Bug ID 826349: VXLAN tunnel might fail due to misbehaving NIC checksum offload

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5

Fixed In:
15.1.0, 14.1.4.6

Opened: Sep 13, 2019

Severity: 3-Major

Symptoms

Some NICs, e.g., on BIG-IP 2000/4000 platforms, perform checksum offloading for UDP, and erroneously mark a 0 (zero) checksum as a checksum failure, even though the UDP header includes an optional, 16-bit one's complement checksum that provides an integrity check. If the computed checksum is 0, it is transmitted as all ones. In this case the NIC should accept the checksum, but it does not.

Impact

VXLAN tunnel fails.

Conditions

NIC offload checksum of 0.

Workaround

None.

Fix Information

The VXLAN tunnel now ignores invalid checksums if the checksum is 0.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips