From 85a5a8a0c974dfb43adcbb0d096c2f3ebf271669 Mon Sep 17 00:00:00 2001 From: "Joshua M. Boniface" Date: Mon, 24 Jun 2019 16:35:52 -0400 Subject: [PATCH] Disable tx offloading on bridge interfaces Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717215#68 Without this, DHCP fails when traversing only the local bridge, for Debian Jessie or earlier (and possibly other OSes as well), due to the missing UDP checksums. This disables the offload and hence reenables the checksums even on the software-only bridge. Also rearranged the steps and added comments arround this section to better clarify what each command is doing. --- node-daemon/pvcd/VXNetworkInstance.py | 56 ++++++++++++++++++++------- 1 file changed, 42 insertions(+), 14 deletions(-) diff --git a/node-daemon/pvcd/VXNetworkInstance.py b/node-daemon/pvcd/VXNetworkInstance.py index a511f8f3..03445b53 100644 --- a/node-daemon/pvcd/VXNetworkInstance.py +++ b/node-daemon/pvcd/VXNetworkInstance.py @@ -420,6 +420,8 @@ add rule inet filter forward ip6 saddr {netaddr6} counter jump {vxlannic}-out prefix='VNI {}'.format(self.vni), state='o' ) + + # Create vLAN interface common.run_os_command( 'ip link add link {} name {} type vlan id {}'.format( self.vni_dev, @@ -427,18 +429,14 @@ add rule inet filter forward ip6 saddr {netaddr6} counter jump {vxlannic}-out self.vni ) ) + # Create bridge interface common.run_os_command( 'brctl addbr {}'.format( self.bridge_nic ) ) - common.run_os_command( - 'brctl addif {} {}'.format( - self.bridge_nic, - self.vlan_nic - ) - ) + # Set MTU of vLAN and bridge NICs vx_mtu = self.vni_mtu common.run_os_command( 'ip link set {} mtu {} up'.format( @@ -452,13 +450,29 @@ add rule inet filter forward ip6 saddr {netaddr6} counter jump {vxlannic}-out vx_mtu ) ) + + # Disable tx checksum offload on bridge interface (breaks DHCP on Debian < 9) + common.run_os_command( + 'ethtool -K {} tx off'.format( + self.bridge_nic + ) + ) + + # Disable IPv6 DAD on bridge interface common.run_os_command( - # Disable IPv6 DAD on bridge NICs 'sysctl net.ipv6.conf.{}.accept_dad=0'.format( self.bridge_nic ) ) + # Add vLAN interface to bridge interface + common.run_os_command( + 'brctl addif {} {}'.format( + self.bridge_nic, + self.vlan_nic + ) + ) + # Create managed network configuration def createNetworkManaged(self): self.logger.out( @@ -468,6 +482,8 @@ add rule inet filter forward ip6 saddr {netaddr6} counter jump {vxlannic}-out prefix='VNI {}'.format(self.vni), state='o' ) + + # Create VXLAN interface common.run_os_command( 'ip link add {} type vxlan id {} dstport 4789 dev {}'.format( self.vxlan_nic, @@ -475,18 +491,14 @@ add rule inet filter forward ip6 saddr {netaddr6} counter jump {vxlannic}-out self.vni_dev ) ) + # Create bridge interface common.run_os_command( 'brctl addbr {}'.format( self.bridge_nic ) ) - common.run_os_command( - 'brctl addif {} {}'.format( - self.bridge_nic, - self.vxlan_nic - ) - ) + # Set MTU of VXLAN and bridge NICs vx_mtu = self.vni_mtu - 50 common.run_os_command( 'ip link set {} mtu {} up'.format( @@ -500,13 +512,29 @@ add rule inet filter forward ip6 saddr {netaddr6} counter jump {vxlannic}-out vx_mtu ) ) + + # Disable tx checksum offload on bridge interface (breaks DHCP on Debian < 9) + common.run_os_command( + 'ethtool -K {} tx off'.format( + self.bridge_nic + ) + ) + + # Disable IPv6 DAD on bridge interface common.run_os_command( - # Disable IPv6 DAD on bridge NICs 'sysctl net.ipv6.conf.{}.accept_dad=0'.format( self.bridge_nic ) ) + # Add VXLAN interface to bridge interface + common.run_os_command( + 'brctl addif {} {}'.format( + self.bridge_nic, + self.vxlan_nic + ) + ) + def createFirewall(self): if self.nettype == 'managed': # For future use