When the source client sends fragmented packets to an Avi Virtual Service that is scaled out (VIP hosted in two or more Service Engines) reassembled punted packets to the secondary Service Engine(s) are dropped in the underlying infrastructure network.
Wireshark filter: ip.checksum_bad.expert
Primary SE capture
Reassembled Punted packet (same source client IP, same destination IP/VIP) ---- destination VIP VMware MAC vNIC --> destination Secondary SE VMware MAC vNIC
Affects Versions:
21.1.x
22.1.x
30.1.x
30.2.x
Reassembled packets by the Primary SE are punted/sent to the secondary SE with the wrong IP Checksum. This occurs regardless if LRO in enabled or disabled.
A fix will be delivered in upcoming VMware Avi Load Balancer GA release. Please look for Bug ID AV-212570 in the product release notes.
Workaround(s):
None from the VMware Avi Load Balancer product.
Adjust the MSS on the underlying network so the source client does not send fragmented packets to the Avi VS/VIP.