Description Philipp Hahn 2013-11-06 17:45:26 CET

KVM 1: Windows 7 with VirtIO NIC
KVM 2: UCS-3.2 dhcpd with 2 VirtIO NICs

The Windows VM does not get a DHCP lease from the UCS system.
tcpdump on the host and on the UCS systems shows the DHCP requests arriving on UDP port bootps, but dhcpd logs an error message:
> 5 bad udp checksums in 5 packets

The issue is described for example in <https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/930962>:

The VirtIO-NIC offers offload capabilities for computing TCP/UDP checksums, so the OS does not compute the checksum itself and leaves this task to the NIC.
Since both VMs are running on the same host, the host just copies the packets without calculating the checksums too.
The packets arrive on the destination host without the checksums never ever been calculated. dhcpd then complains about that.

> iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill
is not available for our kernel 3.10 and our iptables-1.4.8-3.16.201104210219.

Debian: unfixed <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717215>
Fedora patch: <http://pkgs.fedoraproject.org/gitweb/?p=dhcp.git;a=blob;f=dhcp-4.2.2-xen-checksum.patch;h=038d346d726e131f1ab2579fe015a72b49733a0d;hb=HEAD>


Workaround 1: Use e1000 instead of virtio

Workaround 2: Disable checksum offloading:

On Windows:
Netzwerk und Internet → Netzwerk- und Freigabecenter → LAN-Verbindung → Eigenschaften → Konfigurieren → Erweitert →
IPv4 Checksum Offload: Disabled
Offload.Rx.Checksum: Disabled
Offload.Tx.Checksum: Disabled
TCP Checksum Offload (IPv4): Disabled
UDP Checksum Offload (IPv4): Disabled

On UCS:
ucr set repository/online/unmaintaned=yes
univention-install ethtool
ethtool -K eth1 tx off