HPE Community
HPE OneView
1833187 Members
2726 Online
110051 Solutions
New Discussion

Yet another MTU Question

 
SOLVED
Go to solution
KenWK
Regular Visitor

‎08-01-2023 12:03 PM - last edited on ‎08-01-2023 09:08 PM by

‎08-01-2023 12:03 PM - last edited on ‎08-01-2023 09:08 PM by

Yet another MTU Question

We have OneView v8.4 and a bunch of iLO4's in a remote location on a private secure network that uses TACLANEs to encrypt traffic.  These drop the MTU quite a bit, so much that a setting of 1200 seems to be required to allow traffic to pass. Fragmentation of packets is not supported.

I need some way to get into the OneView appliance and drop it's MTU to 1200 or some way to change the iLO's to use an MTU of 1200.  I dont really care which end gets modified, but I would prefer it be the iLO's.  Is there a local account on the OneView I can use to make this change?  The maintenance access doesnt give much in the way of options.

0 Kudos
Reply
3 REPLIES 3
ChrisLynch
HPE Pro

‎08-01-2023 06:01 PM

‎08-01-2023 06:01 PM

Solution

Re: Yet another MTU Question

MTU only applies to L2 connections. If the OneView appliance is remote across an L3 gateway, attempting to change the MTU on the appliance isn't the correct approach. Regardless, the MTU cannot be changed on the appliance

As for ILO, it is also a fixed size and cannot be changed.

I'm not sure how we can support this configuration. TACLANEs appears to be an old technology to secure IP communications between devices or clients.

Feel free to private message me with your email address so alwe can discuss this further.
I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
jilea3
Occasional Visitor

‎08-11-2023 02:39 AM - last edited on ‎08-14-2023 01:19 AM by

‎08-11-2023 02:39 AM - last edited on ‎08-14-2023 01:19 AM by

Re: Yet another MTU Question

As i know  iLO settings are typically managed through BIOS or iLO firmware interfaces. You might need to access each iLO's web interface individually and check if there's an MTU configuration option. You can log in using the iLO's IP address through a web browser. HPE OneView generally does not expose direct low-level settings like MTU to end-users. However, you can check if there's a way to modify network profiles or templates within HPE OneView to adjust network settings that could indirectly affect MTU. Work with your network team to adjust the MTU settings on the network devices, including switches and routers, to accommodate the lower MTU requirement due to TACLANE encryption. 

 

0 Kudos
Reply
KenWK
Regular Visitor

‎08-11-2023 10:21 AM

‎08-11-2023 10:21 AM

Re: Yet another MTU Question

I have been informed by Mr. Lynch that there is no mechanism to adjust MTU on the iLO or the OneView server.  There are probably additional devices in the path that do encrpytion and pad the packet making it exceed the MTU limits, and MTU path discovery doesnt work for whatever reason. Packets that are fragmented will get dropped and packets that do not pass the decryption checks will get dropped.  Adjusting the MTU down to 1200 in some cases has been our only solution for this issue since we do not control the network transport.  There is also a latency component at this one site that exceeds 350ms, which also presents a problem. The only solution would probably be to deply OneView on the site, but that doesnt seem worth it for 5 servers.

I appreciate the response!

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.