Maidak Alexander J wrote: > We recently deployed Cisco Nexus's 7k's. After we did so our nfsv3 clients > that used UDP protocol were unable to read the files off NFS shares from our > Solaris NFS servers. After lots of head scratching and packet traces I > finally came across this which describes our issue exactly: > https://learningnetwork.cisco.com/message/18860
You may want to use NFSv3 over TCP instead. NFS over UDP has a bit of an uneven history. > The Cisco Nexus 7k ships with this setting enabled by default: "hardware ip > verify fragment". This is some security feature which purpose I don't > understand. But what I do know is that this setting appears to cause the > Nexus to drop IP packets that have the Don't Fragment (DF) bit set and a > non-zero offset. I've verified this behavior by observing packet traces on > the NFS client and the NFS server and can see packets with DF set and > non-zero offsets getting dropped by the switch. That sounds crack-headed to me. Even when (or _especially_ when) the DF bit is set, it's expected and acceptable to have the _sender_ emitting fragments. The DF bit is an instruction to intermediate routers -- "please don't fragment this _any further_" -- it is not something that the destination host or any intermediate node has any business whatsoever attempting to "verify." > Apparently Solaris sets the DF bit by default on all packets. I was hoping > there's someone with enough knowledge on list to answer these questions > > 1) Why does Solaris set the DF bit on all packets, even fragmented packets? > This seems odd to me. Path MTU discovery. See RFC 1191. Most modern systems do this. > 2) So far the only thing we've seen that sends out fragmented packets with > the DF bit set is Solaris NFS servers using UDP protocol. Are there other > applications that do this that anyone is aware of? Everything does, unless you turn off Path MTU Discovery using the ip_path_mtu_discovery ndd variable. -- James Carlson 42.703N 71.076W <[email protected]> _______________________________________________ networking-discuss mailing list [email protected]
