- Containers are configured in bridged networking mode.
- TCP/UDP Packets, larger than the MTU size (1500 bytes), are getting dropped on leaving the containers.
- The issue may affect some complex applications, which highly depend on network activity.
The issue is recognized as a kernel bug with internal ID PSBM-26316: fragmented packets are getting dropped by the bridge.
There are two possible workarounds:
Disable bridge-netfilter on the node:
# echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables # echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
This solution breaks private network functionality.
Enable conntracks on the node. The procedure is described in details in the following article:
The permanent fix is included in
2.6.32-042stab092.1 kernel. Update the PCS node to the latest available version.