From c928995ac9764021ee3494587b4aec6816adb082 Mon Sep 17 00:00:00 2001 From: Jiajing Hu Date: Mon, 15 Jan 2024 22:15:03 +0800 Subject: [PATCH] Bugfix: fix incorrect Pod eth0 MTU when using WireGuard When the WireGuard tunnel is enabled, the Pod eth0's MTU is not correct. The MTU only deducts Geneve overhead because the default tunnel type is Geneve. This patch check the TrafficEncryptionMode when calculate the MTU deduction, when the TrafficEncryptionMode is WireGuard, then it will deducts the WG overhead. --- pkg/agent/config/node_config.go | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/pkg/agent/config/node_config.go b/pkg/agent/config/node_config.go index ebba7f3da9e..fc666d6f16b 100644 --- a/pkg/agent/config/node_config.go +++ b/pkg/agent/config/node_config.go @@ -268,12 +268,18 @@ func (nc *NetworkConfig) CalculateMTUDeduction(isIPv6 bool) int { var mtuDeduction int // When Multi-cluster Gateway is enabled, we need to reduce MTU for potential cross-cluster traffic. if nc.TrafficEncapMode.SupportsEncap() || nc.EnableMulticlusterGW { - if nc.TunnelType == ovsconfig.VXLANTunnel { - mtuDeduction = vxlanOverhead - } else if nc.TunnelType == ovsconfig.GeneveTunnel { - mtuDeduction = geneveOverhead - } else if nc.TunnelType == ovsconfig.GRETunnel { - mtuDeduction = greOverhead + if nc.TrafficEncryptionMode == TrafficEncryptionModeWireGuard { + mtuDeduction = WireGuardOverhead + } else if nc.TrafficEncryptionMode == TrafficEncryptionModeIPSec { + mtuDeduction = IPSecESPOverhead + } else { + if nc.TunnelType == ovsconfig.VXLANTunnel { + mtuDeduction = vxlanOverhead + } else if nc.TunnelType == ovsconfig.GeneveTunnel { + mtuDeduction = geneveOverhead + } else if nc.TunnelType == ovsconfig.GRETunnel { + mtuDeduction = greOverhead + } } }