Packet Fragmentation From Client to a scaled out VS on an Avi LB causes issues
search cancel

Packet Fragmentation From Client to a scaled out VS on an Avi LB causes issues

book

Article ID: 378565

calendar_today

Updated On:

Products

VMware Avi Load Balancer

Issue/Introduction

When the source client sends fragmented packets to an Avi Virtual Service that is scaled out (VIP hosted in two or more Service Engines) reassembled punted packets to the secondary Service Engine(s) are dropped in the underlying infrastructure network.

Wireshark filter: ip.checksum_bad.expert

Primary SE capture

Reassembled Punted packet (same source client IP, same destination IP/VIP) ---- destination VIP VMware MAC vNIC --> destination Secondary SE VMware MAC vNIC 

Environment

Affects Versions:

21.1.x

22.1.x

30.1.x

30.2.x

Cause

Reassembled packets by the Primary SE are punted/sent to the secondary SE with the wrong IP Checksum.  This occurs regardless if LRO in enabled or disabled.

Resolution

A fix will be delivered in upcoming VMware Avi Load Balancer GA release.  Please look for Bug ID AV-212570 in the product release notes.

Workaround(s):

None from the VMware Avi Load Balancer product.

Adjust the MSS on the underlying network so the source client does not send fragmented packets to the Avi VS/VIP.