John Hughes wrote:
> Hi Andris, I've run across a bug that looks very like the one you
> reported, but my analysis is rather different.
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729567
>
> As far as I can tell the problem I'm seeing is:
>
> The LAN NIC on the machine running the OpenVPN server has the
> "generic-receive-offload" (GRO) option set, so it combines TCP segments
> coming from the LAN and destined for one of the OpenVPN clients into one
> big segment.
>
> However this segment is bigger than the MTU on the OpenVPN tunnel, so
> when it gets routed out to the tunnel it gets split up into smaller
> segments.
>
> But the kernel seems to forget to calculate the TCP checksum for these
> segments, so when they are received by the OpenVPN client they are
> discarded, and have to be retransmitted one by one.
This is certainly a much more in-depth analysis than my topical
observation. My packet captures did indeed show a great number
of checksum errors and retransmissions.
> Do you have GRO set on the LAN interface of your OpenVPN server?
It does indeed appear to be enabled:
----------------------------------------------
gundega# ethtool -k eth0
Features for eth0:
rx-checksumming: on
tx-checksumming: on
tx-checksum-ipv4: on
tx-checksum-unneeded: off [fixed]
tx-checksum-ip-generic: off [fixed]
tx-checksum-ipv6: off [fixed]
tx-checksum-fcoe-crc: off [fixed]
tx-checksum-sctp: off [fixed]
scatter-gather: on
tx-scatter-gather: on
tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: on
tx-tcp-segmentation: on
tx-tcp-ecn-segmentation: on
tx-tcp6-segmentation: off [fixed]
udp-fragmentation-offload: off [fixed]
generic-segmentation-offload: on
generic-receive-offload: on <<<<<<<<<
large-receive-offload: off [fixed]
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off [fixed]
receive-hashing: on
highdma: on [fixed]
rx-vlan-filter: off [fixed]
vlan-challenged: off [fixed]
tx-lockless: off [fixed]
netns-local: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
fcoe-mtu: off [fixed]
tx-nocache-copy: on
loopback: off [fixed]
----------------------------------------------
> Does turning it off make your system work better?
I will do some testing during the downtime this Sunday and
let you know. Thanks very much, John, for the insight.
Regards,
Andris
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
