[ovs-discuss] OVS 2.9.0 native firewall drops empty payload TCP packets

Zhang, Jing C. (Nokia - CA/Ottawa) jing.c.zhang at nokia.com
Mon Aug 27 20:17:44 UTC 2018


It is a fresh install, not an upgrade.

uname -a
Linux overcloud-ovscompute-1 3.10.0-862.9.1.el7.x86_64 #1 SMP Mon Jul 16 16:29:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


We have wanted to switch to native firewall since 2.8 but can not do that because of multiple reports of TCP packet drop with the native firewall, observed by VNF either in the form of control plane message retransmission or in the form of TCP throughput degradataion .

But this is the first time we have nailed down a specific packet drop scenario that we can easily reproduce in our own lab, this time the customer is using our latest lineup which is ovs 2.9.

Jing

From: Gregory Rose <gvrose8192 at gmail.com>
Sent: Monday, August 27, 2018 4:08 PM
To: Zhang, Jing C. (Nokia - CA/Ottawa) <jing.c.zhang at nokia.com>; bugs at openvswitch.org
Subject: Re: [ovs-discuss] OVS 2.9.0 native firewall drops empty payload TCP packets


On 8/27/2018 6:20 AM, Zhang, Jing C. (Nokia - CA/Ottawa) wrote:
We have customers reporting sluggish HTTP download with OVS 2.9.0. After debugging, we find the issue is OVS 2.9.0 native firewall drops TCP control packets (TCP ACK) with empty payload. The issue can be avoided by either reverting back to the legacy Linux bridge firewall or enabling TCP timestamp at both HTTP server and client sides.
$ ovs-vswitchd --version
ovs-vswitchd (Open vSwitch) 2.9.0
DPDK 17.11.0
openvswitch-2.9.0-3.el7.x86_64

While I'm setting up to reproduce this could you let me know if this is something that just started happening
on a system without any changes to the underlying system configuration or operating system?  Or was there
a recent upgrade of the kernel or OVS?

What is the output of uname -a?

Thanks,

- Greg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20180827/1880ba24/attachment.html>


More information about the discuss mailing list