On Thu, Aug 14, 2014 at 2:48 PM, Tom Horsley <horsley1953 at gmail.com> wrote: > >> Seems like a horrible thing to do, but does it fix it if you mount with >> rsize=1500, wsize=1500 - or maybe 1484? > > I already tried that - no change :-). It just seems very wrong for the NFS device to be sending 1516 bytes - and to set DF on the packet. What OS is it and what does it say about its own MTU? Physically, ethernet will accommodate 1518-1522 to allow VLAN tagging but you shouldn't have that without knowing about it (and your swiitch ports configured to trunk). >> Are you just bridging to the NIC interface? I don't see why that >> would need to change the packets at all. What happens if you ping >> with a large -s value through the bridge (host or external box to >> guest)? > > There are two NICs. The one with the bridge is also running a subnet > with the virtual machines and one real machine on the NIC. The other > NIC is connected to the wider world of our local LAN where the NFS > servers reside, so the host has to operate as a gateway for the traffic > from the LAN to the virtual machine subnet. I think dropping the packet is actually the correct thing in that scenario. It should not forward something larger than the next interface's MTU and if the DF bit is set it can't fragment there. If you have IP's to spare on the NFS subnet, you might get away with bridging there and adding a virtual NIC to the guest(s) that need access. -- Les Mikesell lesmikesell at gmail.com