Open rajannpatel opened 10 months ago
This breaks apt update, snap install, and effectively creates an airgapped container.
This is interesting because most home internet connections use PPPoE tunneling that also reduces the MTU to the internet to less than 1500, and yet the internal network still commonly uses 1500 MTU on all devices and the internet connections are still working.
Normally this is because the ISP's router or network performs TCP MSS clamping
https://www.cloudflare.com/en-gb/learning/network-layer/what-is-mss/
So presumably in these environments no such clamping is being applied.
Additionally it may also be because these provider networks (or your particular local firewall setup) is blocking PMTU:
https://en.wikipedia.org/wiki/Path_MTU_Discovery
In principle your proposal sounds like a good idea, I will consider if there are any downsides or possible regressions making this change would introduce.
@rajannpatel interestingly the GCP doc you linked to says:
TCP SYN and SYN-ACK packets Google Cloud performs MSS clamping if necessary, changing the MSS to ensure packets fits within the MTU.
So this makes me wonder why you are experiencing these issues?
Can you advise further what the specific problem is, is it UDP traffic (DNS perhaps) that is causing the problem? As MSS clamping only affects TCP.
Is it possible to provider reproducer steps using just LXD without landscape, i.e lxc launch ...
and then lxc exec
with commands that demonstrate the problem?
Issue description
When running
lxd init --auto a
lxdbr0 interface is created, and all LXD containers will have network interfaces on lxdbr0. LXD hardcodes the MTU on lxdbr0 at 1500, which is a sensible default, but causes problems or inefficiencies when the MTU on the host machine’s default network adapter is different. On Oracle Cloud the network adapter is configured for jumbo frames, and has an MTU of 9000. On Google Cloud the MTU on the default adapter is 1460.As a result, LXD containers are unable to access the Internet. This breaks apt update, snap install, and effectively creates an airgapped container. What is worse, the issue is completely undocumented, so it requires a lot of digging and requires an understanding of networking to figure out the solution.
Anybody using LXD on Google Cloud is adversely impacted by this. They have a page dedicated to explaining the issues of mismatched MTUs here: https://cloud.google.com/vpc/docs/mtu
Steps to reproduce
lxd init --auto
ip a
Information to attach
lxd init --auto
should create the lxdbr0 interface with an MTU that matches the default network adapter on the host machine. This is manually achieved today via 2 commands:When using LXD as a stepping stone for trying other Canonical software, we have to explain these MTU pitfalls. It makes LXD look unrefined and unnecessarily complex when adding these steps to a “quickstart” or “getting started” how-to: https://gist.github.com/rajannpatel/cdc43b30a863824b139fb7a18f2e99a5