yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1640265] [NEW] LBaaSv2 uses fixed MTU of 1500, leading to packet dropping

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Paulo Matias <1640265@xxxxxxxxxxxxxxxxxx>
Date: Tue, 08 Nov 2016 18:03:31 -0000
Reply-to: Bug 1640265 <1640265@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

The LBaaSv2's HAProxy plugin sets up a VIF without specifying its MTU.
Therefore, the VIF always gets the default MTU of 1500. When attaching
the load balancer to a VXLAN-backed project (tenant) network, which by
default has a MTU of 1450, this leads to packet dropping.

Pre-conditions: A standard OpenStack + Neutron deployment. A project
(tenant) network backed by VXLAN, GRE, or other protocol that reduces
MTU to less than 1500.

Step-by-step reproduction steps:
* Create a SSL load balancer, OR a TCP load balancer terminated in a SSL server.
* Try connecting to it: curl -kv https://virtual_ip

Expected behaviour: connection attempts should succeed

Actual behaviour: 25% to 50% connection attempts will fail to complete

Log output: neutron-lbaasv2-agent.log displays:
WARNING neutron.agent.linux.interface [-] No MTU configured for port <port_ID>

OpenStack version: stable/newton
Linux distro: Ubuntu 16.04
Deployment mechanism: OpenStack-Ansible
Environment: multi-node

Perceived severity: This issue causes LBaaSv2 with HAProxy to be
unusable for SSL and other protocols which need to transfer large (>1450
bytes) packets, unless external network equipment is set up to clamp the
MSS or unless the deployer is able to set path_mtu to values greater
than 1550.

** Affects: neutron
     Importance: Undecided
     Assignee: Paulo Matias (paulo-matias)
         Status: In Progress


** Tags: lbaas

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1640265

Title:
  LBaaSv2 uses fixed MTU of 1500, leading to packet dropping

Status in neutron:
  In Progress

Bug description:
  The LBaaSv2's HAProxy plugin sets up a VIF without specifying its MTU.
  Therefore, the VIF always gets the default MTU of 1500. When attaching
  the load balancer to a VXLAN-backed project (tenant) network, which by
  default has a MTU of 1450, this leads to packet dropping.

  Pre-conditions: A standard OpenStack + Neutron deployment. A project
  (tenant) network backed by VXLAN, GRE, or other protocol that reduces
  MTU to less than 1500.

  Step-by-step reproduction steps:
  * Create a SSL load balancer, OR a TCP load balancer terminated in a SSL server.
  * Try connecting to it: curl -kv https://virtual_ip

  Expected behaviour: connection attempts should succeed

  Actual behaviour: 25% to 50% connection attempts will fail to complete

  Log output: neutron-lbaasv2-agent.log displays:
  WARNING neutron.agent.linux.interface [-] No MTU configured for port <port_ID>

  OpenStack version: stable/newton
  Linux distro: Ubuntu 16.04
  Deployment mechanism: OpenStack-Ansible
  Environment: multi-node

  Perceived severity: This issue causes LBaaSv2 with HAProxy to be
  unusable for SSL and other protocols which need to transfer large
  (>1450 bytes) packets, unless external network equipment is set up to
  clamp the MSS or unless the deployer is able to set path_mtu to values
  greater than 1550.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1640265/+subscriptions

Follow ups

[Bug 1640265] Re: LBaaSv2 uses fixed MTU of 1500, leading to packet dropping
From: Michael Johnson, 2016-12-05