0

We are in a cluster environment. We have compute nodes with jumbo packets enabled and a MTU of 9000. We are running into some issues in tracebacks to an address outside of our lan, where jumbo packets are being dropped due a firewall with a standard MTU size of 1500. Is there a way to limit or fragment outgoing packets to this specific address to a smaller packet size without having to down and reconfigure the NIC? I was thinking it might be possible to generate a VNIC with a smaller MTU and bridged to the higher MTU physical NIC, but I'm open to any other suggestions.

M

Martin Forde
  • 11
  • 2

1 Answers1

0

You won't be able to use a vNIC with a different MTU than your attached physical interfaces using just about any bridging implementation. It's possible if you go for a layer 3 routed vnic implementation, but then it's pretty pointless to adjust MTU on a broadcast domain that consists of a single host.

Can you not adjust the MTU of your firewall to accommodate this network? If not, the sanest thing to do may be to only use jumbo frames on your backend storage networks, etc instead of your north-south traffic. If you want your network to use jumbo frames, the best thing to do is enable that on absolutely everything on that layer 2 network so as to avoid weird issues.

It's largely up to the application generating traffic as to whether anything will be marked do-not-fragment. These are all reasons that enabling jumbo frames is typically only advised if it resolves a performance problem that needed resolving. Jumbo frames can sometimes cause too many issues like this to be worth it unless it's actually needed.

Spooler
  • 7,016
  • 16
  • 29
  • So we have the option to change the MTU on the firewall, however this will also cause downtime and maintenance, so we were hoping to avoid this. But yes, I would have to agree with your observations on jumbo packets, not even sure why they were turned on in the first place as the backend storage is also connected through an IB network. You'll have to excuse my ignorance here on networking. If I may ask another question based on your comment for layer3 routing, could something like a tun device with mtu of 1500 that forwards to the physical eth0 with mtu 9000 device work? – Martin Forde Apr 24 '18 at 19:23