troubleshooting.md: add ethtool -K flannel.1 tx-checksum-ip-generic off for NAT
#1929
Conversation
AkihiroSuda
force-pushed
the
docs-tx-checksum
branch
2 times, most recently
from
fa2f7ab
to
d3d58f2
Compare
|
Hey, thanks for the PR. This is a workaround for a bug in some kernels or? If we do this, we would be creating a performance penalty in the kernels which fixed this, or? |
I'm not sure if this is a bug or a designed behavior on the kernel's side, but I guess the behavior may potentially change in a future version of kernel, perhaps with some sysctl. So I added the command only in |
Yes, it is supposed to be a kernel problem: kubernetes/kubernetes#88986 (comment) but TBH, I haven't seen a real fix in those versions stated in the comment |
|
@AkihiroSuda can you please fix the merge conflict ? |
…off` for NAT
When the public IP is behind NAT, the UDP checksum fields of the VXLAN packets can be corrupted.
In that case, try running the following commands to avoid corrupted checksums:
```bash
/usr/sbin/ethtool -K flannel.1 tx-checksum-ip-generic off
```
To automate the command above via udev, create `/etc/udev/rules.d/90-flannel.rules` as follows:
```
SUBSYSTEM=="net", ACTION=="add|change|move", ENV{INTERFACE}=="flannel.1", RUN+="/usr/sbin/ethtool -K flannel.1 tx-checksum-ip-generic off"
```
ref:
- flannel-io/flannel issue 1279
- kubernetes/kops PR 9074
- karmab/kcli@b1a8eff
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
AkihiroSuda
force-pushed
the
docs-tx-checksum
branch
from
d3d58f2
to
5295a0f
Compare
done |
Description
When the public IP is behind NAT, the UDP checksum fields of the VXLAN packets can be corrupted. In that case, try running the following commands to avoid corrupted checksums:
To automate the command above via udev, create
/etc/udev/rules.d/90-flannel.rulesas follows:ref:
Todos
(None)
Release Note