Web lists-archives.com

Difference Wheezy / Jessie TCP offloading




Hi all,

I'm looking after a XenServer (ie. from Citrix, not Xen Open Source)
that's running a couple of VMs. Those VMs are being migrated to a DMZ
behind a UTM appliance (which is also a VM running on the same
XenServer). The virtual hardware configuration of those VMs is virtually
(pun intended ;-) ) the same. They're all using the same virtualization
method (HVM).

It was necessary to disable TCP offloading to make this work for the
first couple of VMs that were migrated. These are all Debian Wheezy
(kernel  3.2.0-4-amd64). I did that at the VM level:

# ethtool --offload eth0 tx off rx off
Cannot change rx-checksumming
# ethtool -K eth0 rx off tx off sg off tso off ufo off gso off gro off
lro off
Cannot change rx-checksumming
Cannot change udp-fragmentation-offload
Cannot change large-receive-offload
#

and even though some of the ofload/checksumming could not be disabled,
it all works fine.

The next VM is a Debian Jessie VM (kernel 3.16.0-4-amd64). When I try to
disable TCP offloading at the VM level I get:

# ethtool --offload eth0 tx off rx off
Cannot change rx-checksumming
Could not change any device features
# ethtool -K eth0 rx off tx off sg off tso off ufo off gso off gro off
lro off
Cannot change rx-checksumming
Cannot change udp-fragmentation-offload
Cannot change large-receive-offload
Actual changes:
scatter-gather: off
    tx-scatter-gather: off
tcp-segmentation-offload: off
    tx-tcp-segmentation: off


However, a tcpdump on the virtualisation host shows checksum errors when
I try to access the Debian Jessie VM via the UTM appliance. No checksum
errors when accessing the Debian Wheezy VM.

[root@xenserver ~]# tcpdump -i eth0 -v -nn | grep incorrect
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
65535 bytes
    [IPremoved].22 > [IPremoved].41641: Flags [P.], cksum 0x1dd3
(incorrect -> 0x63d2), seq 228221313:228222304, ack 1348773693, win 227,
options [nop,nop,TS val 457298 ecr 3317501], length 991
    [IPremoved].22 > [IPremoved].41641: Flags [F.], cksum 0xc80f
(incorrect -> 0x0e0f), seq 991, ack 2, win 227, options [nop,nop,TS val
457672 ecr 3319672], length 0
    [IPremoved].22 > [IPremoved].41655: Flags [S.], cksum 0xfdff
(incorrect -> 0x43ff), seq 2663738003, ack 750476535, win 28960, options
[mss 1460,sackOK,TS val 457996 ecr 33199


I've also tried disabling TCP offloading on the virtualisation host (as
per https://support.citrix.com/article/CTX212540) but so far I've not
been successful in making it work for the Debian Jessie VMs.

Everything else being the same, it seems a VM that runs Debian Wheezy
works, while a VM that runs Debian Jessie does not.

Hence I'm sending this email to the debian-users list...

Suggestions much appreciated.

kind regards,

Jan