Symptoms
Download speed sometimes reduced to zero bytes/sec.Capture on the uplink interface of edge shows invalid checksum.
Example: pktcap-uw --switchport 33554442 --ip 110.4.45.65 --dir 2 -o -| tcpdump-uw -vvvenr -
19:21:51.665646 00:50:56:83:e3:d5 > 00:0c:29:3f:42:30, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 57, id 26267, offset 0, flags [DF], proto TCP (6), length 1500)
110.4.45.65.80 > 172.20.188.90.50002: Flags [.], cksum 0x0000 (incorrect -> 0xd50a), seq 0:1460, ack 1, win 62, length 1460: HTTP
19:21:52.469882 00:50:56:83:e3:d5 > 00:0c:29:3f:42:30, ethertype IPv4 (0x0800), length 1514: (tos 0x0, ttl 57, id 26268, offset 0, flags [DF], proto TCP (6), length 1500)
110.4.45.65.80 > 172.20.188.90.50002: Flags [.], cksum 0x0000 (incorrect -> 0xd50a), seq 0:1460, ack 1, win 62, length 1460: HTTP
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Cause
A TCP packet whose checksum is zero doesn't get the updated checksum after NAT when the packet hits a valid flow cache entry, Any other checksum than zero works as expected.
Impact / Risks
Network disconnect or less throughput
Resolution
The issue is resolved in NSX-T 3.1.2
Workaround
For workaround use any one of the following:Option 1: Disable NAT
- Login NSX-T manager UI- Networking > NAT OR
Option 2: Disable Flow-cache. - Login to NSX Edge as admin.
- set dataplane flow-cache disabled. - restart service dataplane(Restarting the dataplane service will temporarily impact the existing session flowing through the edge)
