* PMTUD broken inside network namespace with multipath routing
@ 2020-08-03 11:14 mastertheknife
2020-08-03 13:32 ` David Ahern
0 siblings, 1 reply; 12+ messages in thread
From: mastertheknife @ 2020-08-03 11:14 UTC (permalink / raw)
To: netdev
Hi,
I have observed that PMTUD (Path MTU discovery) is broken using
multipath routing inside a network namespace. This breaks TCP, because
it keeps trying to send oversized packets.
Observed on kernel 5.4.44, other kernels weren't tested. However i
went through net/ipv4/route.c and haven't spotted changes in this
area, so i believe this bug is still there.
Host test with multipath routing:
---------------------------------
root@host1:~# ip route add 192.168.247.100/32 dev vmbr2 nexthop via
192.168.252.250 dev vmbr2 nexthop via 192.168.252.252 dev vmbr2
root@host1:~# ip route | grep -A2 192.168.247.100
192.168.247.100
nexthop via 192.168.252.250 dev vmbr2 weight 1
nexthop via 192.168.252.252 dev vmbr2 weight 1
root@host1:~# ping -M do -s 1380 192.168.247.100
PING 192.168.247.100 (192.168.247.100) 1380(1408) bytes of data.
From 192.168.252.252 icmp_seq=1 Frag needed and DF set (mtu = 1406)
ping: local error: Message too long, mtu=1406
ping: local error: Message too long, mtu=1406
ping: local error: Message too long, mtu=1406
ping: local error: Message too long, mtu=1406
^C
--- 192.168.247.100 ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 80ms
root@host1:~# ip route get 192.168.247.100
192.168.247.100 via 192.168.252.250 dev vmbr2 src 192.168.252.15 uid 0
cache expires 583sec mtu 1406
LXC container inside that host with multipath routing:
------------------------------------------------------
[root@lxctest ~]# ip route add 192.168.247.100/32 dev eth0 nexthop via
192.168.252.250 dev eth0 nexthop via 192.168.252.252 dev eth0
[root@lxctest ~]# ip route
default via 192.168.252.100 dev eth0 proto static metric 100
192.168.247.100
nexthop via 192.168.252.250 dev eth0 weight 1
nexthop via 192.168.252.252 dev eth0 weight 1
192.168.252.0/24 dev eth0 proto kernel scope link src 192.168.252.207 metric 100
[root@lxctest ~]# ping -M do -s 1380 192.168.247.100
PING 192.168.247.100 (192.168.247.100) 1380(1408) bytes of data.
From 192.168.252.252 icmp_seq=1 Frag needed and DF set (mtu = 1406)
From 192.168.252.252 icmp_seq=2 Frag needed and DF set (mtu = 1406)
From 192.168.252.252 icmp_seq=3 Frag needed and DF set (mtu = 1406)
From 192.168.252.252 icmp_seq=4 Frag needed and DF set (mtu = 1406)
[root@lxctest ~]# ip route get 192.168.247.100
192.168.247.100 via 192.168.252.252 dev eth0 src 192.168.252.207 uid 0
cache
LXC container inside that host with regular routing:
----------------------------------------------------
[root@lxctest ~]# ip route add 192.168.247.100/32 via 192.168.252.252 dev eth0
[root@lxctest ~]# ip route
default via 192.168.252.100 dev eth0 proto static metric 100
192.168.247.100 via 192.168.252.252 dev eth0
192.168.252.0/24 dev eth0 proto kernel scope link src 192.168.252.207 metric 100
[root@lxctest ~]# ping -M do -s 1380 192.168.247.100
PING 192.168.247.100 (192.168.247.100) 1380(1408) bytes of data.
From 192.168.252.252 icmp_seq=1 Frag needed and DF set (mtu = 1406)
ping: local error: Message too long, mtu=1406
ping: local error: Message too long, mtu=1406
ping: local error: Message too long, mtu=1406
^C
--- 192.168.247.100 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 82ms
[root@lxctest ~]# ip route get 192.168.247.100
192.168.247.100 via 192.168.252.252 dev eth0 src 192.168.252.207 uid 0
cache expires 591sec mtu 1406
What seems to be happening, is that when multipath routing is used
inside LXC (or any network namespace), the kernel doesn't generate a
routing exception to force the lower MTU.
I believe this is a bug inside the kernel.
Kfir Itzhak
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: PMTUD broken inside network namespace with multipath routing 2020-08-03 11:14 PMTUD broken inside network namespace with multipath routing mastertheknife @ 2020-08-03 13:32 ` David Ahern 2020-08-03 14:24 ` mastertheknife 0 siblings, 1 reply; 12+ messages in thread From: David Ahern @ 2020-08-03 13:32 UTC (permalink / raw) To: mastertheknife, netdev On 8/3/20 5:14 AM, mastertheknife wrote: > What seems to be happening, is that when multipath routing is used > inside LXC (or any network namespace), the kernel doesn't generate a > routing exception to force the lower MTU. > I believe this is a bug inside the kernel. > Known problem. Original message can take path 1 and ICMP message can path 2. The exception is then created on the wrong path. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: PMTUD broken inside network namespace with multipath routing 2020-08-03 13:32 ` David Ahern @ 2020-08-03 14:24 ` mastertheknife 2020-08-03 15:38 ` David Ahern 0 siblings, 1 reply; 12+ messages in thread From: mastertheknife @ 2020-08-03 14:24 UTC (permalink / raw) To: David Ahern; +Cc: netdev Hi David, In this case, both paths are in the same layer2 network, there is no symmetric multi-path routing. If original message takes path 1, ICMP response will come from path 1 If original message takes path 2, ICMP response will come from path 2 Also, It works fine outside of LXC. Thank you, Kfir On Mon, Aug 3, 2020 at 4:32 PM David Ahern <dsahern@gmail.com> wrote: > > On 8/3/20 5:14 AM, mastertheknife wrote: > > What seems to be happening, is that when multipath routing is used > > inside LXC (or any network namespace), the kernel doesn't generate a > > routing exception to force the lower MTU. > > I believe this is a bug inside the kernel. > > > > Known problem. Original message can take path 1 and ICMP message can > path 2. The exception is then created on the wrong path. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: PMTUD broken inside network namespace with multipath routing 2020-08-03 14:24 ` mastertheknife @ 2020-08-03 15:38 ` David Ahern 2020-08-03 18:39 ` mastertheknife 0 siblings, 1 reply; 12+ messages in thread From: David Ahern @ 2020-08-03 15:38 UTC (permalink / raw) To: mastertheknife; +Cc: netdev On 8/3/20 8:24 AM, mastertheknife wrote: > Hi David, > > In this case, both paths are in the same layer2 network, there is no > symmetric multi-path routing. > If original message takes path 1, ICMP response will come from path 1 > If original message takes path 2, ICMP response will come from path 2 > Also, It works fine outside of LXC. > > I'll take a look when I get some time; most likely end of the week. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: PMTUD broken inside network namespace with multipath routing 2020-08-03 15:38 ` David Ahern @ 2020-08-03 18:39 ` mastertheknife 2020-08-10 22:13 ` David Ahern 0 siblings, 1 reply; 12+ messages in thread From: mastertheknife @ 2020-08-03 18:39 UTC (permalink / raw) To: David Ahern; +Cc: netdev Hi David, I found something that can shed some light on the issue. The issue only happens if the ICMP response doesn't come from the first nexthop. In my case, both nexthops are linux routers, and they are the ones generating the ICMP (because of IPSEC next). This is what I meant earlier, that the ICMP path is identical to the original message path. Test IP #1 - 192.168.249.116 - Hash will choose nexthop #1 Test IP #2 - 192.168.249.117 - Hash will choose nexthop #2 Test with 252.250 as nexthop #1: -------------------------------- root@lxctest:[~] # ip route add 192.168.249.0/24 dev eth1 nexthop via 192.168.252.250 dev eth1 nexthop via 192.168.252.252 dev eth1 root@lxctest:[~] # ping -M do -s 1450 192.168.249.116 PING 192.168.249.116 (192.168.249.116) 1450(1478) bytes of data. From 192.168.252.250 icmp_seq=1 Frag needed and DF set (mtu = 1446) ping: local error: Message too long, mtu=1446 ping: local error: Message too long, mtu=1446 ping: local error: Message too long, mtu=1446 ^C --- 192.168.249.116 ping statistics --- 4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3067ms root@testlxc:[~] # ping -M do -s 1450 192.168.249.117 PING 192.168.249.117 (192.168.249.117) 1450(1478) bytes of data. From 192.168.252.252 icmp_seq=1 Frag needed and DF set (mtu = 1446) From 192.168.252.252 icmp_seq=2 Frag needed and DF set (mtu = 1446) From 192.168.252.252 icmp_seq=3 Frag needed and DF set (mtu = 1446) ^C --- 192.168.249.117 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2052ms Test with 252.252 as nexthop #1: -------------------------------- root@testlxc:[~] # ip route add 192.168.249.0/24 dev eth1 nexthop via 192.168.252.252 dev eth1 nexthop via 192.168.252.250 dev eth1 root@testlxc:[~] # ping -M do -s 1450 192.168.249.116 PING 192.168.249.116 (192.168.249.116) 1450(1478) bytes of data. From 192.168.252.252 icmp_seq=1 Frag needed and DF set (mtu = 1446) ping: local error: Message too long, mtu=1446 ping: local error: Message too long, mtu=1446 ^C --- 192.168.249.116 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2044ms root@testlxc:[~] # ping -M do -s 1450 192.168.249.117 PING 192.168.249.117 (192.168.249.117) 1450(1478) bytes of data. From 192.168.252.250 icmp_seq=1 Frag needed and DF set (mtu = 1446) From 192.168.252.250 icmp_seq=2 Frag needed and DF set (mtu = 1446) From 192.168.252.250 icmp_seq=3 Frag needed and DF set (mtu = 1446) ^C --- 192.168.249.117 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2046ms In summary: It seems that it doesn't matter who is the nexthop. If the ICMP response isn't from the nexthop, it'll be rejected. About why i couldn't reproduce this outside LXC, i don't know yet but i will keep trying to figure this out. Let me know if you need me to test this. Thank you, Kfir Itzhak On Mon, Aug 3, 2020 at 6:38 PM David Ahern <dsahern@gmail.com> wrote: > > On 8/3/20 8:24 AM, mastertheknife wrote: > > Hi David, > > > > In this case, both paths are in the same layer2 network, there is no > > symmetric multi-path routing. > > If original message takes path 1, ICMP response will come from path 1 > > If original message takes path 2, ICMP response will come from path 2 > > Also, It works fine outside of LXC. > > > > > > I'll take a look when I get some time; most likely end of the week. ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: PMTUD broken inside network namespace with multipath routing 2020-08-03 18:39 ` mastertheknife @ 2020-08-10 22:13 ` David Ahern 2020-08-12 12:37 ` mastertheknife 0 siblings, 1 reply; 12+ messages in thread From: David Ahern @ 2020-08-10 22:13 UTC (permalink / raw) To: mastertheknife; +Cc: netdev On 8/3/20 12:39 PM, mastertheknife wrote: > In summary: It seems that it doesn't matter who is the nexthop. If the > ICMP response isn't from the nexthop, it'll be rejected. > About why i couldn't reproduce this outside LXC, i don't know yet but > i will keep trying to figure this out. do you have a shell script that reproduces the problem? ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: PMTUD broken inside network namespace with multipath routing 2020-08-10 22:13 ` David Ahern @ 2020-08-12 12:37 ` mastertheknife 2020-08-12 19:21 ` David Ahern 0 siblings, 1 reply; 12+ messages in thread From: mastertheknife @ 2020-08-12 12:37 UTC (permalink / raw) To: David Ahern; +Cc: netdev Hello David, I tried and it seems i can reproduce it: # Create test NS root@host:~# ip netns add testns # Create veth pair, veth0 in host, veth1 in NS root@host:~# ip link add veth0 type veth peer name veth1 root@host:~# ip link set veth1 netns testns # Configure veth1 (NS) root@host:~# ip netns exec testns ip addr add 192.168.252.209/24 dev veth1 root@host:~# ip netns exec testns ip link set dev veth1 up root@host:~# ip netns exec testns ip route add default via 192.168.252.100 root@host:~# ip netns exec testns ip route add 192.168.249.0/24 nexthop via 192.168.252.250 nexthop via 192.168.252.252 # Configure veth0 (host) root@host:~# brctl addif vmbr2 veth0 root@host:~# ip link set veth0 up # Tests root@host:~# ip netns exec testns ping -M do -s 1450 192.168.249.116 PING 192.168.249.116 (192.168.249.116) 1450(1478) bytes of data. From 192.168.252.252 icmp_seq=1 Frag needed and DF set (mtu = 1366) ping: local error: Message too long, mtu=1366 ping: local error: Message too long, mtu=1366 ping: local error: Message too long, mtu=1366 ^C --- 192.168.249.116 ping statistics --- 4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 81ms root@host:~# ip netns exec testns ping -M do -s 1450 192.168.249.134 PING 192.168.249.134 (192.168.249.134) 1450(1478) bytes of data. From 192.168.252.252 icmp_seq=1 Frag needed and DF set (mtu = 1366) From 192.168.252.252 icmp_seq=2 Frag needed and DF set (mtu = 1366) From 192.168.252.252 icmp_seq=3 Frag needed and DF set (mtu = 1366) ^C --- 192.168.249.134 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 40ms root@host:~# ip netns exec testns ip route show cache 192.168.249.116 via 192.168.252.250 dev veth1 cache expires 584sec mtu 1366 192.168.249.134 via 192.168.252.250 dev veth1 cache expires 593sec mtu 1366 root@host:~# ip netns exec testns ip route get 192.168.249.116 192.168.249.116 via 192.168.252.250 dev veth1 src 192.168.252.209 uid 0 cache expires 578sec mtu 1366 root@host:~# ip netns exec testns ip route get 192.168.249.134 192.168.249.134 via 192.168.252.252 dev veth1 src 192.168.252.209 uid 0 cache Please notice the above, 'ip route show cache' and 'ip route get' return different nexthop for 192.168.249.134, i suspect that may be part of the problem. Thank you, Kfir On Tue, Aug 11, 2020 at 1:13 AM David Ahern <dsahern@gmail.com> wrote: > > On 8/3/20 12:39 PM, mastertheknife wrote: > > In summary: It seems that it doesn't matter who is the nexthop. If the > > ICMP response isn't from the nexthop, it'll be rejected. > > About why i couldn't reproduce this outside LXC, i don't know yet but > > i will keep trying to figure this out. > > do you have a shell script that reproduces the problem? ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: PMTUD broken inside network namespace with multipath routing 2020-08-12 12:37 ` mastertheknife @ 2020-08-12 19:21 ` David Ahern 2020-08-14 7:08 ` mastertheknife 0 siblings, 1 reply; 12+ messages in thread From: David Ahern @ 2020-08-12 19:21 UTC (permalink / raw) To: mastertheknife; +Cc: netdev On 8/12/20 6:37 AM, mastertheknife wrote: > Hello David, > > I tried and it seems i can reproduce it: > > # Create test NS > root@host:~# ip netns add testns > # Create veth pair, veth0 in host, veth1 in NS > root@host:~# ip link add veth0 type veth peer name veth1 > root@host:~# ip link set veth1 netns testns > # Configure veth1 (NS) > root@host:~# ip netns exec testns ip addr add 192.168.252.209/24 dev veth1 > root@host:~# ip netns exec testns ip link set dev veth1 up > root@host:~# ip netns exec testns ip route add default via 192.168.252.100 > root@host:~# ip netns exec testns ip route add 192.168.249.0/24 > nexthop via 192.168.252.250 nexthop via 192.168.252.252 > # Configure veth0 (host) > root@host:~# brctl addif vmbr2 veth0 vmbr2's config is not defined. ip li add vmbr2 type bridge ip li set veth0 master vmbr2 ip link set veth0 up anything else? e.g., address for vmbr2? What holds 192.168.252.250 and 192.168.252.252 ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: PMTUD broken inside network namespace with multipath routing 2020-08-12 19:21 ` David Ahern @ 2020-08-14 7:08 ` mastertheknife 2020-09-01 10:40 ` mastertheknife 0 siblings, 1 reply; 12+ messages in thread From: mastertheknife @ 2020-08-14 7:08 UTC (permalink / raw) To: David Ahern; +Cc: netdev Hello David, It's on a production system, vmbr2 is a bridge with eth.X VLAN interface inside for the connectivity on that 252.0/24 network. vmbr2 has address 192.168.252.5 in that case 192.168.252.250 and 192.168.252.252 are CentOS8 LXCs on another host, with libreswan inside for any/any IPSECs with VTi interfaces. Everything is kernel 5.4.44 LTS I wish i could fully reproduce all of it in a script, but i am not sure how to create such hops that return this ICMP Thank you, Kfir On Wed, Aug 12, 2020 at 10:21 PM David Ahern <dsahern@gmail.com> wrote: > > On 8/12/20 6:37 AM, mastertheknife wrote: > > Hello David, > > > > I tried and it seems i can reproduce it: > > > > # Create test NS > > root@host:~# ip netns add testns > > # Create veth pair, veth0 in host, veth1 in NS > > root@host:~# ip link add veth0 type veth peer name veth1 > > root@host:~# ip link set veth1 netns testns > > # Configure veth1 (NS) > > root@host:~# ip netns exec testns ip addr add 192.168.252.209/24 dev veth1 > > root@host:~# ip netns exec testns ip link set dev veth1 up > > root@host:~# ip netns exec testns ip route add default via 192.168.252.100 > > root@host:~# ip netns exec testns ip route add 192.168.249.0/24 > > nexthop via 192.168.252.250 nexthop via 192.168.252.252 > > # Configure veth0 (host) > > root@host:~# brctl addif vmbr2 veth0 > > vmbr2's config is not defined. > > ip li add vmbr2 type bridge > ip li set veth0 master vmbr2 > ip link set veth0 up > > anything else? e.g., address for vmbr2? What holds 192.168.252.250 and > 192.168.252.252 ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: PMTUD broken inside network namespace with multipath routing 2020-08-14 7:08 ` mastertheknife @ 2020-09-01 10:40 ` mastertheknife 2020-09-01 10:44 ` mastertheknife 2020-09-02 0:42 ` David Ahern 0 siblings, 2 replies; 12+ messages in thread From: mastertheknife @ 2020-09-01 10:40 UTC (permalink / raw) To: David Ahern; +Cc: netdev Hello David. I was able to solve it while troubleshooting some fragmentation issue. The VTI interfaces had MTU of 1480 by default. I reduced to them to the real PMTUD (1366) and now its all working just fine. I am not sure how its related and why, but seems like it solved the issue. P.S: while reading the relevant code in the kernel, i think i spotted some mistake in net/ipv4/route.c, in function "update_or_create_fnhe". It looks like it loops over all the exceptions for the nexthop entry, but always overwriting the first (and only) entry, so effectively only 1 exception can exist per nexthop entry. Line 678: "if (fnhe) {" Should probably be: "if (fnhe && fnhe->fnhe_daddr == daddr) {" Thank you for your efforts, Kfir Itzhak On Fri, Aug 14, 2020 at 10:08 AM mastertheknife <mastertheknife@gmail.com> wrote: > > Hello David, > > It's on a production system, vmbr2 is a bridge with eth.X VLAN > interface inside for the connectivity on that 252.0/24 network. vmbr2 > has address 192.168.252.5 in that case > 192.168.252.250 and 192.168.252.252 are CentOS8 LXCs on another host, > with libreswan inside for any/any IPSECs with VTi interfaces. > > Everything is kernel 5.4.44 LTS > > I wish i could fully reproduce all of it in a script, but i am not > sure how to create such hops that return this ICMP > > Thank you, > Kfir > > > On Wed, Aug 12, 2020 at 10:21 PM David Ahern <dsahern@gmail.com> wrote: > > > > On 8/12/20 6:37 AM, mastertheknife wrote: > > > Hello David, > > > > > > I tried and it seems i can reproduce it: > > > > > > # Create test NS > > > root@host:~# ip netns add testns > > > # Create veth pair, veth0 in host, veth1 in NS > > > root@host:~# ip link add veth0 type veth peer name veth1 > > > root@host:~# ip link set veth1 netns testns > > > # Configure veth1 (NS) > > > root@host:~# ip netns exec testns ip addr add 192.168.252.209/24 dev veth1 > > > root@host:~# ip netns exec testns ip link set dev veth1 up > > > root@host:~# ip netns exec testns ip route add default via 192.168.252.100 > > > root@host:~# ip netns exec testns ip route add 192.168.249.0/24 > > > nexthop via 192.168.252.250 nexthop via 192.168.252.252 > > > # Configure veth0 (host) > > > root@host:~# brctl addif vmbr2 veth0 > > > > vmbr2's config is not defined. > > > > ip li add vmbr2 type bridge > > ip li set veth0 master vmbr2 > > ip link set veth0 up > > > > anything else? e.g., address for vmbr2? What holds 192.168.252.250 and > > 192.168.252.252 ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: PMTUD broken inside network namespace with multipath routing 2020-09-01 10:40 ` mastertheknife @ 2020-09-01 10:44 ` mastertheknife 2020-09-02 0:42 ` David Ahern 1 sibling, 0 replies; 12+ messages in thread From: mastertheknife @ 2020-09-01 10:44 UTC (permalink / raw) To: David Ahern; +Cc: netdev Hello David, A quick correction; The issue is not solved, it was a mistake in my testing. The issue is still there. Kfir On Tue, Sep 1, 2020 at 1:40 PM mastertheknife <mastertheknife@gmail.com> wrote: > > Hello David. > > I was able to solve it while troubleshooting some fragmentation issue. > The VTI interfaces had MTU of 1480 by default. I reduced to them to > the real PMTUD (1366) and now its all working just fine. > I am not sure how its related and why, but seems like it solved the issue. > > P.S: while reading the relevant code in the kernel, i think i spotted > some mistake in net/ipv4/route.c, in function "update_or_create_fnhe". > It looks like it loops over all the exceptions for the nexthop entry, > but always overwriting the first (and only) entry, so effectively only > 1 exception can exist per nexthop entry. > Line 678: > "if (fnhe) {" > Should probably be: > "if (fnhe && fnhe->fnhe_daddr == daddr) {" > > > Thank you for your efforts, > Kfir Itzhak > > On Fri, Aug 14, 2020 at 10:08 AM mastertheknife > <mastertheknife@gmail.com> wrote: > > > > Hello David, > > > > It's on a production system, vmbr2 is a bridge with eth.X VLAN > > interface inside for the connectivity on that 252.0/24 network. vmbr2 > > has address 192.168.252.5 in that case > > 192.168.252.250 and 192.168.252.252 are CentOS8 LXCs on another host, > > with libreswan inside for any/any IPSECs with VTi interfaces. > > > > Everything is kernel 5.4.44 LTS > > > > I wish i could fully reproduce all of it in a script, but i am not > > sure how to create such hops that return this ICMP > > > > Thank you, > > Kfir > > > > > > On Wed, Aug 12, 2020 at 10:21 PM David Ahern <dsahern@gmail.com> wrote: > > > > > > On 8/12/20 6:37 AM, mastertheknife wrote: > > > > Hello David, > > > > > > > > I tried and it seems i can reproduce it: > > > > > > > > # Create test NS > > > > root@host:~# ip netns add testns > > > > # Create veth pair, veth0 in host, veth1 in NS > > > > root@host:~# ip link add veth0 type veth peer name veth1 > > > > root@host:~# ip link set veth1 netns testns > > > > # Configure veth1 (NS) > > > > root@host:~# ip netns exec testns ip addr add 192.168.252.209/24 dev veth1 > > > > root@host:~# ip netns exec testns ip link set dev veth1 up > > > > root@host:~# ip netns exec testns ip route add default via 192.168.252.100 > > > > root@host:~# ip netns exec testns ip route add 192.168.249.0/24 > > > > nexthop via 192.168.252.250 nexthop via 192.168.252.252 > > > > # Configure veth0 (host) > > > > root@host:~# brctl addif vmbr2 veth0 > > > > > > vmbr2's config is not defined. > > > > > > ip li add vmbr2 type bridge > > > ip li set veth0 master vmbr2 > > > ip link set veth0 up > > > > > > anything else? e.g., address for vmbr2? What holds 192.168.252.250 and > > > 192.168.252.252 ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: PMTUD broken inside network namespace with multipath routing 2020-09-01 10:40 ` mastertheknife 2020-09-01 10:44 ` mastertheknife @ 2020-09-02 0:42 ` David Ahern 1 sibling, 0 replies; 12+ messages in thread From: David Ahern @ 2020-09-02 0:42 UTC (permalink / raw) To: mastertheknife; +Cc: netdev On 9/1/20 4:40 AM, mastertheknife wrote: > > P.S: while reading the relevant code in the kernel, i think i spotted > some mistake in net/ipv4/route.c, in function "update_or_create_fnhe". > It looks like it loops over all the exceptions for the nexthop entry, > but always overwriting the first (and only) entry, so effectively only > 1 exception can exist per nexthop entry. > Line 678: > "if (fnhe) {" > Should probably be: > "if (fnhe && fnhe->fnhe_daddr == daddr) {" > Right above that line is: for (fnhe = rcu_dereference(hash->chain); fnhe; fnhe = rcu_dereference(fnhe->fnhe_next)) { if (fnhe->fnhe_daddr == daddr) break; depth++; } so fnhe is set based on daddr match. ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2020-09-02 0:42 UTC | newest] Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-08-03 11:14 PMTUD broken inside network namespace with multipath routing mastertheknife 2020-08-03 13:32 ` David Ahern 2020-08-03 14:24 ` mastertheknife 2020-08-03 15:38 ` David Ahern 2020-08-03 18:39 ` mastertheknife 2020-08-10 22:13 ` David Ahern 2020-08-12 12:37 ` mastertheknife 2020-08-12 19:21 ` David Ahern 2020-08-14 7:08 ` mastertheknife 2020-09-01 10:40 ` mastertheknife 2020-09-01 10:44 ` mastertheknife 2020-09-02 0:42 ` David Ahern
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).