If you have a mix of WireGuard and either IP in IP or VXLAN in your cluster, you should configure the MTU to be the smallest of the values of each encap type. WireGuard sets the Don’t Fragment (DF) bit on its packets, and so the MTU for WireGuard on AKS needs to be set to 60 bytes below the 1400 MTU of the underlying network to avoid dropped packets. When using AKS, the underlying network has an MTU of 1400, even though the network interface will have an MTU of 1500. (IP in IP uses a 20-byte header, VXLAN uses a 50-byte header, and WireGuard uses a 60-byte header ). The extra overlay header used in IP in IP, VXLAN and WireGuard protocols, reduces the minimum MTU by the size of the header. Because MTU is a global property of the network path between endpoints, you should set the MTU to the minimum MTU of any path that packets may take. The following table lists common MTU sizes for Calico environments. Before you begin…įor help on using IP in IP and/or VXLAN overlays, see Configure overlay networking.įor help on using WireGuard encryption, see Configure WireGuard encryption. Disable any unused encapsulations ( vxlanEnabled, ipipEnabled, and wireguardEnabled) in your felix configuration to ensure that auto-detection can pick the optimal MTU for your cluster. To ensure auto-detection of MTU works correctly, make sure that the correct encapsulation modes are set in your felix configuration. Of MTU by providing an explicit value if needed. This guide explains how you can override auto-detection The improvement is often more significant when pod to pod traffic is being encapsulated (IP in IP, VXLAN, or WireGuard), and splitting and combining such traffic cannot be offloaded to your NICs.īy default, Calico will auto-detect the correct MTU for your cluster based on node configuration and enabled networking modes. Maximum bandwidth increases and CPU consumption may drop for a given traffic rate. In general, maximum performance is achieved by using the highest MTU value that does not cause fragmentation or dropped packets on the path. MTU is configured on the veth attached to each workload, and tunnel devices (if you enable IP in IP, VXLAN, or WireGuard). The maximum transmission unit (MTU) setting determines the largest packet size that can be transmitted through your network. This how-to guide uses the following Calico features: Increasing the MTU can improve performance, and decreasing the MTU can resolve packet loss and fragmentation problems when it is too high. Optimize network performance for workloads by configuring the MTU in Calico to best suit your underlying network. Configure the maximum transmission unit (MTU) for your Calico environment.
0 kommentar(er)
