Tom Horsley
2014-Aug-14 16:00 UTC
[CentOS] Centos 7 as gateway - UDP performance is busted/awful?
I just replaced a dead system disk on my KVM host that was running an ancient fedora 13. Since centos 7 was available, I decided to go with it to get some long term stability. The problem is that NFS mounts inside the virtual machines don't work for spit when talking to older NFS servers that must speak UDP. Is there something about UDP traffic that requires tweaks I don't know about for centos 7 to serve as a gateway machine? I've got the ip forwarding settings and other sysctl stuff that was set in the old fedora 13 system. I've got the bridges defined that same way as the old f13 system. I've got TCP stream connections working flawlessly, it is just the UDP traffic that seems to barf. Does this strike a familiar note with anyone? When I run wireshark on the KVM host machine, I see NFS packets retransmitting a lot and I also see ICMP messages about Destination Unreachable, Fragmentation Needed. (I don't know what any of it means though :-). This is an intel motherboard with these ethernets: 04:00.0 Ethernet controller: Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) (rev 01) 04:00.1 Ethernet controller: Intel Corporation 80003ES2LAN Gigabit Ethernet Controller (Copper) (rev 01)
Tony Mountifield
2014-Aug-14 17:05 UTC
[CentOS] Centos 7 as gateway - UDP performance is busted/awful?
In article <20140814120002.16440e86 at tomh>, Tom Horsley <horsley1953 at gmail.com> wrote:> I just replaced a dead system disk on my KVM host that was > running an ancient fedora 13. Since centos 7 was available, > I decided to go with it to get some long term stability. > > The problem is that NFS mounts inside the virtual machines > don't work for spit when talking to older NFS servers that > must speak UDP. > > Is there something about UDP traffic that requires tweaks > I don't know about for centos 7 to serve as a gateway machine? > I've got the ip forwarding settings and other sysctl stuff > that was set in the old fedora 13 system. > > I've got the bridges defined that same way as the old f13 > system. > > I've got TCP stream connections working flawlessly, it is > just the UDP traffic that seems to barf. > > Does this strike a familiar note with anyone? > > When I run wireshark on the KVM host machine, I see > NFS packets retransmitting a lot and I also see ICMP > messages about Destination Unreachable, Fragmentation > Needed. (I don't know what any of it means though :-).This means that either the host or one of the guests is trying to send packets with a larger MTU than part of the path to the destination will allow. If you look inside the ICMP packet in wireshark, it will tell you who sent it and what MTU they said was acceptable. For TCP, the protocol stack is able to adapt by reducing its MSS dynamically in response to those ICMPs and retry. I don't think UDP is able to do that. Also examine the MTU settings for your network interfaces on both the host and the guests, using ifconfig -a. Cheers Tony -- Tony Mountifield Work: tony at softins.co.uk - http://www.softins.co.uk Play: tony at mountifield.org - http://tony.mountifield.org