On Mon, 28 Apr 2008 09:56:49 +1000 "Leigh Sharpe" <lsharpe@xxxxxxxxxxxxxxxxxxxxxx> wrote: > Hi All, > I'm having some issues with my bridge reassembling fragmented packets, > with disastrous results. > I have a simple bridge set up: > > brctl addbr br0 > brctl addif br0 eth0 > brctl addif br0 eth1 > > Simple enough. The MTU on each interface is 1500, and so is the MTU on > the bridge itself. > I have the bridge connected something like this: > > PC A----Switch A---eth0 (bridge) eth1---Switch B---PC B. > > The Switches are adding VLAN headers and the like, but this seems to be > irrelevant to the problem. > If i ping from PC A to PC B, all is OK. But, when I ping using a > 1500-byte payload (or larger), the ping doesn't get through. Removing > the linux bridge and just going switch-switch works OK. > > Watching the ethernet ports on the bridge indicate that the ping is > entering the bridge on eth0, but not coming out of eth1. A packet > sniffer shows that the ping is being fragmented by PC A, and two packets > enter eth0. I then increased the MTU on eth0, eth1 and br0 to 1600, to > see if this was an MTU issue. I then see packets coming out of eth1, but > my switch is dropping them, because they are oversized. > Connecting eth1 straight to a packet sniffer shows that when two packets > enter eth0, the bridge is reassembling them into a single, larger > packet, which it then either drops because it is larget than the MTU of > eth1, or it passes a large packet (in this case, 1560 bytes or so). > Obviously, this packet is then dropped by other equipment in the > network, because it is too large for a proper ethernet packet. > > I am seeing this behaviour with any IP packets, not just ICMP. The > result is that anything which has a large-ish payload is being dropped > after it leaves the bridge. > > The question is, then: How do I stop the bridge from reassembling > fragmented packets? > > Are you using hardware that does Large Receive Offload (LRO)? Most hardware doesn't. The other possible problem would be ebtables/iptables rules. The bridge itself doesn't reassemble packets, but firewall rules might. _______________________________________________ Bridge mailing list Bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/bridge
