HPE SimpliVity
Showing results for 
Search instead for 
Did you mean: 

Dont-Fragment flag set in SimpliVity management network traffic?

Occasional Contributor

Dont-Fragment flag set in SimpliVity management network traffic?

I was wondering if somebody knows if SimpliVity management traffic (from the virtual controllers) has the DF (Dont-Fragment) flag set in IP traffic?

I deal with a federation consisting of several SimpliVity clusters which connect through a WAN. Some sites use MPLS, but there is also a site which uses an IPSec VPN tunnel to connect to the other clusters.

The MTU for the management network is the default size of 1500. I can see some drops in network traffic from the SimpliVity nodes in the IPSec connected site.

As you may know, you cannot really send packets with MTU 1472 over an IPSec tunnel because of the encryption overhead. Unless you have the DF flag enabled, the packets will be fragmented over the IPsec tunnel.

Since there are no other issues with the IPsec connected site, I wonder if SimpliVity management network is set to use the DF flag? And if so, is it possible to disable the DF flag?

Occasional Advisor

Re: Dont-Fragment flag set in SimpliVity management network traffic?

@Sjoerd2106, The do not fragment flag is not set and sockets will adjust the MSS window based on what the network can handle. However, it is best practice to set the MTU for the OVCs to match the supported PMTU of the network. This MTU must be changed on all OVCs in the Federation. Please engage SimpliVity support to run a network test to determine what the OVCs should be configured to, and update the federation.

I am an HPE Employee
A quick resolution to technical issues for your HP Enterprise products is just a click away HPE Support Center Knowledge-base
Occasional Contributor

Re: Dont-Fragment flag set in SimpliVity management network traffic?

Thank you for your quick reply. What is your definition for "PMTU"? Is this the MTU size of the physical path between the systems (in general 1500) or is the the actual MTU size that is left after different headers are added to a packet in case their is for instance an IPSec tunnel used within the path?
As mentioned before there are multiple scenarios. A scenario in where a MPLS connection is used between 2 clusters and for these scenarios the actual MTU size is similar to the MTU size on a LAN connection (1500) and there is a scenario in where an IPSec tunnel is used between 2 clusters and the actual MTU size for the Tunnel is somewhere around 1400. In both scenarios the physical path has a MTU size of 1500 but depended on the technology used to connect the the locations together where the Simplivity nodes are located, this can lower down to around 1400.