MTU problem

Per Jessen per at computer.org
Wed Nov 22 07:56:12 GMT 2006 

All,

this is LVS related, although not actually an LVS problem - I've got an
LVS director distributing SMTP traffic to 4 backends over IPIP tunnels. 
The IPIP links have an MTU of 1480.  

On the director, I've been seeing lots of "timeout after DATA" (Postfix)
which apparently is a typical indicator of an MTU problem. And sure
enough, tcpdump shows plenty of "ICMP need to frag" being sent. 

Fair enough I guess - path MTU discovery will not be able to discover
that my SMTP traffic is being distributed by LVS etc..  It would also
_appear_ that my hosting provider (Hetzner) may not be letting the ICMP
"need to frag" through their switches etc. - I have queried Hetzner,
but am still waiting for an answer.

After many attempts, lots of research, wielding a magic wand and
uttering the odd curse, I ended up with the following iptables setup on
each of my real servers:

iptables -I OUTPUT -p tcp --tcp-flags SYN,RST,ACK SYN,ACK  -j TCPMSS
--clamp-mss-to-pmtu


This seems to have done the trick, but can anyone can explain to me
exactly why? 




/Per Jessen, Zürich

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list