NSX T Backed VM Fails to Mount on NFS v3 Storage Solution
Article ID: 330397
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
When attempting to mount a VM backed by an NSX T L2 Segment to a NFS v3 shared storage solution, the mount fails with the following error:
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting <NFS Server>:/file-path-of-share
An NSX T Gateway (Tier 0 or Tier 1) resides in the datapath of the VM and the NFS V3 storage solution that is performing Network Address Translation as a service (NAT).
When attempting to mount a VM backed by an NSX T L2 Segment to a NFS v3 shared storage solution, the mount fails with the following error:
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting <NFS Server>:/file-path-of-share
An NSX T Gateway (Tier 0 or Tier 1) resides in the datapath of the VM and the NFS V3 storage solution that is performing Network Address Translation as a service (NAT).
Environment
VMware NSX-T Data Center
Cause
NFS v3 relies on a TCP source port in the range of 1-1024 during initial mount. NSX T Gateways enact stateful Network Address Translation when using SNAT or DNAT options. By default, NAT creates a new TCP stateful session after address translation and thus the TCP source port will change. By default, NAT uses TCP source ports between 20,000 and 65,000.
Resolution
Workaround:
Configure a Reflexive NAT rule in place of the existing NAT rule being utilized. A Reflexive NAT rule is a stateless NAT rule. This means that the same TCP session passes through the IP address translation and thus the necessary NFS v3 source port passes the NSX T Gateway unchanged -- avoiding Port Address Translation (PAT).
Feedback
Yes
No
Powered by
