octavia

LBaaSv2 uses fixed MTU of 1500, leading to packet dropping

Bug #1640265 reported by Paulo Matias
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
octavia
Fix Released
Low
Brandon Logan

Bug Description

The LBaaSv2's HAProxy plugin sets up a VIF without specifying its MTU. Therefore, the VIF always gets the default MTU of 1500. When attaching the load balancer to a VXLAN-backed project (tenant) network, which by default has a MTU of 1450, this leads to packet dropping.

Pre-conditions: A standard OpenStack + Neutron deployment. A project (tenant) network backed by VXLAN, GRE, or other protocol that reduces MTU to less than 1500.

Step-by-step reproduction steps:
* Create a SSL load balancer, OR a TCP load balancer terminated in a SSL server.
* Try connecting to it: curl -kv https://virtual_ip

Expected behaviour: connection attempts should succeed

Actual behaviour: 25% to 50% connection attempts will fail to complete

Log output: neutron-lbaasv2-agent.log displays:
WARNING neutron.agent.linux.interface [-] No MTU configured for port <port_ID>

OpenStack version: stable/newton
Linux distro: Ubuntu 16.04
Deployment mechanism: OpenStack-Ansible
Environment: multi-node

Perceived severity: This issue causes LBaaSv2 with HAProxy to be unusable for SSL and other protocols which need to transfer large (>1450 bytes) packets, unless external network equipment is set up to clamp the MSS or unless the deployer is able to set path_mtu to values greater than 1550.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron-lbaas (master)

Fix proposed to branch: master
Review: https://review.openstack.org/395103

Changed in neutron:
assignee: nobody → Paulo Matias (paulo-matias)
status: New → In Progress
Andreas Scheuring (andreas-scheuring)
tags: added: newton-backport-potential
Changed in neutron:
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron-lbaas (master)

Change abandoned by Paulo Matias (<email address hidden>) on branch: master
Review: https://review.openstack.org/395103

OpenStack Infra (hudson-openstack)
Changed in neutron:
assignee: Paulo Matias (paulo-matias) → Brandon Logan (brandon-logan)
Revision history for this message
Michael Johnson (johnsom) wrote :

New patch is here: https://review.openstack.org/#/c/399945/

affects: neutron → octavia
Revision history for this message
Paulo Matias (paulo-matias) wrote :

Fixed in master. Backport to stable/newton proposed here: https://review.openstack.org/#/c/407617

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron-lbaas 10.0.0.0b2

This issue was fixed in the openstack/neutron-lbaas 10.0.0.0b2 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron-lbaas (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/414157

Michael Johnson (johnsom)
Changed in octavia:
status: In Progress → Fix Committed
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron-lbaas (stable/mitaka)

Change abandoned by Nir Magnezi (<email address hidden>) on branch: stable/mitaka
Review: https://review.openstack.org/414157
Reason: okay, looks like this is the final verdict.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron-lbaas 9.2.0

This issue was fixed in the openstack/neutron-lbaas 9.2.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.