With the MTU being a known quantity in any port after #984, we need to inform an instance sending oversize frames that it has erred so that PMTUD can function. In this case, OPTE needs to reply with an ICMP 'destination unreachable(fragmentation needed)' or ICMPv6 'packet too big' message on any inbound/outbound traffic which violates the MTU.
There are a few things to be careful of:
- Packets which are GRO/TSO-eligible need to pass by OPTE unharmed so long as the MSS is within bounds.
- Inbound hairpin packets should work (i.e., which are then reflected back on the underlay), but I don't believe they've been tested in any load-bearing capacity til now.
- When replying to an inbound packet we need to re-encapsulate the ICMP message, and we may need to NAT it. What external IP should OPTE choose in this case? For VPC traffic, will the recipient OPTE allow through a packet whose source address is the same as itself?
With the MTU being a known quantity in any port after #984, we need to inform an instance sending oversize frames that it has erred so that PMTUD can function. In this case, OPTE needs to reply with an ICMP 'destination unreachable(fragmentation needed)' or ICMPv6 'packet too big' message on any inbound/outbound traffic which violates the MTU.
There are a few things to be careful of: