Linux Network Namespace MTU Testing Script (force IP Fragmentation)

gistfile1.txt

#!/bin/bash
set -e

# Clean up old namespaces and links
for ns in client router server; do
  ip netns del $ns 2>/dev/null || true
done

for link in br-client br-server veth-client veth-client-br veth-router1 veth-router1-br veth-router2 veth-router2-br veth-server veth-server-br; do
  ip link del $link 2>/dev/null || true
done

echo "[+] Creating namespaces"
ip netns add client
ip netns add router
ip netns add server

echo "[+] Creating veth pairs"
ip link add veth-client type veth peer name veth-client-br
ip link add veth-router1 type veth peer name veth-router1-br
ip link add veth-router2 type veth peer name veth-router2-br
ip link add veth-server type veth peer name veth-server-br

echo "[+] Creating bridges"
ip link add name br-client type bridge
ip link add name br-server type bridge

echo "[+] Bringing up bridges"
ip link set br-client up
ip link set br-server up

echo "[+] Connecting veths to bridges"
ip link set veth-client-br master br-client
ip link set veth-router1-br master br-client
ip link set veth-server-br master br-server
ip link set veth-router2-br master br-server

echo "[+] Bringing up bridge interfaces"
for dev in veth-client-br veth-router1-br veth-server-br veth-router2-br; do
  ip link set $dev up
done

echo "[+] Moving veth ends into namespaces"
ip link set veth-client netns client
ip link set veth-router1 netns router
ip link set veth-router2 netns router
ip link set veth-server netns server

echo "[+] Assigning IP addresses"
ip netns exec client ip addr add 10.0.0.1/24 dev veth-client
ip netns exec router ip addr add 10.0.0.254/24 dev veth-router1
ip netns exec router ip addr add 10.0.1.254/24 dev veth-router2
ip netns exec server ip addr add 10.0.1.1/24 dev veth-server

echo "[+] Setting MTU"
for ns_dev in "client veth-client" "router veth-router1" "router veth-router2" "server veth-server"; do
  ns=${ns_dev% *}
  dev=${ns_dev#* }
  ip netns exec $ns ip link set $dev mtu 1500
done

echo "[+] Bringing up loopback and veth interfaces"
for ns in client router server; do
  ip netns exec $ns ip link set lo up
done

for ns_dev in "client veth-client" "router veth-router1" "router veth-router2" "server veth-server"; do
  ns=${ns_dev% *}
  dev=${ns_dev#* }
  ip netns exec $ns ip link set $dev up
done

echo "[+] Adding default routes"
ip netns exec client ip route add default via 10.0.0.254
ip netns exec server ip route add default via 10.0.1.254

echo "[+] Enabling IP forwarding on router"
ip netns exec router sysctl -w net.ipv4.ip_forward=1 >/dev/null

echo "[+] Bridge status:"
bridge link show

echo "[+] Checking IP addresses:"
ip netns exec router ip addr
ip netns exec client ip addr
ip netns exec server ip addr

# Allow forwarding through bridges
sudo iptables -I FORWARD -i br-client -j ACCEPT
sudo iptables -I FORWARD -o br-client -j ACCEPT
sudo iptables -I FORWARD -i br-server -j ACCEPT
sudo iptables -I FORWARD -o br-server -j ACCEPT

# Disable TSO, GSO, GRO
sudo ip netns exec client ethtool -K veth-client tso off gso off gro off
sudo ip netns exec server ethtool -K veth-server tso off gso off gro off
sudo ip netns exec router ethtool -K veth-router1 tso off gso off gro off
sudo ip netns exec router ethtool -K veth-router2 tso off gso off gro off

# Lower MTU on router's server-facing interface
sudo ip netns exec router ip link set veth-router2 mtu 800

# Disable MTU discovery on the client side
sudo ip netns exec client sysctl -w net.ipv4.ip_no_pmtu_disc=1
sudo ip netns exec client sysctl -w net.ipv4.tcp_mtu_probing=0

echo
echo "[✓] Setup complete. Testing connectivity:"
echo "Router ➜ Client:"
ip netns exec router ping -c 2 10.0.0.1 || echo "❌ Router ➜ Client failed"
echo
echo "Client ➜ Server:"
ip netns exec client ping -c 2 10.0.1.1 || echo "❌ Client ➜ Server failed"

echo
echo "📡 You can test throughput like this:"
echo "  sudo ip netns exec server iperf3 -s"
echo "  sudo ip netns exec client iperf3 -c 10.0.1.1 -t 10"