Re: [vpp-dev] Regarding IP Fragmentation
Hi, Ole Is there a general rule to set the MTU in overlay networks to avoid fragmentation? Currently I saw the interface's MTU is 9000 in VPP by default. So can we assume the intermedia router/switch to the tunnel end point can handle the jumbo frame correctly? Thus even the mtu of tunnel end point is smaller, as long as the VPP IP reassembly work correctly. Now my tests showed the IP fragmentation works for VxLAN, while not for IPSec. Thx, Xuekun -Original Message- From: vpp-dev@lists.fd.io On Behalf Of Ole Troan Sent: Wednesday, November 14, 2018 8:16 PM To: Prashant Upadhyaya Cc: vpp-dev@lists.fd.io Subject: Re: [vpp-dev] Regarding IP Fragmentation Prashant, > Imagine a usecase where I am getting IP packets on my graph node. > I encapsulate them into an outer IP and send them out. > So let's say in my example, I get IP1 and IP2. IP1 is max mtu size and > IP2 is a shorter one. Perhaps they themselves are part of a fragmented > flow. > I now encapsulate IP1 with an outer IP for tunneling. This topples the > mtu size and I send it out ip4-lookup, and in my for loop I operate on > IP2 also and encapsulate it in outer IP and send it again to > ip4-lookup. This triggers my usecase that I described earlier. You can > imagine that effectively I have managed to reorder the original IP > flow (now the inner IP packet) towards the final receiver which is > never good for eg. end to end TCP flows. Indeed. Which is why MTU in overlay networks should be well managed, to avoid fragmentation. And TCP MSS set “correctly”. Could we do something in VPP to avoid reordering fragment? Very likely. Is it worth it given that this should largely be a misconfiguration. Dunno. That said, any patch is welcome. ;-) Cheers, Ole -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11247): https://lists.fd.io/g/vpp-dev/message/11247 Mute This Topic: https://lists.fd.io/mt/28133898/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Regarding IP Fragmentation
Prashant, > I have a usecase where I have two IP Datagrams, let's call them IP1, > IP2. Each contains UDP Payload. > IP1 size is bigger than mtu. > IP2 size is lesser than mtu. > > I ship these both one after the other in that order to ip4-lookup. > > IP1 gets fragmented, as expected, to IP1.1 and IP1.2 and the fragments > are shipped out. > IP2 does not get fragmented and gets shipped out. > > However I see that the final destination UDP receiver gets UDP payload > of IP2 packet first, then it gets the UDP payload of IP1 packet. > It seems that VPP has sent out the IP2 packet out first and then the > fragments of IP1. > > Is this an expected behaviour ? I do intuitively understand that > fragmentation must be involving further graph nodes to traverse and > thus the fragments are sent out later for IP1. It’s certainly expected. But is it an optimal outcome, probably not. Not sure how to fix that, unless we want to insert the fragments back into the same frame we’re processing. And of course in UDP an application must deal with re-ordering anyway... The recommended solution is: https://tools.ietf.org/html/draft-ietf-intarea-frag-fragile-02 And not meaning to be cheeky, but seriously. Do not send fragments. Best regards, Ole-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11242): https://lists.fd.io/g/vpp-dev/message/11242 Mute This Topic: https://lists.fd.io/mt/28133898/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Regarding IP Fragmentation
Prashant, > On 9 Nov 2018, at 01:39, Prashant Upadhyaya wrote: > > Hi Ole, > > Thanks for the information. > > Suppose my IP datagram gets fragmented into fragments F.1 and F.2, do > these again get submitted to ip4-input ? > I am trying to figure out the path in the graph from the time I submit > my v4 IP datagram to ip4-lookup. > What is crucial for me to know is if the fragments do land up at > ip4-input or not. They don’t. If I recall correctly fragmentation is done in ip4-rewrite, and that’s were fragments end up after a trip by ip4-frag. Packet trace is your friend here. (trace add Send large packet show trace) Cheers Ole > > Regards > -Prashant > > >> On Thu, Nov 8, 2018 at 10:11 PM Ole Troan wrote: >> >> >> >>> On 8 Nov 2018, at 23:26, Prashant Upadhyaya wrote: >>> >>> Hi, >>> >>> If I hand-construct an IP datagram (bigger than mtu) using chained >>> vlib buffers and send this chain to ip4-lookup, would that be >>> fragmented and sent out as per the mtu requirements of the interface >>> from which the packet is determined to be sent out ? (assume that the >>> rx and tx sw_if_index is properly set) >>> >>> If not, which node do I send this datagram to, to achieve effectively >>> the above ? >> >> Yes, if IPv4 and DF==0. >> And you better remember that IP fragments are almost never a good idea. >> >> Cheers >> Ole >> >> >>> -=-=-=-=-=-=-=-=-=-=-=- >>> Links: You receive all messages sent to this group. >>> >>> View/Reply Online (#11172): https://lists.fd.io/g/vpp-dev/message/11172 >>> Mute This Topic: https://lists.fd.io/mt/28037801/675193 >>> Group Owner: vpp-dev+ow...@lists.fd.io >>> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [otr...@employees.org] >>> -=-=-=-=-=-=-=-=-=-=-=- -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11180): https://lists.fd.io/g/vpp-dev/message/11180 Mute This Topic: https://lists.fd.io/mt/28037801/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Regarding IP Fragmentation
Hi Ole, Thanks for the information. Suppose my IP datagram gets fragmented into fragments F.1 and F.2, do these again get submitted to ip4-input ? I am trying to figure out the path in the graph from the time I submit my v4 IP datagram to ip4-lookup. What is crucial for me to know is if the fragments do land up at ip4-input or not. Regards -Prashant On Thu, Nov 8, 2018 at 10:11 PM Ole Troan wrote: > > > > > On 8 Nov 2018, at 23:26, Prashant Upadhyaya wrote: > > > > Hi, > > > > If I hand-construct an IP datagram (bigger than mtu) using chained > > vlib buffers and send this chain to ip4-lookup, would that be > > fragmented and sent out as per the mtu requirements of the interface > > from which the packet is determined to be sent out ? (assume that the > > rx and tx sw_if_index is properly set) > > > > If not, which node do I send this datagram to, to achieve effectively > > the above ? > > Yes, if IPv4 and DF==0. > And you better remember that IP fragments are almost never a good idea. > > Cheers > Ole > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > > > View/Reply Online (#11172): https://lists.fd.io/g/vpp-dev/message/11172 > > Mute This Topic: https://lists.fd.io/mt/28037801/675193 > > Group Owner: vpp-dev+ow...@lists.fd.io > > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [otr...@employees.org] > > -=-=-=-=-=-=-=-=-=-=-=- -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11174): https://lists.fd.io/g/vpp-dev/message/11174 Mute This Topic: https://lists.fd.io/mt/28037801/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [vpp-dev] Regarding IP Fragmentation
> On 8 Nov 2018, at 23:26, Prashant Upadhyaya wrote: > > Hi, > > If I hand-construct an IP datagram (bigger than mtu) using chained > vlib buffers and send this chain to ip4-lookup, would that be > fragmented and sent out as per the mtu requirements of the interface > from which the packet is determined to be sent out ? (assume that the > rx and tx sw_if_index is properly set) > > If not, which node do I send this datagram to, to achieve effectively > the above ? Yes, if IPv4 and DF==0. And you better remember that IP fragments are almost never a good idea. Cheers Ole > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > > View/Reply Online (#11172): https://lists.fd.io/g/vpp-dev/message/11172 > Mute This Topic: https://lists.fd.io/mt/28037801/675193 > Group Owner: vpp-dev+ow...@lists.fd.io > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [otr...@employees.org] > -=-=-=-=-=-=-=-=-=-=-=- -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11173): https://lists.fd.io/g/vpp-dev/message/11173 Mute This Topic: https://lists.fd.io/mt/28037801/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
