Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[HCI-VN] 670 When passing through vxlan, the inner IP packet is fragmented, causing the DF bit to be cleared

Posted
Updated
Byadmin
Views3

Problem Description

Customers reported that the large data packets sent from the virtual machine had the DF (Don's segment) bit set to 1, but after passing through the vxlan cross-Node, the peer end was cleared to 0.
ping x.x.x.x -s 1472

Effective Troubleshooting Steps

  1. Find the internal environment to reproduce, capture the package and find that it is caused by sharding logic
    Source VM vlink captures packets with DF bit

Vxlan packet capture found that the fragmentation was into two packets, and the DF bit was cleared

The destination VM vlink packet capture shows that the DF bit is cleared

Root Cause

vxlan mtu is the default configuration of 1500
When executing the fragmentation logic, it first calculates whether the data packet exceeds the MTU, then executes the inner IP data packet fragmentation, and then encapsulates VXLAN and sends it out.
When the inner IP packet is fragmented, the original DF bit is destroyed, causing it to be cleared.

Solution

You can enable vxlan high-Best Performance. 【No business impact

Original Link

https://support.sangfor.com.cn/cases/list?product_id=33&type=1&category_id=16796&isOpen=true