Bug 1850957

Summary: [OVN] Northbound path MTU discovery is not working, ICMP 'fragmentation needed' not sent by OVN router
Product: Red Hat OpenStack Reporter: Roman Safronov <rsafrono>
Component: python-networking-ovnAssignee: Assaf Muller <amuller>
Status: CLOSED WORKSFORME QA Contact: Eran Kuris <ekuris>
Severity: high Docs Contact:
Priority: high    
Version: 16.1 (Train)CC: apevec, fiezzi, jlibosva, lhh, majopela, scohen
Target Milestone: z2Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1850962 (view as bug list) Environment:
Last Closed: 2020-07-16 15:21:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1850962    
Bug Blocks: 1547074    

Description Roman Safronov 2020-06-25 09:22:29 UTC 
Description of problem:

I installed the latest 16.1 puddle with all needed configuration to support 9000 bytes MTU on internal networks, set 1500 bytes MTU on external network. All needed neutron settings were also configured. And I found that the OVN router does not send ICMP 'need to frag' anymore like it should according this RFE https://bugzilla.redhat.com/show_bug.cgi?id=1547074

I also still have an old environment handy where the feature is working. 


Some details:
OLD environment 
build: RHOS-16.1-RHEL-8-20200511.n.0
puppet-ovn-15.4.1-0.20200311045730.192ac4e.el8ost.noarch
python3-networking-ovn-7.1.1-0.20200507153427.fd1c0c3.el8ost.noarch
ovn2.13-2.13.0-18.el8fdp.x86_64
openvswitch2.13-2.13.0-18.el8fdp.x86_64
kernel: 4.18.0-193.1.2.el8_2.x86_64


NEW environment 
build: RHOS-16.1-RHEL-8-20200616.n.0
python3-networking-ovn-7.2.1-0.20200611111150.18fabca.el8ost.noarch
puppet-ovn-15.4.1-0.20200311045730.192ac4e.el8ost.noarch
ovn2.13-2.13.0-30.el8fdp.x86_64
openvswitch2.13-2.13.0-25.el8fdp.1.x86_64
kernel: 4.18.0-193.6.3.el8_2.x86_64



Same on both (tested on all controllers):
[heat-admin@controller-0 ~]$ sudo ovs-appctl -t ovs-vswitchd dpif/show-dp-features br-int | grep "Check pkt"
Check pkt length action: Yes

[heat-admin@controller-0 ~]$ sudo podman exec -it neutron_api crudini --get /etc/neutron/plugins/ml2/ml2_conf.ini ovn ovn_emit_need_to_frag
True

All interfaces on all nodes are set to support MTU 9000
gateway_mtu="1500" set for logical router gateway port


Version-Release number of selected component (if applicable):
RHOS-16.1-RHEL-8-20200616.n.0 

same issue also with newer puddle RHOS-16.1-RHEL-8-20200623.n.0
python3-networking-ovn-7.2.1-0.20200611111150.18fabca.el8ost.noarch
puppet-ovn-15.4.1-0.20200311045730.192ac4e.el8ost.noarch
ovn2.13-2.13.0-30.el8fdp.x86_64
openvswitch2.13-2.13.0-25.el8fdp.1.x86_64
kernel: 4.18.0-193.6.3.el8_2.x86_64


How reproducible:
100%

Steps to Reproduce:
1. Create external network, internal network (mtu bigger than the external network has), router, connect both networks to the router, keypair, security group with rules allowing icmp, ssh, udp.
2. Launch an instance on the internal network using created keypair and security group
3. Try to ping ip address on the external network from the VM using size bigger than mtu of the external network


Actual results:
No ICMP 'fragmentation needed' sent from the OVN router

Expected results:
ICMP 'fragmentation needed' sent by OVN router

Additional info:
Comment 2 Roman Safronov 2020-07-16 15:21:04 UTC 
Does not occur after FDP 20.E released and used in OSP.

Tested on puddle RHOS-16.1-RHEL-8-20200714.n.0 with ovn2.13-2.13.0-37.el8fdp.x86_64.

ICMP 'fragmentation needed' sent by OVN router as expected.

Note: tested with default kernel of rhel 8.2 therefore fragmentation did not work, i.e. https://bugzilla.redhat.com/show_bug.cgi?id=1854084 is still valid. Fix for it is available in rhel 8.3, see https://bugzilla.redhat.com/show_bug.cgi?id=1851888. There is a BZ for backporting this fix to rhel 8.2, see https://bugzilla.redhat.com/show_bug.cgi?id=1854149