From owner-freebsd-pf@freebsd.org Tue Dec 6 16:37:44 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0AE3DC6A2F9; Tue, 6 Dec 2016 16:37:44 +0000 (UTC) (envelope-from cross+freebsd@distal.com) Received: from hydra.pix.net (hydra.pix.net [IPv6:2001:470:e254:11::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.pix.net", Issuer "Pix.Com Technologies LLC CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id BD5C1166F; Tue, 6 Dec 2016 16:37:43 +0000 (UTC) (envelope-from cross+freebsd@distal.com) Received: from mail.distal.com (mail.distal.com [IPv6:2001:470:e24c:200:0:0:0:ae25]) (authenticated bits=0) by hydra.pix.net (8.16.0.19/8.15.2) with ESMTPSA id uB6GbYpT010892 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Tue, 6 Dec 2016 11:37:42 -0500 (EST) (envelope-from cross+freebsd@distal.com) Received: from [IPv6:2001:420:2710:1330:5c30:fff7:412f:bf14] ([IPv6:2001:420:2710:1330:5c30:fff7:412f:bf14]) (authenticated bits=0) by mail.distal.com (8.15.2/8.15.2) with ESMTPSA id uB6GbWYX053157 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 6 Dec 2016 11:37:33 -0500 (EST) (envelope-from cross+freebsd@distal.com) Content-Type: multipart/signed; boundary="Apple-Mail=_EEED0B37-58D1-4216-8357-49C3F65A1E65"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: Problems with FreeBSD (amd64 stable/11) router From: Chris Ross In-Reply-To: Date: Tue, 6 Dec 2016 11:37:20 -0500 Cc: freebsd-net , freebsd-pf@freebsd.org Message-Id: References: <619F01C2-5A20-4E25-AB0B-4064B598239D@distal.com> <8C636365-DD9D-4375-9418-D540D8D13C56@distal.com> To: Ryan Stone X-Mailer: Apple Mail (2.3124) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Dec 2016 16:37:44 -0000 --Apple-Mail=_EEED0B37-58D1-4216-8357-49C3F65A1E65 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Dec 6, 2016, at 09:34, Ryan Stone wrote: >=20 > Let me confirm I understand what's happening: >=20 > 1) You want to use your router to vlan-tag traffic from your network, = and then send it out of a lagg over bce interfaces. The bxe interfaces = have their MTU set to 1500 and the vlan interface to 1496 I believe this is correct. All traffic is using vlan interfaces, = including the external network connection. But they are all over a lagg = on two bce=E2=80=99s. > 2) The TiVo is sending packets with a payload size of 1500 and the DF = bit set. >=20 > If this is the case, then the problem is simply that when the packets = are passed through the vlan interface, the payload of the packets = exceeds the MTU, but as the DF bit is set, the packets cannot be = fragmented. Your choices are either to use a 1500 byte MTU on the vlan = interface (assuming that the network that you are routing to can accept = 1518 byte packets), or only advertise a 1496 byte MTU in your internal = network. Perhaps I misunderstood, but I thought that the router should send an = ICMP in this case (that it cannot fragment the packets due to the DF = bit), which would then cause the TiVo to send smaller packets. But = passing that detail for now; You mention =E2=80=9Conly advertise a 1496 byte MTU in [my] internal = network.=E2=80=9D I tried doing this by setting an =E2=80=9Cinterface-mtu= =E2=80=9D option in the DHCP response to the device, but it didn=E2=80=99t= obey that option. Do you know of another way to =E2=80=9Cadvertise=E2=80= =9D MTU=E2=80=99s on the internal network? You also mention using a higher MTU on the network. I hadn=E2=80=99t = thought of this, but presume it would work. I would only need support = for that MTU on the bce=E2=80=99s, and in the ethernet switches, = correct? The ethernet switches I have are Dell PowerConnect 2724 and = 2824 switches, which claim to support jumbo frames. I=E2=80=99ll have = to find out if I have to _do_ anything to support that, but it should = work. Thanks for the suggestion, I=E2=80=99ll look into that=E2=80=A6 - Chris --Apple-Mail=_EEED0B37-58D1-4216-8357-49C3F65A1E65 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYRulHAAoJEPFBDnXvoNg0MMwP/jKDI2ObON879i5RkFXA9GmW rCipiwXItvgmWbXgVBhq7PuokSnsfIp//7yLke5ks6058/imCw9ib/hJTfyIy4uZ xFU73UROYb3iexuQa5FoCHnbSArhzPQyleEUxFBJ9GJ0fVwWD2O0gLTuEuC3ArvP 3t/pNoPuTjYfF54zrK94xuIls77q/Ot47PX7tTmX11xpkyigLeqU0ImlBdJQM+3C sHLoZ2rTSr2bhidWWglLG9TxfdztKCXpZ/DGQnS889t8zGe2lfVidLz4tv/hgb6r 7hBC4nAbT18Df6zQEdli6MmItYVnkbPquvpYcRW3uTs1hd1w32nEUMugHqDmObkA 1vfd/BlSSlp32umJShE2QuEycoK5yLpbBg9wirUrYvOe4K+8LszKrLX0AbszeP6y L8GRN9jYEG+xTjImAWhJcSnl1WQhUoNQReG4uprMjuFb1CMay3EiJO1q8RRJhCvy Duw79rLzFvN/YprQ7U89VHrvEy+TCD1UXKr2foXMPdb/27H97Jj8I3EyHg55Xre2 vabLZ3gPR7dbFnwQmUH0tZxTYvS/r6dRDB76svFtkew+m4B/X/CEBhzSoce6HKzm j4yaj4lPUqhSplrH1nbfW/jdELoGnm0klxGwC+BGRzKDm2gwMAkatZKEW7tdBClT 2iJ7khZ1RkMdiKlf6gaV =J15r -----END PGP SIGNATURE----- --Apple-Mail=_EEED0B37-58D1-4216-8357-49C3F65A1E65--