Package drop with large MTU on Compute's internal instance bridges in Red Hat OpenStack Platform

Solution In Progress - Updated -

Issue

Facing package drops if packages are fragmented into 3 instead of 2 on a VNF vendor's instances. If the packages are fragmented into two packages, then they pass through, if they fragmented into 3, then they seem to be dropped on the tap interface/the instances kernel bridge.

This is tracked in upstream bug https://bugs.launchpad.net/neutron/+bug/1542032

Summary: When the security groups and the Neutron firewall are active in Openstack, each and every VM virtual network interfaces (VNIC) is isolated in a Linux bridge and IP reassembly must be performed in order to allow firewall inspection of the traffic. The reassembled traffic sometimes exceed the capacity of the physical interfaces and the traffic is not forwarded properly.

Environment

Red Hat OpenStack Platform 8.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content