pkg: Do not set MTU greater than 1450 for VXLAN

MTU of a VXLAN interface in a pod VM becomes greater than 1450, which is the maximum allowed size for VxLAN packets, when a CNI plugin such as Calico IPIP uses a MTU greater than 1450. This may cause undesirable packet fragmentation. This patch fixes the issue. Fixes confidential-containers#67 Signed-off-by: Yohei Ueda <yohei@jp.ibm.com>
bpradipt · Jul 1, 2022 · 8db5ee9 · 8db5ee9
1 parent dfe40ba
commit 8db5ee9
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/pkg/podnetwork/tunneler/vxlan/podnode.go b/pkg/podnetwork/tunneler/vxlan/podnode.go
@@ -14,6 +14,7 @@ import (
 
 const (
 	podVxlanInterface = "vxlan0"
+	maxMTU            = 1450
 )
 
 type podNodeTunneler struct {
@@ -64,6 +65,9 @@ func (t *podNodeTunneler) Setup(nsPath string, podNodeIPs []net.IP, config *tunn
 	}
 
 	mtu := int(config.MTU)
+	if mtu > maxMTU {
+		mtu = maxMTU
+	}
 	if err := podNS.SetMTU(podVxlanInterface, mtu); err != nil {
 		return fmt.Errorf("failed to set MTU of %s to %d on %s: %w", podVxlanInterface, mtu, nsPath, err)
 	}