Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[NFX] SSH traffic to Ubuntu VNF Fails Possibly Due to TCP Checksum Error

0

0

Article ID: KB32371 KB Last Updated: 17 Sep 2019Version: 2.0
Summary:

This article provides a workaround for packet drops that occur when attempting to send any type of TCP traffic (like SSH or FTP) to Ubuntu or any other Linux VNF.

Symptoms:

When attempting to send any type of TCP traffic (like SSH or FTP) to Ubuntu or any other Linux VNF, packets drop. When you look on a Wireshark capture, TCP Checksum errors are observed.

Cause:

This is due to a limitation of OVS-br being able to handle TCP packets when TCP offload is enabled on the Linux NIC.

There could be packet drop issues when passing TCP traffic from one VNF to another because of TCP checksum errors. This is due to a virtual driver using TCP Offload, which takes the processing off of the CPU and transfers it to the Ethernet driver. When doing a PCAP, you can see the evidence of a checksum error.

Solution:

You can work around this issue by either disabling TCP offloading from the interface in the Ubuntu or Linux based VNF, or by configuring the VNF interface for offloads disable, which is available in Junos OS release 15.1X53-D471 and later.

Method 1: Disable TCP offload from the interface in Ubuntu or Linux

In Ubuntu, the following commands can be used to disable TCP Offloading:

ethtool -K <intf> tso off
ethtool -K <intf> gso off
ethtool -K <intf> tx off

To verify the TCP Checksum status on the interface, issue the command ethtool -k <intf>.

root@ubuntu:/home/ubuntu# ethtool -k ens5
Features for ens5:
rx-checksumming: on [fixed]
tx-checksumming: off
        tx-checksum-ipv4: off [fixed]
        tx-checksum-ip-generic: off
        tx-checksum-ipv6: off [fixed]
        tx-checksum-fcoe-crc: off [fixed]
        tx-checksum-sctp: off [fixed]
scatter-gather: on
        tx-scatter-gather: on
        tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: off
        tx-tcp-segmentation: off
        tx-tcp-ecn-segmentation: off [fixed]
        tx-tcp6-segmentation: off
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: off
generic-receive-offload: on
large-receive-offload: off [fixed]
rx-vlan-offload: off [fixed]
tx-vlan-offload: off [fixed]
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: on [fixed]
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: on [fixed]
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: off [fixed]
tx-ipip-segmentation: off [fixed]
tx-sit-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: off
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off [fixed]
tx-vlan-stag-hw-insert: off [fixed]
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
l2-fwd-offload: off [fixed]
busy-poll: on [fixed]
hw-tc-offload: off [fixed]
root@ubuntu

Method 2: Disable offload when spinning up a VNF

With Junos OS release 15.1X53-D471 and later, when you specify the VNF interface, one of the options is to specify offloads disable.

For example, assume that you have an Ubuntu VNF that you are building and the JDM interface is eth4. The corresponding configuration to configure offloads disable is the following:

set virtual-network-functions ubuntu eth4 offloads disable

Modification History:

2019-09-17: Added configuration in JDM to set the interface to offloads disable

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search