Bug#726676: Debian bug #726676: linux-image-3.10-3-amd64: TCP packet loss when using proxy ARP IP addresses

To: John Hughes <john@atlantech.com>, 726676@bugs.debian.org
Subject: Bug#726676: Debian bug #726676: linux-image-3.10-3-amd64: TCP packet loss when using proxy ARP IP addresses
From: Andris Kalnozols <andris@hpl.hp.com>
Date: Fri, 15 Nov 2013 02:51:37 -0800
Message-id: <[🔎] 5285FCB9.7070508@hpl.hp.com>
Reply-to: Andris Kalnozols <andris@hpl.hp.com>, 726676@bugs.debian.org
In-reply-to: <[🔎] 5285F483.4010104@atlantech.com>
References: <[🔎] 5285F483.4010104@atlantech.com>

John Hughes wrote:
> Hi Andris, I've run across a bug that looks very like the one you 
> reported, but my analysis is rather different.
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729567
> 
> As far as I can tell the problem I'm seeing is:
> 
> The LAN NIC on the machine running the OpenVPN server has the 
> "generic-receive-offload" (GRO) option set, so it combines TCP segments 
> coming from the LAN and destined for one of the OpenVPN clients into one 
> big segment.
> 
> However this segment is bigger than the MTU on the OpenVPN tunnel, so 
> when it gets routed out to the tunnel it gets split up into smaller 
> segments.
> 
> But the kernel seems to forget to calculate the TCP checksum for these 
> segments, so when they are received by the OpenVPN client they are 
> discarded, and have to be retransmitted one by one.

This is certainly a much more in-depth analysis than my topical
observation.  My packet captures did indeed show a great number
of checksum errors and retransmissions.

> Do you have GRO set on the LAN interface of your OpenVPN server?

It does indeed appear to be enabled:

----------------------------------------------
gundega# ethtool -k eth0
Features for eth0:
rx-checksumming: on
tx-checksumming: on
        tx-checksum-ipv4: on
        tx-checksum-unneeded: off [fixed]
        tx-checksum-ip-generic: off [fixed]
        tx-checksum-ipv6: off [fixed]
        tx-checksum-fcoe-crc: off [fixed]
        tx-checksum-sctp: off [fixed]
scatter-gather: on
        tx-scatter-gather: on
        tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: on
        tx-tcp-segmentation: on
        tx-tcp-ecn-segmentation: on
        tx-tcp6-segmentation: off [fixed]
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: on
generic-receive-offload: on            <<<<<<<<<
large-receive-offload: off [fixed]
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: on
highdma: on [fixed]
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: on
loopback: off [fixed]
----------------------------------------------

> Does turning it off make your system work better?

I will do some testing during the downtime this Sunday and
let you know.  Thanks very much, John, for the insight.

Regards,
Andris

Reply to:

References:
- Bug#726676: Debian bug #726676: linux-image-3.10-3-amd64: TCP packet loss when using proxy ARP IP addresses
  - From: John Hughes <john@atlantech.com>

Prev by Date: Bug#726676: Debian bug #726676: linux-image-3.10-3-amd64: TCP packet loss when using proxy ARP IP addresses
Next by Date: Bug#723177: linux-image-3.10-3-kirkwood: please build with CONFIG_MARVELL_PHY=m
Previous by thread: Bug#726676: Debian bug #726676: linux-image-3.10-3-amd64: TCP packet loss when using proxy ARP IP addresses
Next by thread: Processed: found 727041 in 3.11.8-1
Index(es):
- Date
- Thread