[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] NFS problems in guest



Javier Guerra wrote:
> On Sunday 30 April 2006 1:34 am, Itai Tavor wrote:
>> Some people might wonder why they can't use ip_conntrack and have
>> reliable networking at the same time. Not me, though.
> 
> but i do wonder... is it that the original packets were bigger than usual 
> 1500bytes? if so, why?? what is the MTU at both ends? (NFS server and client)

On my machine I have MTUs of 1500 on all ethernet devices. 'ping -s 1500
somewhere' creates a packet that's just larger than 1500 bytes and it is
therefore fragmented before it is sent. The fragmented packages go from eth0 to
vif0.0 and then to xen-br0. _Without_ ip_conntract I see the packet fragmented
on eth0, vif0.0 and xen-br0. _With_ ip_conntract loaded I see the packet
fragmented at eth0 and vif0.0 but _not_ _on_ xen-br0. At xen-br0 the packets
have been defragmented and the resulting packet is larger than 1500 bytes (1500
bytes from fragment 1 + a few bytes but less than 1500 from fragment 2). Because
it is larger than the MTU of all participating devices in the bridge (1500
bytes) and a the bridge is not supposed to do fragmentation the packet is simply
dropped.

I'm not sure why ip_conntract defragments but not refragments the packets it
receives. Maybe it's not even supposed to refragment them and assumes the
network device will ... but a bridge does not as it works on the ethernet layer.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.