RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1395512 - [RFE] ipxe should obey DHCP option 26 for MTU
Summary: [RFE] ipxe should obey DHCP option 26 for MTU
Keywords:
Status: CLOSED DUPLICATE of bug 1597210
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipxe
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Neil Horman
QA Contact: Raviv Bar-Tal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-16 04:49 UTC by Dan Callaghan
Modified: 2022-03-13 14:08 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-08-17 13:38:14 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Dan Callaghan 2016-11-16 04:49:38 UTC 
Description of problem:
We are running ipxe in OpenStack instances, using a small disk image containing ipxe.lkrn, similar to the approach described here:
https://kimizhang.wordpress.com/2013/08/26/create-pxe-boot-image-for-openstack/

The instances are attached to Neutron virtual networks, which internally inside OpenStack are using some Ethernet encapsulation which means the network MTU visible to the OpenStack instances is less than the standard Ethernet 1500 bytes. The DHCP server provided by Neutron is correctly configured to serve up the smaller MTU in DHCP option 26 (in our case it is using 1400). There is a bit more background about OpenStack MTU issues here:
https://specs.openstack.org/openstack/neutron-specs/specs/kilo/mtu-selection-and-advertisement.html

ipxe ignores DHCP option 26 and assumes that an IPv4-on-Ethernet network interface supports the full 1500-byte MTU.

Actually in its sending path when calculating TCP transmit window, ipxe already assumes a very conservative MTU of 1280. The problem is it advertises its TCP MSS assuming the full 1500 MTU. As a result, if ipxe makes a TCP connection to a nearby host on a segment with 1500 MTU but no fragmenting router in between, the TCP MSS will be too large and packets sent by the other end will get dropped.

The end result is that the TCP connection will appear to stall with no data received, if the sender is transmitting large packets (for example fetching a kernel image over HTTP). Note that some very small HTTP responses will be unaffected, as will any TCP connections which pass over WAN links or anything else which happens to have a small enough MTU.

Version-Release number of selected component (if applicable):
ipxe-bootimgs-20160127-5.git6366fa7a.el7

How reproducible:
reliably, in this particular OpenStack instance

Steps to Reproduce:
1. Create and upload a disk image containing ipxe to Glance, using the technique described in the article above, or by using beaker-create-ipxe-image.
(We hit this problem while working on Beaker's OpenStack integration which uses ipxe disk images.)
2. Boot the image on an OpenStack instance in a Neutron virtual network with MTU less than 1500.
3. Use imgfetch or a similar command, to pull down a large kernel image from an HTTP server on a LAN segment with MTU 1500.

Actual results:
The imgfetch download stalls at 0% after receiving HTTP headers. Observe that the TCP MSS advertised by ipxe is 1460, which is larger than it can actually receive.

Expected results:
HTTP transfer should complete. TCP MSS should be based on the MTU supplied by DHCP option 26.

Additional info:
I wrote a patch for ipxe to obey DHCP option 26 and posted it upstream:
http://lists.ipxe.org/pipermail/ipxe-devel/2016-November/005261.html
Comment 3 Dan Callaghan 2017-04-11 23:10:52 UTC 
FYI I think this is probably fixed by this upstream ipxe commit (though I haven't tested yet):

https://git.ipxe.org/ipxe.git/commit/16aed6e5ce808615df95c7767b4dd8793c398d93
Comment 4 Neil Horman 2018-08-17 13:38:14 UTC 
I agree, it seems to be fixed by that commit, and we have an ipxe update scheduled for 7.7

*** This bug has been marked as a duplicate of bug 1597210 ***
Note You need to log in before you can comment on or make changes to this bug.