Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1501 length packages - problem with MTU on virtual pfSense (Proxmox)

    Scheduled Pinned Locked Moved Virtualization
    1 Posts 1 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      taenzerme
      last edited by

      Hello all,

      I'm running into some strange problems with too large packets on our WAN interface.

      Setup:

      • pfSense 2.2 64Bit on Proxmox 3.4 host, 2 cores, 4GB RAM, CPU max 5%
      • HW NIC eth1 => WAN, MTU 1500
      • HW NIC eth4 = > LAN, MTU 9000
      • HW NIC eth2 => LAN, connected to same switch, but not active
      • vmbr0, OVS Bridge => eth4 => LAN
      • vmbr1, OVS Bridge => eth1 => WAN
      • Jumbo Frames on switches enabled
      • pfSense MTU WAN If.: 1500
      • Clear invalid DF bits instead of dropping the packets: Enabled
      • Disable hardware checksum offload: Enabled
      • Disable hardware TCP segmentation offload: Enabled
      • Disable hardware large receive offload: Enabled
      • All other local if's on 9000 MTU
      • Storage cluster (Synology): 9000 MTU
      • VMs on all proxmox hosts: Default MTU 1500

      Log on Proxmox hosts tells me:

      
...
Mar 24 18:40:46 vmhost1 kernel: __ratelimit: 6 callbacks suppressed
Mar 24 18:40:46 vmhost1 kernel: openvswitch: tap108i7: dropped over-mtu packet: 1501 > 1500
Mar 24 18:40:46 vmhost1 kernel: openvswitch: tap108i7: dropped over-mtu packet: 1501 > 1500
Mar 24 18:40:46 vmhost1 kernel: openvswitch: tap108i7: dropped over-mtu packet: 1501 > 1500
Mar 24 18:40:46 vmhost1 kernel: openvswitch: tap108i7: dropped over-mtu packet: 1501 > 1500
Mar 24 18:40:46 vmhost1 kernel: openvswitch: tap108i7: dropped over-mtu packet: 1501 > 1500
Mar 24 18:40:46 vmhost1 kernel: openvswitch: tap108i7: dropped over-mtu packet: 1501 > 1500
...

      tap108i7 is the OVS bridge on the Proxmox host for WAN If. (vtnet7).

      I did some package capturing showing that large packets on the WAN interface come from an virtual IP, i.e. inside the network:

      
Id = 12
Source = 217.76.xxx.xx
Destination = 7x.x.x.xxx
Captured Length = 1506
Packet Length = 1506
Protocol = TCP
Date Received = 2015-03-24 17:28:54 +0000
Time Delta = 0.00888514518737793
Information = HTTP -> 58826 ([ACK], Seq=4188548632, Ack=3381854676, Win=243)

      The source IP is a public IP from our public pool currently NATing to a VM on another proxmox host on the same network.
      Destination is some random public IP (not ours).

      Any ideas why these large packages are beeing generated? Where do they come from? How do I stop them?

      The VMs "behind" the pfSense are on multiple vlans, each having their own DHCP server. The VLANs are created on the switches and assigned to the pfSense's virtual NICs. Should I set the VMs MTU to 9000, too, as they are on the local networks (the public IP's are NATed on the pfSense and not directly connected to the VM)?

      Thanks
      Sebastian

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.