jjo/openstack-neutron-gateway-mtu1500-workaround.txt

## openstack-neutron-gateway-mtu1500-workaround.txt
## Workaround openstack nova+openvswitch mtu issues when no jumbo frames are available,
## by setting up udev at neutron-gateway to hook on routing interface creation to
## lower the MTU (thus trigger ICMPs for PMTU discovery)

## See: https://blueprints.launchpad.net/neutron/+spec/network-options-mtu

## keywords: openstack, nova, openvswitch, mtu, 1500, no jumbo frames

## Create these two files:

mkdir -p fixes
cat > fixes/90-openstack-mtu.rules << EOF
# /etc/udev/rules.d/90-openstack-mtu.rules
SUBSYSTEM=="net", ACTION=="add", KERNEL=="tap*", RUN+="/usr/local/sbin/openstack-mtu-fix.sh %k"
EOF

cat > fixes/openstack-mtu-fix.sh << EOF
#!/bin/bash
# /usr/local/sbin/openstack-mtu-fix.sh
dev="$1"
(
echo $0 dev=$dev
case "$dev" in tap*)
    # udev will pass the tapXXXXXXX interface, while we need to hack the mtu at
    # the qr-XXXXXXXX side (the routing interface inside qrouter namespace)
    qrdev=qr-${dev#tap}
    # Try the qr-XXXXXXXX interface on every namespace, if found then set its mtu=1450
    cmd="ip li show dev $qrdev 2>/dev/null || exit 0; set -x; ip li set dev $qrdev mtu 1450"
    ip netns list|egrep qrouter|xargs -I@ ip netns exec @ sh -c "$cmd"
    ;;
esac
) |& logger -t openstack-mtu-fix
EOF

# Apply above with:
hack_neutron_gateway_mtu() {
    local rules64=$(base64 -w0 < fixes/90-openstack-mtu.rules)
    local sbin64=$(base64 -w0 < fixes/openstack-mtu-fix.sh)
    juju run --service=neutron-gateway "echo $rules64| base64 -d | install /dev/stdin /etc/udev/rules.d/90-openstack-mtu.rules; echo $sbin64| base64 -d | install -m 755 /dev/stdin /usr/local/sbin/openstack-mtu-fix.sh"
    juju run --service=neutron-gateway "udevadm control --reload; udevadm trigger --type=devices --subsystem-match=net --action=add  --property-match=INTERFACE='tap*'; udevadm settle; tail /var/log/syslog |egrep ip.li.set.*mtu"
}
hack_neutron_gateway_mtu
	## Workaround openstack nova+openvswitch mtu issues when no jumbo frames are available,
	## by setting up udev at neutron-gateway to hook on routing interface creation to
	## lower the MTU (thus trigger ICMPs for PMTU discovery)

	## See: https://blueprints.launchpad.net/neutron/+spec/network-options-mtu

	## keywords: openstack, nova, openvswitch, mtu, 1500, no jumbo frames

	## Create these two files:

	mkdir -p fixes
	cat > fixes/90-openstack-mtu.rules << EOF
	# /etc/udev/rules.d/90-openstack-mtu.rules
	SUBSYSTEM=="net", ACTION=="add", KERNEL=="tap*", RUN+="/usr/local/sbin/openstack-mtu-fix.sh %k"
	EOF

	cat > fixes/openstack-mtu-fix.sh << EOF
	#!/bin/bash
	# /usr/local/sbin/openstack-mtu-fix.sh
	dev="$1"
	(
	echo $0 dev=$dev
	case "$dev" in tap*)
	# udev will pass the tapXXXXXXX interface, while we need to hack the mtu at
	# the qr-XXXXXXXX side (the routing interface inside qrouter namespace)
	qrdev=qr-${dev#tap}
	# Try the qr-XXXXXXXX interface on every namespace, if found then set its mtu=1450
	cmd="ip li show dev $qrdev 2>/dev/null \|\| exit 0; set -x; ip li set dev $qrdev mtu 1450"
	ip netns list\|egrep qrouter\|xargs -I@ ip netns exec @ sh -c "$cmd"
	;;
	esac
	) \|& logger -t openstack-mtu-fix
	EOF

	# Apply above with:
	hack_neutron_gateway_mtu() {
	local rules64=$(base64 -w0 < fixes/90-openstack-mtu.rules)
	local sbin64=$(base64 -w0 < fixes/openstack-mtu-fix.sh)
	juju run --service=neutron-gateway "echo $rules64\| base64 -d \| install /dev/stdin /etc/udev/rules.d/90-openstack-mtu.rules; echo $sbin64\| base64 -d \| install -m 755 /dev/stdin /usr/local/sbin/openstack-mtu-fix.sh"
	juju run --service=neutron-gateway "udevadm control --reload; udevadm trigger --type=devices --subsystem-match=net --action=add --property-match=INTERFACE='tap'; udevadm settle; tail /var/log/syslog \|egrep ip.li.set.mtu"
	}
	hack_neutron_gateway_mtu