Bug 1684341 - firewall_driver openvswitch does not support fragmentation
Summary: firewall_driver openvswitch does not support fragmentation
Keywords:
Status: CLOSED DUPLICATE of bug 1639173
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openvswitch
Version: 10.0 (Newton)
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Aaron Conole
QA Contact: Roee Agiman
URL:
Whiteboard:
Depends On: 1639173
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-01 02:07 UTC by Chen
Modified: 2019-07-01 16:56 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-07-01 16:56:05 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Chen 2019-03-01 02:07:07 UTC 
Description of problem:

firewall_driver openvswitch doesn't support fragmentation

Version-Release number of selected component (if applicable):

openvswitch-2.9.0-19.el7fdp.1.x86_64     
firewall_driver = openvswitch
OVS-DPDK

How reproducible:

100%

Steps to Reproduce:
1. Login the VM
2. Ping outside with the packet size > 1500
3. The ping packet can not reach outside
4. Capture the packets on vhu interface and no ICMP packets could be captured.

Actual results:


Expected results:


Additional info:

The ping will work if either

1. Security group is disabled
2. firewall_driver is set to NoopFirewallDriver

So it is possible that the native openvswitch firewall driver dropped the fragmented packets somewhere on the br-int ?
Comment 4 Aaron Conole 2019-07-01 16:56:05 UTC 

*** This bug has been marked as a duplicate of bug 1639173 ***
Note You need to log in before you can comment on or make changes to this bug.