Service Engine dropping packets with comments: unsupported_ft_pkt_type
Article ID: 377888
Updated On:
Products
Issue/Introduction
Secondary Service Engines found dropping packets without any apparent reason, the dropped packets only has a comment on them: unsupported_ft_pkt_type
There is no other issues such as memory issues or any events found on AVI to explain the drops, no KNI errors either.
The packet is ignored even when received and the SE sends an duplicate ACK for the same packet again and the checksum is not 100% correct:
Example 1 of checksum:
Example 2 of checksum:
When a second packet arrives this time is processed by the SE and communication continues and the checksum status is correct:
There is also counters for ips_badtcpsum from the SE log serviceengine.txt
From the CLI it can be checked if checksum drop counter is increasing with:
show serviceengine <SE NAME> | grep checksum
| ip_checksum_drops | 0 |
| l4_checksum_drops | 0 |
Cause
When LRO is enabled (by default unless disabled) on the SEs the primary SE will receive smaller packets and merge them into Jumbo packets for faster processing then when they are sent to the secondary SE they are split again into smaller packets to comply with the MTU, this creates problems with the checksum and makes the secondary SE drop the packet.
Resolution
LRO needs to be disabled on the SEs, this is a SEG config change and can only be done from the CLI:
1. SSH into the controller, type shell and enter admin credentials
2. Type configure serviceenginegroup <Name>
3. Type no se_lro
4. Type save
Then the SEs needs to be rebooted for this configuration to take place.
Documentation regarding LRO: https://avinetworks.com/docs/latest/configuration-guide-tso-lro-gro-rss/#configuration-of-lro
Feedback
