Public bug reported: The LBaaSv2's HAProxy plugin sets up a VIF without specifying its MTU. Therefore, the VIF always gets the default MTU of 1500. When attaching the load balancer to a VXLAN-backed project (tenant) network, which by default has a MTU of 1450, this leads to packet dropping.
Pre-conditions: A standard OpenStack + Neutron deployment. A project (tenant) network backed by VXLAN, GRE, or other protocol that reduces MTU to less than 1500. Step-by-step reproduction steps: * Create a SSL load balancer, OR a TCP load balancer terminated in a SSL server. * Try connecting to it: curl -kv https://virtual_ip Expected behaviour: connection attempts should succeed Actual behaviour: 25% to 50% connection attempts will fail to complete Log output: neutron-lbaasv2-agent.log displays: WARNING neutron.agent.linux.interface [-] No MTU configured for port <port_ID> OpenStack version: stable/newton Linux distro: Ubuntu 16.04 Deployment mechanism: OpenStack-Ansible Environment: multi-node Perceived severity: This issue causes LBaaSv2 with HAProxy to be unusable for SSL and other protocols which need to transfer large (>1450 bytes) packets, unless external network equipment is set up to clamp the MSS or unless the deployer is able to set path_mtu to values greater than 1550. ** Affects: neutron Importance: Undecided Assignee: Paulo Matias (paulo-matias) Status: In Progress ** Tags: lbaas -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1640265 Title: LBaaSv2 uses fixed MTU of 1500, leading to packet dropping Status in neutron: In Progress Bug description: The LBaaSv2's HAProxy plugin sets up a VIF without specifying its MTU. Therefore, the VIF always gets the default MTU of 1500. When attaching the load balancer to a VXLAN-backed project (tenant) network, which by default has a MTU of 1450, this leads to packet dropping. Pre-conditions: A standard OpenStack + Neutron deployment. A project (tenant) network backed by VXLAN, GRE, or other protocol that reduces MTU to less than 1500. Step-by-step reproduction steps: * Create a SSL load balancer, OR a TCP load balancer terminated in a SSL server. * Try connecting to it: curl -kv https://virtual_ip Expected behaviour: connection attempts should succeed Actual behaviour: 25% to 50% connection attempts will fail to complete Log output: neutron-lbaasv2-agent.log displays: WARNING neutron.agent.linux.interface [-] No MTU configured for port <port_ID> OpenStack version: stable/newton Linux distro: Ubuntu 16.04 Deployment mechanism: OpenStack-Ansible Environment: multi-node Perceived severity: This issue causes LBaaSv2 with HAProxy to be unusable for SSL and other protocols which need to transfer large (>1450 bytes) packets, unless external network equipment is set up to clamp the MSS or unless the deployer is able to set path_mtu to values greater than 1550. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1640265/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp