Knowledge Search


[NFX] SSH traffic to Ubuntu VNF Fails Possibly Due to TCP Checksum Error

  [KB32371] Show Article Properties


This article provides a workaround for packet drops that occur when attempting to send any type of TCP traffic (like SSH or FTP) to Ubuntu or any other Linux VNF.


When attempting to send any type of TCP traffic (like SSH or FTP) to Ubuntu or any other Linux VNF, packets drop. When you look on a Wireshark capture, TCP Checksum errors are observed.


This is due to a limitation of OVS-br being able to handle TCP packets when TCP offload is enabled on the Linux NIC.

There could be packet drop issues when passing TCP traffic from one VNF to another because of TCP checksum errors. This is due to a virtual driver using TCP Offload, which takes the processing off of the CPU and transfers it to the Ethernet driver. When doing a PCAP, you can see the evidence of a checksum error.


You can work around this issue by either disabling TCP offloading from the interface in the Ubuntu or Linux based VNF, or by configuring the VNF interface for offloads disable, which is available in Junos OS release 15.1X53-D471 and later.

Method 1: Disable TCP offload from the interface in Ubuntu or Linux

In Ubuntu, the following commands can be used to disable TCP Offloading:

ethtool -K <intf> tso off
ethtool -K <intf> gso off
ethtool -K <intf> tx off

To verify the TCP Checksum status on the interface, issue the command ethtool -k <intf>.

root@ubuntu:/home/ubuntu# ethtool -k ens5
Features for ens5:
rx-checksumming: on [fixed]
tx-checksumming: off
        tx-checksum-ipv4: off [fixed]
        tx-checksum-ip-generic: off
        tx-checksum-ipv6: off [fixed]
        tx-checksum-fcoe-crc: off [fixed]
        tx-checksum-sctp: off [fixed]
scatter-gather: on
        tx-scatter-gather: on
        tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: off
        tx-tcp-segmentation: off
        tx-tcp-ecn-segmentation: off [fixed]
        tx-tcp6-segmentation: off
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: off
generic-receive-offload: on
large-receive-offload: off [fixed]
rx-vlan-offload: off [fixed]
tx-vlan-offload: off [fixed]
ntuple-filters: off [fixed]
receive-hashing: off [fixed]
highdma: on [fixed]
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: on [fixed]
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: off [fixed]
tx-ipip-segmentation: off [fixed]
tx-sit-segmentation: off [fixed]
tx-udp_tnl-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: off
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off [fixed]
tx-vlan-stag-hw-insert: off [fixed]
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
l2-fwd-offload: off [fixed]
busy-poll: on [fixed]
hw-tc-offload: off [fixed]

Method 2: Disable offload when spinning up a VNF

With Junos OS release 15.1X53-D471 and later, when you specify the VNF interface, one of the options is to specify offloads disable.

For example, assume that you have an Ubuntu VNF that you are building and the JDM interface is eth4. The corresponding configuration to configure offloads disable is the following:

set virtual-network-functions ubuntu eth4 offloads disable

Modification History:

2019-09-17: Added configuration in JDM to set the interface to offloads disable

Related Links: