the notorious m t u
play

The Notorious M.T.U. Kevin Benton - Mirantis Sean Collins - - PowerPoint PPT Presentation

Oct 13, 2023 •267 likes •584 views

The Notorious M.T.U. Kevin Benton - Mirantis Sean Collins - Mirantis Ihar Hrachyshka - Red Hat Matt Kassawara - IBM Objectives Learn about MTU in physical networks Learn about nuances of virtual networks that impact MTU Review

  1. The Notorious M.T.U. Kevin Benton - Mirantis Sean Collins - Mirantis Ihar Hrachyshka - Red Hat Matt Kassawara - IBM

  2. Objectives ● Learn about MTU in physical networks ● Learn about nuances of virtual networks that impact MTU ● Review confusing MTU options and workarounds/hacks in releases prior to Mitaka ● Apply MTU knowledge to reveal issues in OpenStack (neutron and nova) including several common deployment cases ● Learn about MTU solution in Mitaka 2

  3. What is MTU? ● Largest network layer (3) data unit that underlying data link layer (2) can pass between transmitter and receiver ○ Commonly, the largest IP packet that can fit into available Ethernet frame ○ Layer 3 must dynamically adjust to changes at layer 2 ● Typically 1500 bytes for 802.3 (Ethernet), although many devices support “jumbo frames” up to approximately 9000 bytes ● Provider/carrier network devices often support over 9000 bytes to account for overhead from MPLS, 802.1ad (Q-in-Q), etc. 3

  4. IP Path MTU Discovery (PMTUD) ● Automatically determines the smallest MTU of network segments between transmitter and receiver ● Operates at IP layer using ICMP ○ Routers (3), not switches (2), handle MTU changes between segments ○ ICMP must pass freely between endpoints! 4

  5. IP PMTUD - IPv4 ● IPv4 supports fragmentation, but it can impact performance ● Operation ○ Transmitter generates a packet using the MTU of the underlying network interface and sets “Don’t Fragment” (DF) bit ○ If a segment between transmitter and receiver contains a smaller MTU, the router prior to that segment returns an ICMP “Fragmentation Needed” (Type 3, Code 4) message to the sender that contains the smaller MTU value ○ Operating system tracks MTU value for the receiver ○ Transmitter generates packet again using the smaller MTU and sets DF bit ○ Cycle repeats until the transmitter discovers the smallest MTU value between transmitter and receiver 5

  6. IP PMTUD - IPv6 ● IPv6 does not support fragmentation ● Operation ○ Transmitter generates a packet using the MTU of the underlying network interface ○ If a segment between transmitter and receiver contains a smaller MTU, the router prior to that segment returns an ICMP “Packet Too Big” (Type 2) message to the sender that contains the smaller MTU value ○ Operating system tracks MTU value for the receiver ○ Transmitter generates packet again using the smaller MTU ○ Cycle repeats until the transmitter discovers the smallest MTU value between transmitter and receiver 6

  7. MTU changes at layer 2 = bad 7

  8. MTU changes at layer 3 = good 8

  9. Virtual networks and MTU ● Flat ○ Uses IEEE 802.3 (Ethernet) ○ Each flat network requires a unique physical network ○ Instance (VM) network interface can use underlying physical network MTU ● VLAN ○ Uses IEEE 802.1q (Ethernet with VLAN tagging) ■ Adds 32-bit field to Ethernet header containing a 12-bit VLAN ID and some other information ■ Effectively adds 4 bytes to Ethernet frame ■ Does not impact payload size ■ Multiple logical networks, each using a unique VLAN ID, can share a physical network ○ Instance (VM) network interface can use underlying physical network MTU 9

  10. Virtual networks and MTU ● Overlay ○ Uses an encapsulation protocol such as VXLAN or GRE to pass arbitrary 802.3 Ethernet frames or IP packets via IP (and sometimes TCP/UDP) ○ Outer (native) IP headers, sometimes TCP/UDP headers, and protocol metadata create overhead that consumes a portion of the outer IP packet, thus reducing space available to devices using the overlay network ○ Instance (VM) network interface must use underlying physical network MTU minus the overhead 10

  11. VXLAN protocol 20 bytes VXLAN Overhead IP Header ● Uses UDP 8 bytes UDP Header ● Encapsulates inner 802.3 Ethernet frame ● Calculate overhead for IPv4 using 1500- VXLAN Header 8 bytes byte MTU 14 bytes Inner Ethernet Header ○ Subtract outer IP header (20 bytes) = 1480 bytes Instance MTU ○ Subtract UDP header (8 bytes) = 1472 bytes ○ Subtract VXLAN header (8 bytes) = 1464 bytes 1450 bytes ○ Subtract inner 802.3 Ethernet header (14 bytes) = 1450 bytes for IP available to device using overlay network 11

  12. GRE protocol 20 bytes IP Header Overhead ● Uses unique transport protocol (47) GRE 8 bytes GRE Header ● Encapsulates inner 802.3 Ethernet frame ● Calculate overhead for IPv4 using 1500- 14 bytes Inner Ethernet Header byte MTU Instance MTU ○ Subtract outer IP header (20 bytes) = 1480 bytes ○ Subtract GRE header (8 bytes) = 1472 bytes ○ Subtract inner Ethernet header (14 bytes) = 1458 bytes for IP available to device using overlay network 1458 bytes 12

  13. Interesting observations 9000 OVS ● Linux 9000 ○ Automatically configures tunnel network interface MTU No MTU by subtracting overlay protocol overhead from the 1500 underlying physical network interface MTU Silently discards packets larger ○ Automatically configures bridge network interface MTU than 1500 to this interface to use the lowest MTU of all ports (devices) on the bridge ○ Permits ends of virtual Ethernet (veth) pairs to use 9000 different MTUs Linux ● Open vSwitch Bridge Forces downgrade ○ Internally uses arbitrarily large MTU 9000 of entire bridge MTU ○ Ignores MTU of bridge interface on host 1500 1500 13

  14. OpenStack MTU problems ● Neutron lacks obvious and consistent support for MTUs larger than 1500 bytes ● By default, nova creates security group bridges and interfaces using a 1500- byte MTU ● Features claiming to address MTU involve confusing and often useless options ○ advertise_mtu (neutron core) ○ physical_network_mtus (ML2 plug-in) ○ path_mtu (ML2 plug-in) ○ segment_mtu (ML2 plug-in) ○ veth_mtu (Open vSwitch agent) ○ network_device_mtu (neutron and nova core) ● Only some plug-ins support the MTU API extension 14 ● Documentation… what documentation?

  15. OpenStack MTU hacks ● Folsom to Juno ○ [Environment] Implement MTU larger than 1500 bytes on underlying physical network while leaving virtual network components at 1500 bytes to account for overlay protocol overhead ■ Instances on any network can use 1500 bytes ○ [Neutron] Manually configure Dnsmasq to provide a smaller MTU that accounts for overlay protocol overhead ■ Also reduces MTU for instances on flat and VLAN networks ○ [Neutron/Nova] Attempt to use the network_device_mtu option to configure MTU of virtual network components ■ Implementation varies by release, plug-in/agent, network types, and combination of other options ○ [Neutron] For the Open vSwitch plug-in/agent with veth interfaces, attempt to use the veth_mtu option 15

  16. OpenStack MTU hacks ● Kilo and Liberty ○ [Neutron+ML2] Configure Dnsmasq to provide a smaller MTU that accounts for overlay protocol overhead ■ Combination of path_mtu and advertise_mtu options ■ Only impacts instances on overlay networks ○ [ML2] Attempt to use variety of additional options that configure MTU for some but not all virtual network components ■ segment_mtu ■ physical_network_mtus ○ [Neutron/Nova] Attempt to use the network_device_mtu option with or without additional options 16

  17. Common use cases ● Assume proper configuration of underlying physical network ● Assume use of Liberty ● Assume VXLAN overlay networks with IPv4 endpoints ○ 50 bytes of overhead ● Cases 1-4 only use path_mtu and advertise_mtu options, if available, to configure instance network interface MTU ● Cases 5-6 also use the network_device_mtu option 17

  18. Case 1: Open vSwitch agent with 1500-byte MTU advertise_mtu = true and path_mtu = 1500 18

  19. Case 2: Open vSwitch agent with 9000-byte MTU advertise_mtu = true and path_mtu = 9000 19

  20. Case 3: Linux bridge agent with 1500-byte MTU advertise_mtu = true and path_mtu = 1500 20

  21. Case 4: Linux bridge agent with 9000-byte MTU advertise_mtu = true and path_mtu = 9000 21

  22. Case 5: Open vSwitch agent with 9000-byte MTU network_device_mtu = 9000 22

  23. Case 6: Linux bridge agent with 9000-byte MTU network_device_mtu = 9000 23

  24. OpenStack MTU solution (Mitaka+) ● Neutron ○ Replace variety of options with a single option suitable for most environments ○ Consistently calculate and set appropriate MTU for all virtual network components ○ By default, provide useful (non-zero) MTU value in API ● Nova ○ Use the MTU value that neutron provides via RPC for security group bridges and interfaces ● os-vif library ○ Replaces nova VIF code ○ Contains essentially the same MTU implementation that currently exists in nova 24

  25. OpenStack MTU solution (Mitaka+) ● Implementation details ○ Move segment_mtu option from ML2 to neutron and rename to global_physnet_mtu ■ Resides in [DEFAULT] section ■ Visible to all plug-ins ■ Change default value from 0 to 1500 ■ Yields calculation of correct MTU for virtual network components in nearly all environments ○ By default, enable advertise_mtu option in neutron ■ Provides correct MTU to instances via DHCP (IPv4) or RA (IPv6) ○ Deprecate path_mtu option in ML2 ■ Neutron review #302089 ○ Keep path_mtu and physical_network_mtus options in ML2 ○ Supports rare environments that implement unique MTU value for each underlying physical or logical network 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Forensic Techniques that Helped Convict Some of the Worlds Most Notorious Serial Killers

Forensic Techniques that Helped Convict Some of the Worlds Most Notorious Serial Killers

Forensic Techniques that Helped Convict Some of the Worlds Most Notorious Serial Killers Mackenzie Kilkeary Overview What is Serial Murder? Ted Bundy Forensic Odontology BTK Killer Digital/DNA Grim Sleeper Familial DNA What

544 views • 30 slides
Towards a University Ranking System in Algeria: rank ordering the notorious, the old and ... the

Towards a University Ranking System in Algeria: rank ordering the notorious, the old and ... the

Towards a University Ranking System in Algeria: rank ordering the notorious, the old and ... the others Prof.Dr. Mohamed MILIANI ( COMIT NATIONAL DVALUATION / NATIONAL EVALUATION COMMITTEE ) ALGERIA Introduction Talking about university

243 views • 6 slides
DESIGN REVIEW 1.2 - Notorious EMG Chris Anderson (EE), Jacob Gamboa (EE), Marshall Kabat (ME), Vi

DESIGN REVIEW 1.2 - Notorious EMG Chris Anderson (EE), Jacob Gamboa (EE), Marshall Kabat (ME), Vi

DESIGN REVIEW 1.2 - Notorious EMG Chris Anderson (EE), Jacob Gamboa (EE), Marshall Kabat (ME), Vi Tran (EE) PROPOSED CRITICAL PATH DEVICE 1 MyoWare Muscle Sensor interfacing with Bluetooth embedded PSoC4 MCU Transmit muscle data wireless

288 views • 24 slides
Who Was Zacchaeus? A notorious and unpopular sinner Luke 19:1-2, NIV Jesus entered Jericho

Who Was Zacchaeus? A notorious and unpopular sinner Luke 19:1-2, NIV Jesus entered Jericho

6/29/2017 Who Was Zacchaeus? A notorious and unpopular sinner Luke 19:1-2, NIV Jesus entered Jericho and was passing through. A man was there by the name of Zacchaeus; he was a chief tax collector and was wealthy. Who Was Zacchaeus?

372 views • 4 slides
The Notorious Four-Color Problem Prof. Jeremy L. Martin Department of Mathematics University of

The Notorious Four-Color Problem Prof. Jeremy L. Martin Department of Mathematics University of

The Four-Color Theorem Graphs The Solution of the Four-Color Problem More About Coloring Graphs The Notorious Four-Color Problem Prof. Jeremy L. Martin Department of Mathematics University of Kansas KU Mini College June 5, 2013 1 / 141

1.7k views • 141 slides
Muscle Guide Notorious EMG DR2.2 3/12/2019 Chris Anderson (EE), Jacob Gamboa (EE), Marshall

Muscle Guide Notorious EMG DR2.2 3/12/2019 Chris Anderson (EE), Jacob Gamboa (EE), Marshall

Muscle Guide Notorious EMG DR2.2 3/12/2019 Chris Anderson (EE), Jacob Gamboa (EE), Marshall Kabat (ME), Vi Tran (EE) Demo EMG device signal conditioning Demo GLCD EMG signal waveform display (PSOC4) In person demo shows waveform

483 views • 14 slides
What is Alzheimers Disease? A progressive disease, notorious for its incurable nature and

What is Alzheimers Disease? A progressive disease, notorious for its incurable nature and

Current Tetra-Gelatin Tetra-Gelatin Alzheimers Consequences Alzheimers Magnetic Magnetic Disease of TeGMaC Treatments Carrier: I Carrier: II What is Alzheimers Disease? A progressive disease, notorious for its incurable

174 views • 5 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (10/29/07) I E S R C E O V

UMBC A B M A L T F O U M B C I M Y O R T 1 (10/29/07) I E S R C E O V

VLSI Design Verification and Test Delay Faults II CMPE 646 Path Counting The number of paths can be an exponential function of the # of gates. Parallel multipliers are notorious for having huge numbers of paths. It is possible to efficiently

290 views • 11 slides
Scanning In the old War Games film there is a teenager with an automated way of calling

Scanning In the old War Games film there is a teenager with an automated way of calling

Scanning In the old War Games film there is a teenager with an automated way of calling through all possible modem numbers in some range to find a computer which answers. (Some claim that a notorious hacker Kevin Mitnik was an inspiration

706 views • 28 slides
San Andrea in Mantua circa 1470 Triumphal Arch Idea vaulted ceilings, coffered in the manner of

San Andrea in Mantua circa 1470 Triumphal Arch Idea vaulted ceilings, coffered in the manner of

Malatesta Temple, circa 1450 Shows Influence of Roman Triumphal Arch Incomplete Structure built for a Military despot (Sigismondo Malatesta) in Rimini It was a church, - converted into a notorious temple for Malatesta and his mistress

944 views • 61 slides
October 16 th 2015, Budapest Workshop on Linguistic and Cognitive aspects of Quantification

October 16 th 2015, Budapest Workshop on Linguistic and Cognitive aspects of Quantification

October 16 th 2015, Budapest Workshop on Linguistic and Cognitive aspects of Quantification The semantics and the acquisition of the distributive marker po , which is notorious, (common to Slavic and has very broad distribution); our

1.02k views • 68 slides
JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce

JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce

JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce JavaScript? Notorious for being worlds most misunderstood programming language o (Douglas Crockford -

432 views • 11 slides
Greed Is Good (For Scheduling Under Uncertainty) Marc Uetz m.uetz@utwente.nl (updated) IPCO

Greed Is Good (For Scheduling Under Uncertainty) Marc Uetz m.uetz@utwente.nl (updated) IPCO

Greed Is Good (For Scheduling Under Uncertainty) Marc Uetz m.uetz@utwente.nl (updated) IPCO 2017 paper, with: Varun Gupta, Ben Moseley, Qiaomin Xie 1-Slide Overview Talk is about (basic, notorious) stochastic scheduling problem [defined

349 views • 22 slides
A Scalable Prediction Engine for Automating Structured Data Prep Ihab Ilyas University of

A Scalable Prediction Engine for Automating Structured Data Prep Ihab Ilyas University of

A Scalable Prediction Engine for Automating Structured Data Prep Ihab Ilyas University of Waterloo The Notorious Data Quality Problem Manual labeling, fixing and A whole ecosystem tackling Pushing low quality best effort imputation different

281 views • 13 slides
AGENCY AND BRAIN DRAIN Abdoulaye SALIFOU Delegated 1 director AUF_Central Africa Office The

AGENCY AND BRAIN DRAIN Abdoulaye SALIFOU Delegated 1 director AUF_Central Africa Office The

THE FRANCOPHONIE UNIVERSITY AGENCY AND BRAIN DRAIN Abdoulaye SALIFOU Delegated 1 director AUF_Central Africa Office The problematic of Brain drain The human ressources necessary for the development of Africa is notorious lacking and at the

464 views • 27 slides
Rush City s Culture s Culture Project Description Rush City Project Description

Rush City s Culture s Culture Project Description Rush City Project Description

Mr. James Snookums Snookums Bell Bell Mr. James East St. Louis Action Research Project East St. Louis Action Research Project th of 2006 October 14 th October 14 of 2006 Alfonso Cervantes Alfonso Cervantes David Rivera

65 views • 3 slides
The past, the present and the future for Small Water and Wastewater Systems Hallvard degaard *

The past, the present and the future for Small Water and Wastewater Systems Hallvard degaard *

1 IWA Specialized Conference on Small Water and Wastewater Systems Athens 14-16 September 2016. The past, the present and the future for Small Water and Wastewater Systems Hallvard degaard * Prof. em. Norwegian University of Science and

504 views • 34 slides
Long Term Monitoring Program (LTEMP) Sediments Mussel tissue ........... 1993 - Project

Long Term Monitoring Program (LTEMP) Sediments Mussel tissue ........... 1993 - Project

9/19/19 Long Term Monitoring Program (LTEMP) Sediments Mussel tissue ........... 1993 - Project Initiated by Kinnetic Labs (KLI) based on NOAA Status and Trends Program 2002 - PECI 1 9/19/19 Modified Van Veen grab sampler 2 9/19/19

253 views • 22 slides
Reed Street Yards Global Water Technology Park A Project of Partnerships & Cooperation:

Reed Street Yards Global Water Technology Park A Project of Partnerships & Cooperation:

Reed Street Yards Global Water Technology Park A Project of Partnerships & Cooperation: Balancing Natural Resources & Economic Development Sig Strautmanis, General Capital Joshua Neudorfer, The Sigma Group Milwaukee, Wisconsin

232 views • 19 slides
What is it? A low-cost laser rangefinder consisting of PS3 Eye camera + line laser diode

What is it? A low-cost laser rangefinder consisting of PS3 Eye camera + line laser diode

What is it? A low-cost laser rangefinder consisting of PS3 Eye camera + line laser diode Algorithm 1. RGB -> Greyscale 2. Noise elimination: Gaussian convolution 3. Finds the index which has the maximum convolved peak 4. Find distance

363 views • 9 slides
Decomposition of MAC Address Structure for Granular Device Inference Jeremy Martin , Erik C.

Decomposition of MAC Address Structure for Granular Device Inference Jeremy Martin , Erik C.

Furious MAC Decomposition of MAC Address Structure for Granular Device Inference Jeremy Martin , Erik C. Rye , Robert Beverly + US Naval Academy Annapolis, MD + US Naval Postgraduate School Monterey, CA December 9, 2016 1 / 24

611 views • 27 slides
Emin Gabrielyan, Roger D. Hersch cole Polytechnique Fdrale de Lausanne, Switzerland

Emin Gabrielyan, Roger D. Hersch cole Polytechnique Fdrale de Lausanne, Switzerland

5th Workshop on Distributed Supercomputing: Scalable Cluster Software May 23-24, 2001, Sheraton Hyannis, Cape Cod, Hyannis Massachusetts, USA Emin Gabrielyan, Roger D. Hersch cole Polytechnique Fdrale de Lausanne, Switzerland

442 views • 7 slides
MRN Guidelines for IHO S-100WG4 27 February 1 March 2019 Eivind Mong Raphael Malyankar

MRN Guidelines for IHO S-100WG4 27 February 1 March 2019 Eivind Mong Raphael Malyankar

MRN Guidelines for IHO S-100WG4 27 February 1 March 2019 Eivind Mong Raphael Malyankar Sponsored by NOAA MRN Background Top level name space is urn:mrn IALA developed based on uniform resource identifier (URI) is defined in RFC

406 views • 17 slides
Network Attachment Privacy Piers OHanlon UKNOF33, London 19 th January 2016 Department of

Network Attachment Privacy Piers OHanlon UKNOF33, London 19 th January 2016 Department of

Department of Computer Science Network Attachment Privacy Piers OHanlon UKNOF33, London 19 th January 2016 Department of Computer Science Outline Introduction Link Layer (L2) addressing Privacy-based analysis of related

639 views • 18 slides

More recommend