Troubleshooting Connectivity Issues Between Oracle Analytics Cloud and On-Premises Data Sources: Unraveling PMTUD Challenges

January 26, 2024 | 4 minute read
Ravi Bhuma
Principal Solutions Architect, Oracle Analytics
Text Size 100%:

When you have connection issues between Oracle Analytics Cloud (OAC) and an on-premises database using Site-to-Site VPN or FastConnect, you're likely to experience connection failures or hangs. In this blog, you'll learn about a common culprit behind such issues: Path Maximum Transmission Unit Discovery (PMTUD) problems.

The following diagram illustrates an example with two hosts having a larger MTU than some intermediary network link between them not directly connected to either of them.

OAC-DB-MTU

The example shows two servers, each directly connected to its own routed network that supports a 9000-byte MTU. The servers are in different data centers. Each data center connects to the internet, which supports a 1500-byte MTU. A Site-to-Site VPN IPSec tunnel connects the two data centers. That tunnel crosses the internet, so the inside of the tunnel has a smaller MTU than the internet. In this diagram, the MTU is 1380 bytes.

If the two servers try to communicate (with SSH, for example), during the three-way handshake, they agree on an MSS around 8960. The initial SSH connection might succeed, because the maximum packet sizes during the initial SSH connection setup are usually less than 1380 bytes. When one side tries to send a packet larger than the smallest link between the two endpoints, Path MTU Discovery (PMTUD) becomes critical.

Understanding the Issue

PMTUD is a critical mechanism for ensuring smooth data transmission across networks. It allows devices to dynamically discover the Maximum Transmission Unit (MTU) for a specific network path. When a packet exceeds the MTU of an intermediate device or link, that device sends an ICMP "Fragmentation Needed" message back to the sender, indicating the maximum allowed MTU. The sender can then adjust its MTU for the path.

From a compute instance in the same VCN as your OAC instance, you might see the following while testing a SQL*Plus connection:

  • set mtu: sudo ifconfig <network card> mtu 1500
    The SQL*PLUS connection attempt returns ORA-03135: connection lost contact
  • set mtu: sudo ifconfig <network card> mtu 1100
    The SQL*PLUS connection attempt should be successful, else adjust the MTU size to the accepted value.

Troubleshooting Steps

  1. Enable PMTUD on your on-premises devices: Ensure that PMTUD is enabled on your on-premises devices. This allows them to dynamically adjust the MTU for optimal communication.
  2. Allow ICMP messages: Verify that your firewalls and security policies allow ICMP Type 3 (Destination Unreachable) and Code 4 (Fragmentation Needed) messages to be sent back to the sender. These messages are crucial for PMTUD.
  3. Adjust MTU on your on-premises router or firewall: If you have control over the router or firewall in the on-premises environment side, consider adjusting the accepted MTU settings. Be cautious with this change, as it may impact other traffic.
  4. Test PMTUD:  Utilize the Path MTU Discovery (PMTUD) mechanism to discover the maximum MTU size that can be used without fragmentation along the entire path.
    Here's how to test PMTUD:

On Linux/Unix:

  • Open a terminal window.
  • Check the status of the PMTUD settings using the sysctl command:

      sysctl net.ipv4.ip_no_pmtu_disc

If the command returns a value of 0, PMTUD is enabled. If it returns 1, PMTUD is disabled.


On Windows:

  • Open a command prompt with administrator privileges.
  • Check the PMTUD settings using the netsh command:

     netsh interface ipv4 show subinterfaces

Look for the "PMTUD" column in the output to determine if PMTUD is enabled or disabled.

 

How to Test PMTUD

Use the ping command with the "Don't Fragment" (-M do) option to perform PMTUD tests. Start with a larger packet size (for example, 1472) and decrease it incrementally until you no longer receive "Packet needs to be fragmented but DF set" error messages. The largest packet size that successfully reaches the destination without fragmentation indicates the Maximum MTU size for your path.

For example: ping -M do -s 1472 <destination_ip>

In this example:

  • -M do: Specifies the "Don't Fragment" option, which prevents the packet from being fragmented.
  • -s 1472: Sets the packet size to 1472 bytes. You can start with this size and decrease it incrementally.
  • <destination_ip>: Replace this with the IP address of the destination you want to test against.

Conclusion

By addressing PMTUD-related issues and ensuring that your network path supports proper MTU discovery, you can resolve connectivity problems between OAC and on-premises data sources. This proactive approach will lead to smoother and more reliable data transmission, enhancing your overall network performance.  For more information, please feel free to ask questions about this topic in the Oracle Analytics Community.

 

 

Ravi Bhuma

Principal Solutions Architect, Oracle Analytics

Oracle Analytics Service Excellence, CEAL Team


Previous Post

EBS managed connector for Oracle Fusion Data Intelligence

Krishna Prasad Kotti | 6 min read

Next Post


Oracle Analytics 推出新的 AI 功能

Benjamin Arnulf | 4 min read