问题描述
我的公司正在设置Azure虚拟广域网,我们完全根据此页面中的文档设置了部署:
教程:使用Azure虚拟WAN创建站点到站点连接
https://docs.microsoft.com/en-us/ azure / virtual-wan / virtual-wan-site-to-site-portal
我们正在观察问题 其中IP片段在Azure VHUB中被删除。
(IKEv2 ipsec隧道MTU为1400)
问题1:从testsite1到VNET A的分段数据包正在虚拟HUB中删除
- 重现此步骤的步骤 问题:
从testsite1客户端ping到VNET ping IP Len为1400字节的服务器机器:
  - Ping将成功 - 无问题
从testsite1客户端ping到VNET ping IP Len为1401字节的服务器计算机:
  - Ping不成功。
  - 在tcpdumps中的VNET A VM上看不到第二个分段数据包。
  - 当隧道MTU减少到500Bytes并发送501B IP长度ping数据包时,会出现同样的问题。
我尝试重置Virtual Hub VPN网关并且问题仍然存在。
删除整个Azure虚拟WAN并从头开始重新启动问题仍然存在。
我们还观察到碎片数据包的另一个问题 - 通过Azure虚拟HUB从testsite1到testsite2的IP片段被Azure VHUB损坏 - 片段有16Byte标题是由Azure非自然添加的,并且在转发
重新组装后的数据包时不会被剥离。 在一个数据包上看到的额外16B标头值是( 01 02 02 04 61 96 c9 43 f9 8c ae e9 a4 ee 10 1d
现在第一个问题更为重要。
看起来像碎片数据包和Azure虚拟HUB / VPN网关的基本问题。
请告知我这是否已知发出一个d可用于解决此问题的任何变通方法。
谢谢。
My company is setting up Azure Virtual WAN and we have set up our deployment exactly as per the documentation in this page:
Tutorial: Create a Site-to-Site connection using Azure Virtual WAN
https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-site-to-site-portal
We are observing an issue where IP fragments are being dropped at the Azure VHUB.
(IKEv2 ipsec tunnel MTU is 1400)
Issue 1: Fragmented packets from testsite1 to VNET A are being dropped at Virtual HUB
- Steps to reproduce this issue:
Ping from testsite1 client to VNET A server machine with ping IP Len of 1400 Bytes:
- Ping will be successful - No Issues
Ping from testsite1 client to VNET A server machine with ping IP Len of 1401 Bytes:
- Ping is unsuccessful.
- Second fragmented packet is not seen on the VNET A VM in the tcpdumps.
- Same issue happens when Tunnel MTU is reduced to 500Bytes and a 501B IP length ping packet is sent.
I tried resetting the Virtual Hub VPN Gateway and issue still exists.
Deleted the entire Azure Virtual WAN and reboot from scratch and issue still exists.
We also observed another issue with fragmented packets - IP fragments from testsite1 to testsite2 via Azure Virtual Hub being corrupted by Azure VHUB - The fragment has a 16Byte header that is being added ineternally by Azure and not stripped when forwarding the packet post reassembly. The extra 16B Header value that was seen on one packet was (01 02 02 04 61 96 c9 43 f9 8c ae e9 a4 ee 10 1d
The first issue is more important right now.
Looks like a fundamental issue with fragmented packets and Azure Virtual HUB/ VPN Gateway.
Please let me know if this is a known issue and any workarounds that are available to resolve this behavior.
Thank you.
这篇关于Azure虚拟WAN站点到站点连接:虚拟HUB丢弃IP分段数据包的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!