Documentation ¶
Overview ¶
Package mtu is a library for tracking and configuring MTU for devices and routes.
Index ¶
Constants ¶
const ( // MaxMTU is the highest MTU that can be used for devices and routes // handled by Cilium. It will typically be used to configure inbound // paths towards containers where it is guaranteed that the packet will // not be rerouted to another node, and therefore will not lead to // any form of IP fragmentation. // One might expect this to be 65535, however Linux seems to cap the // MTU of routes at 65520, so we use this value below. MaxMTU = 65520 // EthernetMTU is the standard MTU for Ethernet devices. It is used // as the MTU for container devices when running direct routing mode. EthernetMTU = 1500 // TunnelOverhead is an approximation for bytes used for tunnel // encapsulation. It accounts for: // (Outer ethernet is not accounted against MTU size) // Outer IPv4 header: 20B // Outer UDP header: 8B // Outer VXLAN header: 8B // Original Ethernet: 14B // --- // Total extra bytes: 50B TunnelOverhead = 50 // EncryptionIPsecOverhead is an approximation for bytes used for // encryption. Depending on key size and encryption type the actual // size may vary here we do calculations for 128B keys and Auth. The // overhead is accounted for as: // Outer IP header: 20B // SPI: 4B // Sequece Numbers: 4B // Next Header: 1B // ICV: 16B // Padding: 16B // 128bit Auth: 16B // --- // Total extra bytes: 77B EncryptionIPsecOverhead = 77 // EncryptionDefaultAuthKeyLength is 16 representing 128B key recommended // size for GCM(AES*) in RFC4106. Users may input other lengths via // key secrets. EncryptionDefaultAuthKeyLength = 16 // WireguardOverhead is an approximation for the overhead of wireguard // encapsulation. // // https://github.com/torvalds/linux/blob/v5.12/drivers/net/wireguard/device.c#L262: // MESSAGE_MINIMUM_LENGTH: 32B // Outer IPv4 or IPv6 header: 40B // Outer UDP header: 8B // --- // Total extra bytes: 80B WireguardOverhead = 80 )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Configuration ¶
type Configuration struct {
// contains filtered or unexported fields
}
Configuration is an MTU configuration as returned by NewConfiguration
func NewConfiguration ¶
func NewConfiguration(authKeySize int, encryptEnabled bool, encapEnabled bool, wireguardEnabled bool, mtu int, mtuDetectIP net.IP) Configuration
NewConfiguration returns a new MTU configuration. The MTU can be manually specified, otherwise it will be automatically detected. if encapEnabled is true, the MTU is adjusted to account for encapsulation overhead for all routes involved in node to node communication.
func (*Configuration) GetDeviceMTU ¶
func (c *Configuration) GetDeviceMTU() int
GetDeviceMTU returns the MTU to be used on workload facing devices.
func (*Configuration) GetRouteMTU ¶
func (c *Configuration) GetRouteMTU() int
GetRouteMTU returns the MTU to be used on the network. When running in tunneling mode and/or with encryption enabled, this will have tunnel and encryption overhead accounted for.
func (*Configuration) GetRoutePostEncryptMTU ¶ added in v1.14.0
func (c *Configuration) GetRoutePostEncryptMTU() int
GetRoutePostEncryptMTU return the MTU to be used on the encryption routing table. This is the MTU without encryption overhead and in the tunnel case accounts for the tunnel overhead.