TCP checksum issues when using kernel space OVS with netdev datapath in Red Hat OpenStack Platform

Solution In Progress - Updated -


In kernel space networking with OVS, nova and neutron connect an instance's virtio interface to the virtual network via a tap interface. When the iptables hybrid firewall driver is used, this tap port is plugged into a Linux bridge named qbr<ID> which in turn is connected to OVS via a veth pair: qvb<ID> on the side of the Linux bridge, qvo<ID> on the side of the OVS bridge. Due to misconfiguration, the netdev datapath type of the OVS bridge might be switched to datapath type netdev. Issues occur with TCP checksum offloading when kernel space Open vSwitch is used and the bridge is switched to datapath_type=netdev.

A clear symptom of the above is that metadata agent won't work and curl does not work from within the instance. Unless one executes ethtool -K eth0 tx off within the instance, in case of which metadata agent and curl start working again. It is also possible to run ethtool -K qvb<ID> tx off` on the qvb interface of the hypervisor associated to the instance to work around this.


Red Hat OpenStack Platform 10
Red Hat OpenStack Platform 13
Open vSwitch 2.9

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content