Description of problem: When using Neutron to create a network with MTU != 0 and pinging the instance using the command 'ping -s <packet_size> -M do <instance floating ip>' it succeeds even when the packet_size > network MTU. Version-Release number of selected component (if applicable): python-neutron-2015.1.0-1.el7ost.noarch Instance's image: rhel-guest-image-7.1-20150223.0.x86_64.qcow2 How reproducible: First time I saw it Steps to Reproduce: 1.In /etc/neutron/plugins/ml2/ml2_conf.ini set segment_mtu=1300 2.In /etc/neutron/neutron.conf set advertise_mtu = True 3.Restart Neutron # openstack-service restart neutron 4.Create a network and verify the MTU # neutron net-show <network> 5. Associate the instance a floating IP 6. From external network ping the instance: # ping -s <packet_size> -M do <instance floating ip> Actual results: Ping succeeds Expected results: Ping should fail when packet size is greater than Network's MTU Additional info:
@Ihar: Can you help triage the bug? Thank you.
tl;dr with several neutron/nova patches, all works; installers may require changes to let core components do their work. OK, so I played with latest DLRN stable/liberty code locally, and here is what I noticed: 1. upstream 7.1.0 release included several MTU related patches that made Neutron and Nova consider network MTU when setting up VIF data path. Those are not yet included in OSP8, a rebase for both projects is suggested to get access to better MTU story for the release. 2. if you use packstack as an installer, it enforces MTU = 1400 in /etc/neutron/dnsmasq-neutron.conf, so unless you remove that enforcement from the file and restart DHCP agent, per-network MTU will not be applied to DHCP leases. This file should be empty when doing testing. 3. TripleO has the same issue. This should be disabled/cleaned up to let neutron/nova handle the setup: http://git.openstack.org/cgit/openstack/tripleo-heat-templates/tree/puppet/compute.yaml#n128 4. once DHCP agent advertises MTU = 1250, instances set their interface MTUs to 1280. The reason why it's higher than what is advertised by DHCP agent is because those interfaces have IPv6 enabled, and 1280 is the very minimal value for the IP version. With the needed patches backported to Nova and Neutron, and removing the enforcement for 1400 in installer component we should be good.
There is a bug for documentation update that suggests to document the MTU hack TripleO ships: https://bugzilla.redhat.com/show_bug.cgi?id=1323030 We may want to revert that one if we fix it properly in the branch from all sides.
Proposed a fix for TripleO templates to remove MTU hacks in Newton: https://review.openstack.org/#/c/325926/ Will consider a backport once it's accepted in upstream.
@Brent, I see the patch in comment 6 was merged. Any backports needed for OSP 8?