The public repositories for Rocky 9 Linux received a kernel patch which resulted in very poor network performance on Nutanix VM’s. This I logged https://forums.rockylinux.org/t/rocky-9-5-slow-network-bad-gso/16588 22nd November. The estimated fix is to be early February.

I worked around it at the time by leaving the few machines I had applied it on to use an older kernel.

grubby --set-default /boot/vmlinuz-5.14.0-427.24.1.el9_4.x86_64

However, with such a delay, I need to patch on a large number of machines and am not happy with running this old kernel. Instead I will go for a workaround.

[Unit]
Description=Disable GRO on default network interface
After=network-online.target

[Service]
Type=oneshot
ExecStart=sh -c '/sbin/ethtool -K "$(/sbin/ip ro | awk \'/default/ {print $5}\')" rx-gro-hw off'
RemainAfterExit=false

[Install]
WantedBy=multi-user.target

So this systemd service will run once on boot and set this feature to off on machines where applied. The overhead is to deploy and run it everywhere, and also probably to remove it later.

Normally this feature is set to on with Rocky 9 on Nutanix VM’s so should be put back.

It was fixed very quickly on the CentOS 8 stream so this is very tardy for Rocky and AlmaLinux (I can”t see it mentioned on the Alma forum).

This is not the first time we have had issues patching directly from public repositories. We should consider using katello which is a plugin on foreman to control what set of patches actually go on.