MTU not respected after enabling Cluster firewall

E

ednt

Well-Known Member
Mar 16, 2017
107
7
58
Hi,

strange things happens:

We have a small cluster with 4 pves. All of them has vmbrs with a MTU of 9000 cause of ceph speed, 2 of them with a bond, but that's not important.
The client VMs uses a MTU of 1500 for the internet interface.

Every thing worked fine, large udp packets were fragmented inside the VM and outside of the VM.

Yesterday we want to start using the firewall of pve.

For a first step we set IN and OUT to ACCEPT and enabled the cluster firewall.

After this step, the VM still fragments the udp packets, but outside in the pve they are 'reassembled' and sendet as one large packet.
As result, the udp packets were not received by our destination in the internet.

Disabling the cluster firewall did not solve the problem. We had to reboot afterwards the pve with the VM inside.
After the reboot, the packets were again transmitted fragmented in the pve as they should.

Any idea?

We inspect the loaded kernel modules of the pve and before the reboot, after enabling and disabling the cluster firewall there are a lot more
modules loaded like nf_fragment ...

After a reboot these modules are not loaded.

The cluster is on 6.3-6
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom