UDP/TDP checksum offload does not work with some NIC vendors

[ss7pro]

What happened?
Some NIC vendors like Intel/mellanox have challanges with implementing tcp/udp checksum offload for ipip tunnels. Other CNI vendors already implemented a workaround [1]. Kube-router should have an option to allow the same through configuration setting,.

[1] kubernetes-sigs/kubespray#8992

What did you expect to happen?
Implement a configuration option that would enable disabling outgoing checksum on tun interfaces during their creation.

How can we reproduce the behavior you experienced?
Steps to reproduce the behavior:

1. Use MLX OFED 5.6 drivers with connect x-4 NIC.
2. UDP traffic to dns would have wrong checksum.

**Screenshots / Architecture Diagrams / Network Topologies **
More details here: kubernetes-sigs/kubespray#8992

** System Information (please complete the following information):**

• Kube-Router Version (kube-router --version): trunk
• Kube-Router Parameters: -run-router --run-service-proxy --enable-overlay --overlay-type=full

** Logs, other output, metrics **

length 80)
10.180.17.207 > 10.180.16.203: IP (tos 0x0, ttl 63, id 2094, offset 0, flags [DF], proto UDP (17), length 60)
10.230.68.8.51072 > 10.230.14.151.53: [bad udp cksum 0x68a4 -> 0x8933!] 48320+ TXT

[aauren]

I don't necessarily think that this is a kube-router problem. In the linked issues that you sent, it looks like it was fixed at the kube-spray (i.e. k8s orchestrator) level.

In any case, I think that this is really more of an OS / ethernet device issue. I would suggest that if users have that particular issue that part of their orchestration tooling should handle disabling packet offloading features of the driver / nic. To me, it feels like having kube-router do something like this on behalf of the user either through a configuration flag or automatically would be exceeding kube-router's functionality and potentially be too opinionated for a container networking tool.