Page MenuHomeVyOS Platform

GRE TAP tunnel does not silent fragment packets / kernel fix available
Closed, ResolvedPublicBUG

Description

Hi guys,

there is an old bug where GRE TAP tunnel does not silent fragment packets when MTU is bigger than the underlay MTU. Bug is fixed in 5.10.10 and newer which fits with vyos 1.4.

Bug report: https://bugzilla.kernel.org/show_bug.cgi?id=14837

Please add following parameters to gretap / gre6tap interfaces to ensure fragmentation:

ignore-df nopmtudisc

Thanks!

Details

Difficulty level
Easy (less than an hour)
Version
VyOS 1.4-rolling-202105091233
Why the issue appeared?
Other
Is it a breaking change?
Perfectly compatible

Event Timeline

Fix should be easy implement in create function with following add in:

# Add silent fragmentation
if self.iftype in ['gretap', 'ip6gretap']:
    cmd += ' ignore-df nopmtudisc'

Iproute2 is too old and needs a newer version. So, we have to upgrade that package.

@ernstjo what you mean by "too old"? I think it's fairly new (5.10):

https://github.com/vyos/vyos-build/blob/current/packages/iproute2/Jenkinsfile#L26

Can you manually set it: ip link set dev tun0 type gre nopmtudisc ignore-df

What is your expected behavior? The GRETAP interface should fragment larger packets aven if DF is set and re-assemble them on the other side? I'm actually looking for such a solution, too but currently tend to make this an optional CLI parameter.

c-po changed the task status from Open to In progress.May 17 2021, 7:40 PM
c-po claimed this task.

My expectation is that you can configure MTU 1500 at a GRETAP device to ensure same mtu at bridge. This solves a lot of problems caused by mixing host with different MTU size.
Larger frames that exceed pmtu and have df = 1 are fragmented and send to the gretap endpoint. Thus, underlay MTU has no impact of the communitcation between two hosts that are bridged via GRETAP and communicate with MTU 1500.

Will send an update after checking ip link change.

[email protected]# show interfaces tunnel tun0
 encapsulation gretap
 parameters {
     ip {
         ignore-df
         no-pmtu-discovery
     }
 }
 remote 172.18.254.202
 source-address 172.18.254.201
[email protected]# ip -d link show dev tun0
20: [email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1476 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether a6:99:5b:03:69:f8 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 0
    gretap remote 172.18.254.202 local 172.18.254.201 ttl inherit tos inherit nopmtudisc ignore-df erspan_ver 0 addrgenmode none numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
c-po triaged this task as Normal priority.
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
c-po changed Why the issue appeared? from Will be filled on close to Other.
c-po changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.