dropped over-mtu packet: 1501 > 1500

e100

Renowned Member
Nov 6, 2010
1,268
46
88
Columbus, Ohio
ulbuilder.wordpress.com
After recently upgrading to the latest version we started seeing these errors in the kernel on a few nodes.

We are using openvswitch, the only thing I found using google that might explain the problem is this:
https://lkml.org/lkml/2020/8/10/522

Before the update we were running kernel 5.4.41-1-pve and did not have this problem.
All servers have the same network card, an Intel X520-DA2, and use the same configuration.
We use vlan tags for guests.

The only place I have noticed network issues is between Proxmox hosts themselves.
For example when storage replication runs I see numerous errors and when using Proxmox web interface sometimes we get timeouts

pveversion -v:
Code:
proxmox-ve: 6.3-1 (running kernel: 5.4.78-2-pve)
pve-manager: 6.3-3 (running version: 6.3-3/eee5f901)
pve-kernel-5.4: 6.3-3
pve-kernel-helper: 6.3-3
pve-kernel-5.3: 6.1-6
pve-kernel-5.4.78-2-pve: 5.4.78-2
pve-kernel-5.4.41-1-pve: 5.4.41-1
pve-kernel-5.4.34-1-pve: 5.4.34-2
pve-kernel-5.3.18-3-pve: 5.3.18-3
pve-kernel-5.3.18-2-pve: 5.3.18-2
pve-kernel-4.15.18-26-pve: 4.15.18-54
pve-kernel-4.13.13-4-pve: 4.13.13-35
pve-kernel-4.13.13-1-pve: 4.13.13-31
pve-kernel-4.13.8-3-pve: 4.13.8-30
pve-kernel-4.13.8-2-pve: 4.13.8-28
pve-kernel-4.10.15-1-pve: 4.10.15-15
pve-kernel-4.10.11-1-pve: 4.10.11-9
pve-kernel-4.10.8-1-pve: 4.10.8-7
pve-kernel-4.10.5-1-pve: 4.10.5-5
pve-kernel-4.10.1-2-pve: 4.10.1-2
ceph: 14.2.16-pve1
ceph-fuse: 14.2.16-pve1
corosync: 3.0.4-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: 0.8.35+pve1
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.16-pve1
libproxmox-acme-perl: 1.0.7
libproxmox-backup-qemu0: 1.0.2-1
libpve-access-control: 6.1-3
libpve-apiclient-perl: 3.1-3
libpve-common-perl: 6.3-2
libpve-guest-common-perl: 3.1-3
libpve-http-server-perl: 3.1-1
libpve-storage-perl: 6.3-3
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 4.0.3-1
lxcfs: 4.0.3-pve3
novnc-pve: 1.1.0-1
openvswitch-switch: 2.12.0-1
proxmox-backup-client: 1.0.6-1
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.4-3
pve-cluster: 6.2-1
pve-container: 3.3-2
pve-docs: 6.3-1
pve-edk2-firmware: 2.20200531-1
pve-firewall: 4.1-3
pve-firmware: 3.1-3
pve-ha-manager: 3.1-1
pve-i18n: 2.2-2
pve-qemu-kvm: 5.1.0-7
pve-xtermjs: 4.7.0-3
pve-zsync: 2.0-4
qemu-server: 6.3-2
smartmontools: 7.1-pve2
spiceterm: 3.1-1
vncterm: 1.6-2
zfsutils-linux: 0.8.5-pve1

Example errors:
Code:
Jan 26 11:46:58 vm2 kernel: [785863.008555] ens3f1: dropped over-mtu packet: 1501 > 1500
Jan 26 11:47:06 vm2 kernel: [785871.456310] ens3f1: dropped over-mtu packet: 1501 > 1500
Jan 26 11:47:23 vm2 kernel: [785888.096369] ens3f1: dropped over-mtu packet: 1501 > 1500
Jan 26 11:47:58 vm2 kernel: [785922.911812] ens3f1: dropped over-mtu packet: 1501 > 1500


Jan 25 14:59:34 vm20 kernel: [712114.934150] enp5s0f0: dropped over-mtu packet: 1501 > 1500
Jan 25 15:53:16 vm20 kernel: [715336.654925] enp5s0f0: dropped over-mtu packet: 1504 > 1500
Jan 25 16:26:29 vm20 kernel: [717329.730660] enp5s0f0: dropped over-mtu packet: 1507 > 1500
Jan 25 16:26:37 vm20 kernel: [717337.770746] enp5s0f0: dropped over-mtu packet: 1502 > 1500
Jan 25 16:48:30 vm20 kernel: [718650.543170] enp5s0f0: dropped over-mtu packet: 1505 > 1500
Jan 25 17:29:17 vm20 kernel: [721097.347615] enp5s0f1: dropped over-mtu packet: 1505 > 1500
Jan 25 17:29:18 vm20 kernel: [721098.484832] enp5s0f1: dropped over-mtu packet: 1505 > 1500
Jan 25 17:45:52 vm20 kernel: [722091.989953] enp5s0f1: dropped over-mtu packet: 1508 > 1500

cat /etc/network/interfaces
Code:
auto lo                
iface lo inet loopback 

allow-vmbr0 ens3f0
iface ens3f0 inet manual

allow-vmbr0 ens3f1
iface ens3f1 inet manual

allow-vmbr0 bond0
iface bond0 inet manual
    ovs_bridge vmbr0
    ovs_type OVSBond
    ovs_bonds ens3f0 ens3f1
    ovs_options bond_mode=balance-tcp lacp=active other_config:lacp-time=fast

allow-ovs vmbr0
iface vmbr0 inet manual
    ovs_type OVSBridge
    ovs_ports bond0 vlan9 vlan6 vlan7

# mgmt lan
allow-vmbr0 vlan9
iface vlan9 inet static
    ovs_type OVSIntPort
    ovs_bridge vmbr0
    ovs_options tag=9
    ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
    address x.x.x.x
    netmask 255.255.255.0
    gateway x.x.x.x

#corosync lan
allow-vmbr0 vlan6
iface vlan6 inet static
    ovs_type OVSIntPort
    ovs_bridge vmbr0
    ovs_options tag=6
    ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
    address y.y.y.y
    netmask 255.255.255.0

#cluster migration lan
allow-vmbr0 vlan7
iface vlan7 inet static
    ovs_type OVSIntPort
    ovs_bridge vmbr0
    ovs_options tag=7
    ovs_extra set interface ${IFACE} external-ids:iface-id=$(hostname -s)-${IFACE}-vif
    address z.z.z.z
    netmask 255.255.255.0
 
After recently upgrading to the latest version we started seeing these errors in the kernel on a few nodes.

We are using openvswitch, the only thing I found using google that might explain the problem is this:
https://lkml.org/lkml/2020/8/10/522

Before the update we were running kernel 5.4.41-1-pve and did not have this problem.
All servers have the same network card, an Intel X520-DA2, and use the same configuration.
We use vlan tags for guests.


Same problem. After upgrade from 5.4 to 6.3, we have trouble - openvswitch drop packet's on tap interface.


Code:
Feb  2 17:05:04 che-pve4-09 kernel: [871084.304328] tap614i1: dropped over-mtu packet: 1506 > 1500
Feb  2 17:05:05 che-pve4-09 kernel: [871085.444214] tap614i1: dropped over-mtu packet: 1506 > 1500
Feb  2 17:05:06 che-pve4-09 kernel: [871086.572928] tap614i1: dropped over-mtu packet: 1506 > 1500
Feb  2 17:05:07 che-pve4-09 kernel: [871087.648223] tap614i1: dropped over-mtu packet: 1506 > 1500
Feb  2 17:05:09 che-pve4-09 kernel: [871089.191206] tap614i1: dropped over-mtu packet: 1506 > 1500
Feb  2 17:05:10 che-pve4-09 kernel: [871090.573915] tap614i1: dropped over-mtu packet: 1506 > 1500
Feb  2 17:05:11 che-pve4-09 kernel: [871091.747792] tap614i1: dropped over-mtu packet: 1506 > 1500
Feb  2 17:05:13 che-pve4-09 kernel: [871093.192332] tap614i1: dropped over-mtu packet: 1506 > 1500
Feb  2 17:05:14 che-pve4-09 kernel: [871094.574942] tap614i1: dropped over-mtu packet: 1506 > 1500
Feb  2 17:05:15 che-pve4-09 kernel: [871095.827824] tap614i1: dropped over-mtu packet: 1506 > 1500

versions:

Code:
proxmox-ve: 6.3-1 (running kernel: 5.4.78-2-pve)
pve-manager: 6.3-3 (running version: 6.3-3/eee5f901)
pve-kernel-5.4: 6.3-3
pve-kernel-helper: 6.3-3
pve-kernel-5.4.78-2-pve: 5.4.78-2
pve-kernel-4.15.18-30-pve: 4.15.18-58
ceph-fuse: 12.2.11+dfsg1-2.1+b1
corosync: 3.0.4-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: 0.8.35+pve1
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.16-pve1
libproxmox-acme-perl: 1.0.7
libproxmox-backup-qemu0: 1.0.2-1
libpve-access-control: 6.1-3
libpve-apiclient-perl: 3.1-3
libpve-common-perl: 6.3-2
libpve-guest-common-perl: 3.1-3
libpve-http-server-perl: 3.1-1
libpve-storage-perl: 6.3-3
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 4.0.3-1
lxcfs: 4.0.3-pve3
novnc-pve: 1.1.0-1
openvswitch-switch: 2.12.0-1
proxmox-backup-client: 1.0.6-1
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.4-3
pve-cluster: 6.2-1
pve-container: 3.3-2
pve-docs: 6.3-1
pve-edk2-firmware: 2.20200531-1
pve-firewall: 4.1-3
pve-firmware: 3.1-3
pve-ha-manager: 3.1-1
pve-i18n: 2.2-2
pve-qemu-kvm: 5.1.0-7
pve-xtermjs: 4.7.0-3
qemu-server: 6.3-2
smartmontools: 7.1-pve2
spiceterm: 3.1-1
vncterm: 1.6-2
zfsutils-linux: 0.8.5-pve1

as workaround i lowered MTU on virtual interfaces.
 
Code:
# cat /etc/network/interfaces | sed  -e 's/[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/10.x.x.x/g'

auto lo
iface lo inet loopback

auto eth0.107
iface eth0.107 inet static
        address  10.x.x.x
        netmask  10.x.x.x
        gateway  10.x.x.x
        vlan_raw_device eth0


iface eth0 inet manual

allow-vmbr0 eth1
iface eth1 inet manual
        ovs_type OVSPort
        ovs_bridge vmbr0

auto vmbr0
iface vmbr0 inet manual
        ovs_type OVSBridge
        ovs_ports eth1

Code:
# ip a | sed -e 's/[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/10.x.x.x/g'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 10.x.x.x/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 58:20:b1:03:1a:0e brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5a20:b1ff:fe03:1a0e/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovs-system state UP group default qlen 1000
    link/ether 58:20:b1:03:1a:0f brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5a20:b1ff:fe03:1a0f/64 scope link
       valid_lft forever preferred_lft forever
4: eth0.107@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 58:20:b1:03:1a:0e brd ff:ff:ff:ff:ff:ff
    inet 10.x.x.x/24 brd 10.x.x.x scope global eth0.107
       valid_lft forever preferred_lft forever
    inet6 fe80::5a20:b1ff:fe03:1a0e/64 scope link
       valid_lft forever preferred_lft forever
5: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether e6:cc:47:36:4a:57 brd ff:ff:ff:ff:ff:ff
6: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 58:20:b1:03:1a:0f brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5a20:b1ff:fe03:1a0f/64 scope link
       valid_lft forever preferred_lft forever
7: tap563i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
    link/ether 8a:3a:24:a2:00:a4 brd ff:ff:ff:ff:ff:ff
8: tap243i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
    link/ether e6:b7:2e:02:f8:80 brd ff:ff:ff:ff:ff:ff
9: tap249i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
    link/ether e6:e4:78:45:51:d3 brd ff:ff:ff:ff:ff:ff
11: tap177i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
    link/ether 5a:32:73:f6:ec:20 brd ff:ff:ff:ff:ff:ff
12: tap244i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
    link/ether aa:ac:2b:04:0b:63 brd ff:ff:ff:ff:ff:ff
13: tap479i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
    link/ether b6:bb:22:6b:cf:bd brd ff:ff:ff:ff:ff:ff
14: tap498i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
    link/ether 1e:26:e7:0a:d1:5f brd ff:ff:ff:ff:ff:ff
15: tap580i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr580i0 state UNKNOWN group default qlen 1000
    link/ether be:be:25:e9:73:07 brd ff:ff:ff:ff:ff:ff
16: fwbr580i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether be:be:25:e9:73:07 brd ff:ff:ff:ff:ff:ff
17: fwln580o0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr580i0 state UNKNOWN group default qlen 1000
    link/ether 3a:6d:08:c6:a1:40 brd ff:ff:ff:ff:ff:ff
18: tap106i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr106i0 state UNKNOWN group default qlen 1000
    link/ether 86:9f:ce:ec:c0:bb brd ff:ff:ff:ff:ff:ff
19: fwbr106i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 86:9f:ce:ec:c0:bb brd ff:ff:ff:ff:ff:ff
20: fwln106o0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr106i0 state UNKNOWN group default qlen 1000
    link/ether 86:8f:2a:56:96:89 brd ff:ff:ff:ff:ff:ff
33: tap614i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
    link/ether 06:cf:54:f7:d9:94 brd ff:ff:ff:ff:ff:ff
34: tap614i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
    link/ether ea:a3:b4:48:80:e7 brd ff:ff:ff:ff:ff:ff
38: tap615i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
    link/ether f6:89:f8:bc:f8:b1 brd ff:ff:ff:ff:ff:ff
39: tap615i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
    link/ether 7a:6b:74:7d:f3:1a brd ff:ff:ff:ff:ff:ff
 
Hello,

I was facing the same issue while working on OVS (Open vSwitch) 2.8.7.

So after investigating the issue, here what i go:

1- Your port MTU is fixed by default 1500
2- while you are receiving a packet with size > MTU, OVS will drop the packet because it is larger than what you support (dropped over-mtu packet).
3- This is not reproduced on linux bridge, Bridge linux can receive packet size larger than MTU because bridge is L2 it is not supposed to check on MTU because it has no port on Linux.
However on OVS Bridge bridge is acting as L2 while receiving and while forwarding it acts like L3 which will check MTU before sending packets that which lead us to the problem we encountered.
OVS bridge has port slaved under the bridge,

root@mynetwork:~# ovs-vsctl show
f99986dd-eb86-411e-8288-9b0759bfcf37
Manager "ssl:35.183.234.119:443"
is_connected: true
Bridge BR_LAN
Port "wl1"
Interface "wl1"
Port "eth5.31"
Interface "eth5.31"
Port "eth5.30"
Interface "eth5.30"
type: internal
Port "eth0.35"
Interface "eth0.35"
Port "eth1.1"
Interface "eth1.1"
Port BR_LAN
Interface BR_LAN
type: internal
Port "wl0"
Interface "wl0"

As you can we have bridge named BR_LAN and we have port named BR_LAN slaved under our bridge.

this will cause problem while receiving and forwarding packet size larger than your bridge MTU if you client is not doing the fragmentation.

I have working on this subject for a week and I think it's a limitation due to OVS but the good news that it could be solved.
In fact in *vport-netdeb.c* we can see the condition of dropping packet if it's size is larger than MTU and we are pointing on port MTU which normally it should be pointed on physical port only since bridge should behave as L2 .

So i added in this condition to test if the port type is different from internal, since internal is used for virtual port .

This solved the problem.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!