Connections may be dropped at the SE when GRO is enabled at the SE Group and when the TCP timestamp option is not present in TCP data
search cancel

Connections may be dropped at the SE when GRO is enabled at the SE Group and when the TCP timestamp option is not present in TCP data

book

Article ID: 378070

calendar_today

Updated On:

Products

VMware Avi Load Balancer

Issue/Introduction

If GRO is enabled on the service engine group, and the TCP timestamp option is not present in the client's TCP data, this could lead to connection drops.

 

Upgrading from a prior version will carry forward the GRO configuration for a SE group.

However, if a SE group is newly created from version 22.1.1 onwards, GRO will be auto-enabled for SEs with greater than or equal to 8 vCPUs.

GRO reference KB - https://avinetworks.com/docs/latest/tso-gro-rss-features/ 

 

Bug ID - AV-157546. This bug affects Avi versions 22.1.2 and earlier.

 

Cause

In the DPDK GRO library, the padded length with the Ethernet header was considered as the payload length.

The GRO layer was not validating the packet length with IP length + Ethernet Header.

This resulted in incorrect ACK numbers being sent from the SE and consequent connection drops.

Resolution

This issue is fixed in the following versions:

  • 22.1.1-2p5
  • 22.1.2-2p7
  • 22.1.3

Release notes - https://docs.vmware.com/en/VMware-NSX-Advanced-Load-Balancer/22.1/Release_Notes/GUID-3252F393-1D4B-4355-8D2D-A0D3D90F7695.html 

 

The workaround is to disable GRO at the service engine group configuration via CLI. Below are the steps to do the same -

> configure serviceenginegroup Default-Group
> disable_gro
> save

Configuration guide - https://avinetworks.com/docs/latest/configuration-guide-tso-lro-gro-rss/ 

Powered by Wolken Software