If your BIG-IQ VE needs to pass network traffic between an internal tenant (private) network and an external (public) network using an OpenStack virtual machine, the traffic must be directed through a router. The typical OpenStack configuration routes this through an Open-vSwitch Router. When data blocks pass through the router in this scenario, the traffic incurs a 50 byte overhead. For a BIG-IQ VE that sends and receives network traffic through interfaces that connect to internal tenant and external public networks, you must reduce the VE instance’s MTU value by 50 to account for that overhead.
This requirement applies to other virtual machine types (such as BIG-IP and Linux) not just BIG-IQ Virtual Edition.
A common indication that you need to adjust the MTU value is when you can make an SSH connection to the BIG-IQ, but you cannot make a web connection over HTTPS. If everything else is configured correctly, then check to see if the MTU setting is causing the issue. Correct configuration (in this case) means:
Ports 22 and 443 are open to receiving traffic.
All required system services appear to be running normally.
There is no abnormal consumption of system resources (RAM and CPU).
To verify that the MTU setting is causing the issue, you can log in to the BIG-IQ using SSH and run the following command:
ifconfig eth0 mtu 1450
. Then try connecting to the BIG-IQ again using your browser. If you can connect successfully, then you know that the MTU setting is the issue, and you need to permanently modify the MTU setting to make sure the user interface performs properly.
If you change the MTU value on the BIG-IQ using the command line, the value resets to 1500 whenever the VE reboots. So you need to edit the custom configuration file so that any time the VE restarts, the config file sets the correct value.