First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

TCP traffic and OpenvSwitch

I'm having an issue with OpenvSwitch whereby I have ping traffic passing but am unable to pass any tcp traffic (e.g. SSH).

I've attached two pcap files which show the following:

  • Host 1 (10.2.1.1): ping -c 3 10.2.2.1 && ssh 10.2.2.1
  • Brief Pause
  • Host 2 (10.2.2.1): ping -c 3 10.2.1.1 && ssh 10.2.1.1

As you can see, ping passes but ssh doesn't.

This seems to be in contradiction to my OVS flow config which is simple as as follows (these are the only flows configured on this OVS bridge) :

ovs-ofctl add-flow lon2local dl_type=0x800,nw_src=10.2.0.0/20,nw_dst=10.2.1.0/24,actions=output:73
ovs-ofctl add-flow lon2local dl_type=0x800,nw_src=10.2.0.0/20,nw_dst=10.2.2.0/24,actions=output:76
ovs-ofctl add-flow lon2local arp,nw_dst=10.2.1.0/24,actions=output:73
ovs-ofctl add-flow lon2local arp,nw_dst=10.2.2.0/24,actions=output:76

Hopefully somebody here is familiar with OVS, has seen these sort of flow issues before and can suggest how to fix it ?

PCAPS: https://send.tresorit.com/a#_vfy8aLsU...

devrandom's avatar
3
devrandom
asked 2022-02-06 16:59:00 +0000, updated 2022-02-06 18:02:29 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Put the capture files on a public share and then post a link to them by editing your question.

grahamb's avatar grahamb (2022-02-06 17:34:24 +0000) edit
more
  • delete

thanks @grahamb !

devrandom's avatar devrandom (2022-02-06 18:02:42 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

I took a quick look at your capture files. It seems your hosts are configured with an MTU of 9000, but the ethernet frames with a payload of >1500 don't seem to get forwarded. Are you sure your intermediate network also has jumbo frames enabled?

SYN-bit's avatar
18.5k
SYN-bit
answered 2022-02-07 08:41:06 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you for your observation @SYN-bit. As far as I know jumbo frames are enabled, but I will check this today and come back to let you know.

devrandom's avatar devrandom (2022-02-07 10:00:39 +0000) edit
more
  • delete

Were you able to check the jumboframe setting and pinpoint the issue @devrandom?

SYN-bit's avatar SYN-bit (2022-02-10 09:16:13 +0000) edit
more
  • delete

Hello @SYN-bit. At present I've switched all hosts back to using standard MTU (i.e. 1500) because it works. I did a bit of further investigation, and after a lot of internet searching, I eventually found a one-line comment on a random mailing list that explained that versions of OpenvSwitch older than X had a known bug where custom MTU settings were not actioned (i.e. no matter what the config said, it would always be 1500). So basically I need to find a maintenance window to get the switch software updated. Then (fingers crossed !!) custom MTU values should magically start working.

devrandom's avatar devrandom (2022-02-10 11:18:20 +0000) edit
more
  • delete

I'll keep my fingers crossed for the upgrade too. For now, glad things are working on MTU=1500 for all systems!

SYN-bit's avatar SYN-bit (2022-02-10 11:53:13 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer