Known Issues

First ICMP packet is not delivered in a Logical Network in the case that the packet is fragmented

(:Last updated)

Detail

In IP communication, packets larger than Maximum Transfer Unit (MTU) are fragmented and sent according to the MTU set in the communication path.

In this issue, when ICMP packets (like ping) which are 3 times or more larger than the MTU of the interface of the VM (that is, fragmented into 4 or more smaller packets) are sent to a Logical Network, 4th and the subsequent fragmented packets of the 1st ICMP packet are NOT delivered. As a result, the destination server fails to reassemble and the packet is discarded.

Only the 1st packet is discarded. The 2nd and the subsequent packets are delivered correctly if they have the same source IP address, destination IP address and Identifier as the 1st packet and are sent within a certain period after the 1st packet was sent.

This issue does NOT occur in the case of TCP and UDP.

 

Region

All Regions

 

Example

<Output example when ICMP packets (like ping) which are 3 times or more larger than the MTU(DF flag off)>

It can be confirmed that the first packet is discarded if it is fragmented three times larger than the interface MTU of the VM.

(-l is an option to specify the packet size on Windows.)

 

C:\Users\Administrator>ping 192.168.1.1 -l 9000

 

Pinging 192.168.1.1 with 9000 bytes of data:

 

Request timed out.

Reply from 192.168.1.1: bytes=9000 time<1ms TTL=64

Reply from 192.168.1.1: bytes=9000 time<1ms TTL=64

Reply from 192.168.1.1: bytes=9000 time<1ms TTL=64

Reply from 192.168.1.1: bytes=9000 time<1ms TTL=64

 

Ping statistics for 192.168.1.1:

   Packets: Sent = 5, Received = 4, Lost = 1 (20% loss),

Approximate round trip times in milli-seconds:

   Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

If the OS does not change the Identifier when you execute ping, such as Windows Server 2016, you can confirm that all packets will be forwarded if you ping the same source IP address and destination IP address combination within a certain period of time .

In addition, in the case of OS such as Linux which the Identifier changes with each execution of ping, the first packet will be discarded even if ping is executed again within a certain period of time. The behavior here depends on the OS implementation.

 

C:\Users\Administrator>ping 192.168.1.1 -l 9000

 

Pinging 192.168.1.1 with 9000 bytes of data:

 

Reply from 192.168.1.1: bytes=9000 time<1ms TTL=64

Reply from 192.168.1.1: bytes=9000 time<1ms TTL=64

Reply from 192.168.1.1: bytes=9000 time<1ms TTL=64

Reply from 192.168.1.1: bytes=9000 time<1ms TTL=64

Reply from 192.168.1.1: bytes=9000 time<1ms TTL=64

 

Ping statistics for 192.168.1.1:

   Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

   Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

<Output example when ICMP packets (like ping) which are 3 times or more larger than the MTU (DF flag on)>

In order to check the MTU size that can be transferred without being fragmented, it is necessary to ping with Don’t Fragment flag (DF flag).

If it is larger than the IF MTU, you can confirm that the fragment is necessary and can not be transferred as shown below.

(-f is an option to set the Don’t Fragment flag on Windows)

 

C:\Users\Administrator>ping 192.168.1.1 -l 9000 -f

 

Pinging 192.168.1.1 with 9000 bytes of data:

 

Packet need to be fragmented but DF set.

Packet need to be fragmented but DF set.

Packet need to be fragmented but DF set.

Packet need to be fragmented but DF set.

Packet need to be fragmented but DF set.

 

Ping statistics for 192.168.1.1:

   Packets: Sent = 5, Received = 0, Lost = 5 (100% loss),

Approximate round trip times in milli-seconds:

   Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

Solution

In order to prevent unnecessary fragments, set the MTU of the resource connected to the Logical Network to the following value and communicate within the MTU size.

Data plane: MTU 1500 bytes

Storage plane: MTU 9000 bytes

If you want the MTU to be greater than 1500 bytes for resources connected to the data plane, set the MTU for all resources connected to the same segment to the same value. If the MTU differs between resources connected to the same segment, communication will not be possible, so be careful when changing the value. Please refer to the following web page for recommended or initial value of MTU for each resources.
https://ecl.ntt.com/documents/service-descriptions/network-common/common.html