We recently deployed Cisco Nexus's 7k's. After we did so our nfsv3 clients that used UDP protocol were unable to read the files off NFS shares from our Solaris NFS servers. After lots of head scratching and packet traces I finally came across this which describes our issue exactly: https://learningnetwork.cisco.com/message/18860
The Cisco Nexus 7k ships with this setting enabled by default: "hardware ip verify fragment". This is some security feature which purpose I don't understand. But what I do know is that this setting appears to cause the Nexus to drop IP packets that have the Don't Fragment (DF) bit set and a non-zero offset. I've verified this behavior by observing packet traces on the NFS client and the NFS server and can see packets with DF set and non-zero offsets getting dropped by the switch. Apparently Solaris sets the DF bit by default on all packets. I was hoping there's someone with enough knowledge on list to answer these questions 1) Why does Solaris set the DF bit on all packets, even fragmented packets? This seems odd to me. 2) So far the only thing we've seen that sends out fragmented packets with the DF bit set is Solaris NFS servers using UDP protocol. Are there other applications that do this that anyone is aware of? Thanks, Alex _______________________________________________ networking-discuss mailing list [email protected]
