Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 27 Feb 2023 10:56:48 +0000
From:      Alexander Chernikov <melifaro@freebsd.org>
To:        Victor Gamov <vitspec@gmail.com>
Cc:        freebsd-net <freebsd-net@freebsd.org>
Subject:   Re: ECMP, DF-bit and ICMP "Fragmentation needed"
Message-ID:  <D6B018C6-C3CF-41FB-9EF5-EAECA63ECB1F@freebsd.org>
In-Reply-To: <CAPOOyvkdnfotpEHwWYfRBUfmLmF9-eBLHWU-LOJnDVSBy_S4_A@mail.gmail.com>
References:  <CAPOOyvkdnfotpEHwWYfRBUfmLmF9-eBLHWU-LOJnDVSBy_S4_A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 


> On 26 Feb 2023, at 12:07, Victor Gamov <vitspec@gmail.com> wrote:
>=20
> Hi All
>=20
> I have following scheme:
> - LAN segment 10.5.8.0/24 with router1 (10.5.8.1) and MTU=3D1500
> - two hosts at LAN segment host21 (10.5.8.21) and host22 (10.5.8.22)
> - host21 and host22 has VIP=3D172.16.110.30 configured as =
LAN-interface alias
> - host21 and host22 ha BGP peering with router1 and announce VIP to =
router1
> - hostX somewhere at intranet
> - ipsec-tunnel with MTU=3D1400
>=20
> ECMP works fine and traffic from other segments to VIP is balanced =
between host21+host22 by router1.
>=20
> The problem is:
> when host21 and/or host22 send large packet with DF-bit using VIP as =
source then ipsec-router sends ICMP "Fragmentation needed" and then this =
ICMP is _always_ sent to only host22 by router1.
>=20
> I think it may be hard or impossible to find proper VIP-owner to send =
this ICMP.  Is it possible to propagate such ICMP to all VIP-owners in =
router1 routing-table? Or may some data from ICMP message be used to =
properly calculate ECMP-hash to find a real VIP-owner which must receive =
this ICMP?
Generally it=E2=80=99s pretty hard to do. The path may go through the =
multiple routers which has it own hash calculation + seed to avoid the =
traffic polarisation. Personally I=E2=80=99d suggest doing some sort of =
ICMP replication on either the source node or the hosts.
>=20
>=20
> Thanks!th
>=20
>=20
> --=20
> CU,
> Victor Gamov

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D6B018C6-C3CF-41FB-9EF5-EAECA63ECB1F>