From 5cf1924dd7f79339441f992e2ef5b951d3917e9a Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Wed, 6 May 2020 10:29:32 +0300 Subject: [PATCH] Disable TX checksum offload for Flannel VXLAN --- nodeup/pkg/model/network.go | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/nodeup/pkg/model/network.go b/nodeup/pkg/model/network.go index 34866ef58117b..a29d4eb684385 100644 --- a/nodeup/pkg/model/network.go +++ b/nodeup/pkg/model/network.go @@ -21,6 +21,8 @@ import ( "path/filepath" "golang.org/x/sys/unix" + "k8s.io/klog" + "k8s.io/kops/pkg/systemd" "k8s.io/kops/upup/pkg/fi" "k8s.io/kops/upup/pkg/fi/nodeup/nodetasks" ) @@ -112,6 +114,13 @@ WantedBy=multi-user.target } } + // Tx checksum offloading is buggy for NAT-ed VXLAN endpoints, leading to an invalid checksum sent and causing + // Flannel to stop to working as the traffic is being discarded by the receiver. + // https://github.com/coreos/flannel/issues/1279 + if networking != nil && (networking.Canal != nil || (networking.Flannel != nil && networking.Flannel.Backend == "vxlan")) { + c.AddTask(b.buildFlannelTxChecksumOffloadDisableService()) + } + return nil } @@ -134,3 +143,27 @@ func (b *NetworkBuilder) addCNIBinAsset(c *fi.ModelBuilderContext, assetName str return nil } + +func (b *NetworkBuilder) buildFlannelTxChecksumOffloadDisableService() *nodetasks.Service { + const serviceName = "flannel-tx-checksum-offload-disable.service" + + manifest := &systemd.Manifest{} + manifest.Set("Unit", "Description", "Disable TX checksum offload on flannel.1") + + manifest.Set("Unit", "After", "sys-devices-virtual-net-flannel.1.device") + manifest.Set("Install", "WantedBy", "sys-devices-virtual-net-flannel.1.device") + manifest.Set("Service", "Type", "oneshot") + manifest.Set("Service", "ExecStart", "/sbin/ethtool -K flannel.1 tx-checksum-ip-generic off") + + manifestString := manifest.Render() + klog.V(8).Infof("Built service manifest %q\n%s", serviceName, manifestString) + + service := &nodetasks.Service{ + Name: serviceName, + Definition: s(manifestString), + } + + service.InitDefaults() + + return service +}