This mailing list thread has more details: <a href="http://lists.centos.org/pipermail/centos/2014-August/145056.html">http://lists.centos.org/pipermail/centos/2014-August/145056.html</a> [<a href="http://lists.centos.org/pipermail/centos/2014-August/145056.html" target="_blank">^</a>]<br />
<br />
I have a system acting as a KVM host as well as a gateway to the separate subnet where all the virtual machines run on a bridge network setup.<br />
<br />
Inside the virtual machines, I have NFS mounts, some of which are to old servers that only talk nfsvers=3 and UDP protocol.<br />
<br />
When I do something like a "ls" command that will cause a readdir on the NFS filesystem which will require several UDP packets worth of a response, the NFS server generates a reply with several 1500 byte responses linked together (1500 is the MTU of absolutely every single interface involved in this process). These packets are all marked as "Don't Fragment", however, the centos7 system acting as the gateway always generates an ICMP error saying the packet is too big and needs to be fragmented.<br />
<br />
This was all happening with the kernel-3.10.0-123.6.3.el7.x86_64 rpm.<br />
<br />
After much desperate poking around, I tried copying the 3.15.8-200.fc20.x86_64<br />
kernel from my Fedora 20 desktop to the centos7 KVM host machine. When I boot it, all the UDP forwarding started working perfectly. My virtual machines can all access NFS mounts, etc. This led me to believe a kernel bug is involved :-).
↧