Application Access Issue After Upgrading to 22.1.5 on DSR-Enabled VS.
search cancel

Application Access Issue After Upgrading to 22.1.5 on DSR-Enabled VS.

book

Article ID: 402540

calendar_today

Updated On:

Products

VMware Avi Load Balancer

Issue/Introduction

  • Following an upgrade from version 21.1.x to 22.1.5, clients may observe HTTP 408 (Request Timeout) errors when accessing applications hosted on a Virtual Service (VS) with DSR (Direct Server Return) enabled.

  • On the Virtual Service packet capture, we can find that the same packet is transmitted from Avi to the backend server, but this packet will not appear in the packet capture on the backend server. As a result, the backend server fails to process the request and eventually sends a TCP reset (RST) directly to the client, leading to a connection failure.

Cause

The issue is occurring because the VS is attempting to send packets larger than the MTU supported on the Service Engine (SE). The issue stems from the fact that large packets are not being segmented into smaller TCP packets as expected. This behavior is the result of a bug introduced in version 22.1.5, related to Direct Server Return (DSR). 

Resolution

Temporary Workaround:

Disable the TSO (TCP Segmentation Offload) on the SE group.

[admin:cntrl]: > configure serviceenginegroup Default-Group          
[admin:cntrl]: serviceenginegroup> disable_tso    
Overwriting the previously entered value for disable_tso    
[admin:cntrl]: serviceenginegroup> save

 

Permanent Fix:

Perform the upgrade to the following versions where the fix has been applied:

30.2.1

22.1.6

Powered by Wolken Software