style="color:black">>Mndtz69TrjTrjn7r9REJ4bnRIlL4DGo+gufXPD49+yax1y/woefqwZPU13kO6j6R<u></u><u></u></span></pre>
<pre><span style="color:black">>Q0+MAy13ptg2NwX26OI+Sb801W0kpDXby6WZjfekXqxqv62fY1/lPQ3oqqJBd95K<u></u><u></u></span></pre>
<pre><span style="color:black">>EFe5NuogLV7UGH5vydQJa0eO2jw5lh8qLuHSShGcDEp/N6oQWiDzXYYYoEQdUic=<u></u><u></u></span></pre>
<pre><span style="color:black">>=jRQ/<u></u><u></u></span></pre>
<pre><span style="color:black">>-----END PGP SIGNATURE-----<u></u><u></u></span></pre>
<pre><span style="color:black">><u></u> <u></u></span></pre>
<pre><span style="color:black">>_______________________________________________<u></u><u></u></span></pre>
<pre><span style="color:black">>OpenStack-dev mailing list<u></u><u></u></span></pre>
<pre><span style="color:black">><a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><u></u><u></u></span></pre>
<pre><span style="color:black">><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><u></u><u></u></span></pre>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
<br>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div></div></div>
</div>
<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div></div>