Skip to content

Commit

Permalink
Use 65000 MTU upper bound for interfaces in encap mode (#5997) (#6005)
Browse files Browse the repository at this point in the history 
OVS configures the MTU for tunnel ports to 65000.
In some cases (e.g., Kind clusters), the MTU of the transport interface
can be larger than that, and so can be the calculated MTU of antrea-gw0
and of Pod interfaces. When this happens, packets can be dropped.
To handle this edge case (real clusters are unlikely to use that kind of
MTU), we set an upper bound of 65000 for the calculated MTU.

Note that setting the tunnel port's MTU to 65535, or even to the
calculated MTU, is not an option, as it may not work on all systems.

An alternative would be to find the MTU for the tunnel interface
dynamically and use that as an upper bound, rather than rely on this
hardcoded constant (65000). However, that constant has remained
unchanged for 7 years, and finding the MTU dynamically would require
re-organizing the Agent initialization code, as we currently caclulate
the MTU before creating the OVS tunnel port. So the current solution
seems lower risk. Even if the constant is changed in OVS, it should not
have any real impact on Antrea.

Fixes #5940

Signed-off-by: Antonin Bas <[email protected]>
  • Loading branch information
@antoninbas
antoninbas authored Feb 22, 2024
1 parent 3aaef1e commit 0049ad9
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions pkg/agent/agent.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,14 @@ const (
roundNumKey = "roundNum" // round number key in externalIDs.
initialRoundNum = 1
maxRetryForRoundNumSave = 5
// On Linux, OVS configures the MTU for tunnel interfaces to 65000.
// See https://github.com/openvswitch/ovs/blame/3e666ba000b5eff58da8abb4e8c694ac3f7b08d6/lib/dpif-netlink-rtnl.c#L348-L360
// There are some edge cases (e.g., Kind clusters) where the transport Node's MTU may be
// larger than that (e.g., 65535), and packets may be dropped. To account for this, we use
// 65000 as an upper bound for the MTU calculated in getInterfaceMTU, when encap is
// supported. For simplicity's sake, we also use this upper bound for Windows, even if it
// does not apply.
ovsTunnelMaxMTU = 65000
)

var (
Expand Down Expand Up @@ -1197,6 +1205,11 @@ func (i *Initializer) getInterfaceMTU(transportInterface *net.Interface) (int, e

isIPv6 := i.nodeConfig.NodeIPv6Addr != nil
mtu -= i.networkConfig.CalculateMTUDeduction(isIPv6)
if i.networkConfig.TrafficEncapMode.SupportsEncap() {
// See comment for ovsTunnelMaxMTU constant above.
mtu = min(mtu, ovsTunnelMaxMTU)
}

return mtu, nil
}

Expand Down

0 comments on commit 0049ad9

Please sign in to comment.