TCP checksum issues when using kernel space OVS with netdev datapath in Red Hat OpenStack Platform

Issue

In kernel space networking with OVS, nova and neutron connect an instance's virtio interface to the virtual network via a tap interface. When the iptables hybrid firewall driver is used, this tap port is plugged into a Linux bridge named qbr<ID> which in turn is connected to OVS via a veth pair: qvb<ID> on the side of the Linux bridge, qvo<ID> on the side of the OVS bridge. Due to misconfiguration, the netdev datapath type of the OVS bridge might be switched to datapath type netdev. Issues occur with TCP checksum offloading when kernel space Open vSwitch is used and the bridge is switched to datapath_type=netdev.

A clear symptom of the above is that metadata agent won't work and curl http://169.254.169.254 does not work from within the instance. Unless one executes ethtool -K eth0 tx off within the instance, in case of which metadata agent and curl start working again. It is also possible to run ethtool -K qvb<ID> tx off` on the qvb interface of the hypervisor associated to the instance to work around this.