yahoo-eng-team team mailing list archive

[Michael Johnson <johnsomor@xxxxxxxxx>]

New patch is here: https://review.openstack.org/#/c/399945/

** Project changed: neutron => octavia

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1640265

Title:
  LBaaSv2 uses fixed MTU of 1500, leading to packet dropping

Status in octavia:
  In Progress

Bug description:
  The LBaaSv2's HAProxy plugin sets up a VIF without specifying its MTU.
  Therefore, the VIF always gets the default MTU of 1500. When attaching
  the load balancer to a VXLAN-backed project (tenant) network, which by
  default has a MTU of 1450, this leads to packet dropping.

  Pre-conditions: A standard OpenStack + Neutron deployment. A project
  (tenant) network backed by VXLAN, GRE, or other protocol that reduces
  MTU to less than 1500.

  Step-by-step reproduction steps:
  * Create a SSL load balancer, OR a TCP load balancer terminated in a SSL server.
  * Try connecting to it: curl -kv https://virtual_ip

  Expected behaviour: connection attempts should succeed

  Actual behaviour: 25% to 50% connection attempts will fail to complete

  Log output: neutron-lbaasv2-agent.log displays:
  WARNING neutron.agent.linux.interface [-] No MTU configured for port <port_ID>

  OpenStack version: stable/newton
  Linux distro: Ubuntu 16.04
  Deployment mechanism: OpenStack-Ansible
  Environment: multi-node

  Perceived severity: This issue causes LBaaSv2 with HAProxy to be
  unusable for SSL and other protocols which need to transfer large
  (>1450 bytes) packets, unless external network equipment is set up to
  clamp the MSS or unless the deployer is able to set path_mtu to values
  greater than 1550.

To manage notifications about this bug go to:
https://bugs.launchpad.net/octavia/+bug/1640265/+subscriptions