LBaaSv2 uses fixed MTU of 1500, leading to packet dropping
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
octavia |
Fix Released
|
Low
|
Brandon Logan |
Bug Description
The LBaaSv2's HAProxy plugin sets up a VIF without specifying its MTU. Therefore, the VIF always gets the default MTU of 1500. When attaching the load balancer to a VXLAN-backed project (tenant) network, which by default has a MTU of 1450, this leads to packet dropping.
Pre-conditions: A standard OpenStack + Neutron deployment. A project (tenant) network backed by VXLAN, GRE, or other protocol that reduces MTU to less than 1500.
Step-by-step reproduction steps:
* Create a SSL load balancer, OR a TCP load balancer terminated in a SSL server.
* Try connecting to it: curl -kv https:/
Expected behaviour: connection attempts should succeed
Actual behaviour: 25% to 50% connection attempts will fail to complete
Log output: neutron-
WARNING neutron.
OpenStack version: stable/newton
Linux distro: Ubuntu 16.04
Deployment mechanism: OpenStack-Ansible
Environment: multi-node
Perceived severity: This issue causes LBaaSv2 with HAProxy to be unusable for SSL and other protocols which need to transfer large (>1450 bytes) packets, unless external network equipment is set up to clamp the MSS or unless the deployer is able to set path_mtu to values greater than 1550.
tags: | added: newton-backport-potential |
Changed in neutron: | |
importance: | Undecided → Low |
Changed in neutron: | |
assignee: | Paulo Matias (paulo-matias) → Brandon Logan (brandon-logan) |
Changed in octavia: | |
status: | In Progress → Fix Committed |
status: | Fix Committed → Fix Released |
Fix proposed to branch: master /review. openstack. org/395103
Review: https:/