Package drop with large MTU on Compute's internal instance bridges in Red Hat OpenStack Platform
Issue
Facing package drops if packages are fragmented into 3 instead of 2 on a VNF vendor's instances. If the packages are fragmented into two packages, then they pass through, if they fragmented into 3, then they seem to be dropped on the tap interface/the instances kernel bridge.
This is tracked in upstream bug https://bugs.launchpad.net/neutron/+bug/1542032
Summary: When the security groups and the Neutron firewall are active in Openstack, each and every VM virtual network interfaces (VNIC) is isolated in a Linux bridge and IP reassembly must be performed in order to allow firewall inspection of the traffic. The reassembled traffic sometimes exceed the capacity of the physical interfaces and the traffic is not forwarded properly.
Environment
Red Hat OpenStack Platform 8.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.