Debian 13 LXC MTU always set to 1500

[NiccyB]

Hi all,

I have a PVE box in an environment with an MTU of 1400. It works absolutely fine. Any VMs created with an MTU of 1400 work absolutely fine. Debian 11 and 12 LXCs configured to use the bridge MTU also work fine.

The problem comes with the Debian 13 LXC (debian-13-standard_13.1-2_amd64.tar.zst) which, when configured to use the bridge MTU (or even explicitly setting the MTU to 1400), comes up with an MTU of 1500.

Am I missing something - any help would be appreciated.

N.

 

[abobakr]

Hello,
I have quickly try it on pve9 seems okay:

root@CT100:~# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 13 (trixie)"
NAME="Debian GNU/Linux"
VERSION_ID="13"
VERSION="13 (trixie)"
VERSION_CODENAME=trixie
DEBIAN_VERSION_FULL=13.1
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
root@CT100:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: eth0@if85: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default qlen 1000
    link/ether aa:aa:ab:50:0d:20 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.31.145/20 brd 192.168.31.255 scope global dynamic eth0
       valid_lft 566sec preferred_lft 566sec
    inet6 fe80::a8aa:abff:fe50:d20/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
root@CT100:~#

I have explicitly set the MTU to 1400 during ct creation.

In which pve version you had this issue?

 

[NiccyB]

PVE 8.4.14.

If the underlying interface (vmbr0) has MTU 1500, then it seems to allow me to set any MTU on the LXC - the problem only seems to exist if the MTU on vmbr0 is 1400 and then it won't let me set anything other than 1500 on the LXC.

 

[abobakr]

Interesting. I tested with mtu 1400 in vmbr0 and still works:

root@pve8:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether xx:xx:xx:45:xx:42 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default qlen 1000
    link/ether aa:aa:ab:45:89:42 brd ff:ff:ff:ff:ff:ff
    inet 192.168.18.86/20 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::a8aa:abff:fe45:8942/64 scope link
       valid_lft forever preferred_lft forever
...
root@pve8:~# ssh 192.168.18.92
root@192.168.18.92's password:
root@CT103:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default qlen 1000
    link/ether bc:24:11:2d:82:7d brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.18.92/20 brd 192.168.31.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::be24:11ff:fe2d:827d/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
root@CT103:~# ping 8.8.8.8 -c2
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=111 time=12.7 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=111 time=12.6 ms

--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 12.629/12.664/12.700/0.035 ms
root@CT103:~# exit
logout
Connection to 192.168.18.92 closed.
root@pve8:~# pveversion
pve-manager/8.4.14/b502d23c55afcba1 (running kernel: 6.8.12-9-pve)

I only get an error if I tried to set MTU bigger the host mtu in the gui[0]:
net0: MTU size '1800' is bigger than bridge MTU '1400' (500)


[0] https://lore.proxmox.com/all/20221103153810.690086-3-d.tschlatscher@proxmox.com/

 

[NiccyB]

Very strange. Checked again and it's definitely not working for me.

 

[syslinux]

I also confirm the problem. I installed Debian 13 amd64 on physical server, configured bond0 and bond1, then vmbr0, vmbr1 on top of it and additional vmbr2 without underlying interfaces. Then installed Proxmox 9.0.11, and i created LXC container and try to set MTU 1462 on net0(vmbr1), net1(vmbr2). Inside LXC i using Debian 13 also.

root@container:~# ifconfig | grep "inet\|mtu"
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.24.4.60  netmask 255.255.240.0  broadcast 0.0.0.0
        inet6 fe80::be24:11ff:fead:bddd  prefixlen 64  scopeid 0x20<link>
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.20.4.62  netmask 255.255.240.0  broadcast 0.0.0.0
        inet6 fe80::be24:11ff:fe43:7cd9  prefixlen 64  scopeid 0x20<link>
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>

 

[syslinux]

Also, if you created simple container with single net0 interface and set custom mtu in create wizard, then mtu is sets corecctly inside LXC container. But if i add addional interface net1 later, then mtu is always 1500:

root@test:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: eth0@if33: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether bc:24:11:d9:d6:86 brd ff:ff:ff:ff:ff:ff link-netnsid 0
34: eth1@if35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether bc:24:11:08:78:b4 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::be24:11ff:fe08:78b4/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever

 

[syslinux]

Additional information:

root@test:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: eth0@if42: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether bc:24:11:d9:d6:86 brd ff:ff:ff:ff:ff:ff link-netnsid 0
3: eth1@if43: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether bc:24:11:08:78:b4 brd ff:ff:ff:ff:ff:ff link-netnsid 0

But if i sets ip address to interface from in Proxmox, and Stop/Start LXC container:

root@test:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: eth0@if59: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether bc:24:11:d9:d6:86 brd ff:ff:ff:ff:ff:ff link-netnsid 0
3: eth1@if60: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether bc:24:11:cf:18:47 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.20.1.111/20 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::be24:11ff:fecf:1847/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever

 

[syslinux]

I find where the problem:

In Debian 13 LXC image by default installed "ifupdown2" package.

If inside Debian 13 LXC container i installs "ifupdown" old package with removing "ifupdown2" package, then all work as expected:

This is fixes the problem with mtu inside LXC container with Debian 13:

apt -y install ifupdown && reboot

root@container:~# ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.24.4.60  netmask 255.255.192.0  broadcast 172.24.63.255
        inet6 fe80::be24:11ff:fead:bddd  prefixlen 64  scopeid 0x20<link>
        ether bc:24:11:ad:bd:dd  txqueuelen 1000  (Ethernet)
        RX packets 38  bytes 4833 (4.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 33  bytes 6407 (6.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1462
        inet 172.20.4.62  netmask 255.255.192.0  broadcast 172.20.63.255
        inet6 fe80::be24:11ff:fe43:7cd9  prefixlen 64  scopeid 0x20<link>
        ether bc:24:11:43:7c:d9  txqueuelen 1000  (Ethernet)
        RX packets 177  bytes 16617 (16.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9  bytes 694 (694.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

[NiccyB]

Thank you, @syslinux, I can confirm that

apt update && apt upgrade -y && apt install ifupdown -y && reboot

on a fresh LXC solves this problem.