[ovs-discuss] OVS 2.9.0 native firewall drops empty payload TCP packets

Gregory Rose gvrose8192 at gmail.com
Mon Aug 27 20:07:41 UTC 2018


On 8/27/2018 6:20 AM, Zhang, Jing C. (Nokia - CA/Ottawa) wrote:
> We have customers reporting sluggish HTTP download with OVS 2.9.0. 
> After debugging, we find the issue is OVS 2.9.0 native firewall drops 
> TCP control packets (TCP ACK) with empty payload. The issue can be 
> avoided by either reverting back to the legacy Linux bridge firewall 
> or enabling TCP timestamp at both HTTP server and client sides.
> $ ovs-vswitchd --version
> ovs-vswitchd (Open vSwitch) 2.9.0
> DPDK 17.11.0
> openvswitch-2.9.0-3.el7.x86_64

While I'm setting up to reproduce this could you let me know if this is 
something that just started happening
on a system without any changes to the underlying system configuration 
or operating system?  Or was there
a recent upgrade of the kernel or OVS?

What is the output of uname -a?

Thanks,

- Greg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20180827/e6b3d02c/attachment-0001.html>


More information about the discuss mailing list