Auto discovery mtu

build/yamls/antrea-eks.yml

@@ -550,9 +550,9 @@ data:
     # - stt
     #tunnelType: geneve
 
-    # Default MTU to use for the host gateway interface and the network interface of each Pod. If
-    # omitted, antrea-agent will default this value to 1450 to accommodate for tunnel encapsulate
-    # overhead.
+    # Default MTU to use for the host gateway interface and the network interface of each Pod.
+    # If omitted, antrea-agent will discover the MTU of the Node's primary interface and
+    # also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable).
     #defaultMTU: 1450
 
     # Whether or not to enable IPsec encryption of tunnel traffic. IPsec encryption is only supported
@@ -627,7 +627,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-9cf7tk2d9b
+  name: antrea-config-hhthk4g2f4
   namespace: kube-system
 ---
 apiVersion: v1
@@ -733,7 +733,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-9cf7tk2d9b
+          name: antrea-config-hhthk4g2f4
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -950,7 +950,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-9cf7tk2d9b
+          name: antrea-config-hhthk4g2f4
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-gke.yml

@@ -550,9 +550,9 @@ data:
     # - stt
     #tunnelType: geneve
 
-    # Default MTU to use for the host gateway interface and the network interface of each Pod. If
-    # omitted, antrea-agent will default this value to 1450 to accommodate for tunnel encapsulate
-    # overhead.
+    # Default MTU to use for the host gateway interface and the network interface of each Pod.
+    # If omitted, antrea-agent will discover the MTU of the Node's primary interface and
+    # also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable).
     #defaultMTU: 1450
 
     # Whether or not to enable IPsec encryption of tunnel traffic. IPsec encryption is only supported
@@ -627,7 +627,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-mggd25d555
+  name: antrea-config-mbkmc9bb22
   namespace: kube-system
 ---
 apiVersion: v1
@@ -733,7 +733,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-mggd25d555
+          name: antrea-config-mbkmc9bb22
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -948,7 +948,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-mggd25d555
+          name: antrea-config-mbkmc9bb22
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-ipsec.yml

@@ -550,9 +550,9 @@ data:
     # - stt
     tunnelType: gre
 
-    # Default MTU to use for the host gateway interface and the network interface of each Pod. If
-    # omitted, antrea-agent will default this value to 1450 to accommodate for tunnel encapsulate
-    # overhead.
+    # Default MTU to use for the host gateway interface and the network interface of each Pod.
+    # If omitted, antrea-agent will discover the MTU of the Node's primary interface and
+    # also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable).
     #defaultMTU: 1450
 
     # Whether or not to enable IPsec encryption of tunnel traffic. IPsec encryption is only supported
@@ -627,7 +627,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-ch9mhb526k
+  name: antrea-config-5tkdbb96c6
   namespace: kube-system
 ---
 apiVersion: v1
@@ -742,7 +742,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-ch9mhb526k
+          name: antrea-config-5tkdbb96c6
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -992,7 +992,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-ch9mhb526k
+          name: antrea-config-5tkdbb96c6
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-windows.yml

@@ -37,9 +37,9 @@ data:
     # - stt
     #tunnelType: geneve
 
-    # Default MTU to use for the host gateway interface and the network interface of each Pod. If
-    # omitted, antrea-agent will default this value to 1450 to accommodate for tunnel encapsulate
-    # overhead.
+    # Default MTU to use for the host gateway interface and the network interface of each Pod.
+    # If omitted, antrea-agent will discover the MTU of the Node's primary interface and
+    # also adjust MTU to accommodate for tunnel encapsulation overhead.
     #defaultMTU: 1450
 
     # CIDR Range for services in cluster. It's required to support egress network policy, should
@@ -69,7 +69,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-windows-config-2b4h888dt2
+  name: antrea-windows-config-k24chf74ct
   namespace: kube-system
 ---
 apiVersion: apps/v1
@@ -157,7 +157,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-windows-config-2b4h888dt2
+          name: antrea-windows-config-k24chf74ct
         name: antrea-windows-config
       - configMap:
           defaultMode: 420

build/yamls/antrea.yml

@@ -550,9 +550,9 @@ data:
     # - stt
     #tunnelType: geneve
 
-    # Default MTU to use for the host gateway interface and the network interface of each Pod. If
-    # omitted, antrea-agent will default this value to 1450 to accommodate for tunnel encapsulate
-    # overhead.
+    # Default MTU to use for the host gateway interface and the network interface of each Pod.
+    # If omitted, antrea-agent will discover the MTU of the Node's primary interface and
+    # also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable).
     #defaultMTU: 1450
 
     # Whether or not to enable IPsec encryption of tunnel traffic. IPsec encryption is only supported
@@ -627,7 +627,7 @@ metadata:
   annotations: {}
   labels:
     app: antrea
-  name: antrea-config-btd998c7bt
+  name: antrea-config-hc2t9429cd
   namespace: kube-system
 ---
 apiVersion: v1
@@ -733,7 +733,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-btd998c7bt
+          name: antrea-config-hc2t9429cd
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -948,7 +948,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-btd998c7bt
+          name: antrea-config-hc2t9429cd
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/base/conf/antrea-agent.conf

@@ -31,9 +31,9 @@ featureGates:
 # - stt
 #tunnelType: geneve
 
-# Default MTU to use for the host gateway interface and the network interface of each Pod. If
-# omitted, antrea-agent will default this value to 1450 to accommodate for tunnel encapsulate
-# overhead.
+# Default MTU to use for the host gateway interface and the network interface of each Pod.
+# If omitted, antrea-agent will discover the MTU of the Node's primary interface and
+# also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable).
 #defaultMTU: 1450
 
 # Whether or not to enable IPsec encryption of tunnel traffic. IPsec encryption is only supported

build/yamls/windows/base/conf/antrea-agent.conf

@@ -19,9 +19,9 @@ featureGates:
 # - stt
 #tunnelType: geneve
 
-# Default MTU to use for the host gateway interface and the network interface of each Pod. If
-# omitted, antrea-agent will default this value to 1450 to accommodate for tunnel encapsulate
-# overhead.
+# Default MTU to use for the host gateway interface and the network interface of each Pod.
+# If omitted, antrea-agent will discover the MTU of the Node's primary interface and
+# also adjust MTU to accommodate for tunnel encapsulation overhead.
 #defaultMTU: 1450
 
 # CIDR Range for services in cluster. It's required to support egress network policy, should

cmd/antrea-agent/agent.go

@@ -163,7 +163,6 @@ func run(o *Options) error {
 	cniServer := cniserver.New(
 		o.config.CNISocket,
 		o.config.HostProcPathPrefix,
-		o.config.DefaultMTU,
 		nodeConfig,
 		k8sClient,
 		podUpdates,

cmd/antrea-agent/options.go

@@ -35,14 +35,6 @@ const (
 	defaultHostProcPathPrefix = "/host"
 	defaultServiceCIDR        = "10.96.0.0/12"
 	defaultTunnelType         = ovsconfig.GeneveTunnel
-	defaultMTUGeneve          = 1450
-	defaultMTUVXLAN           = 1450
-	defaultMTUGRE             = 1462
-	defaultMTUSTT             = 1500
-	defaultMTU                = 1500
-	// IPsec ESP can add a maximum of 38 bytes to the packet including the ESP
-	// header and trailer.
-	ipsecESPOverhead = 38
 )
 
 type Options struct {
@@ -151,26 +143,6 @@ func (o *Options) setDefaults() {
 	if o.config.TrafficEncapMode == "" {
 		o.config.TrafficEncapMode = config.TrafficEncapModeEncap.String()
 	}
-
-	if o.config.DefaultMTU == 0 {
-		ok, encapMode := config.GetTrafficEncapModeFromStr(o.config.TrafficEncapMode)
-		if ok && !encapMode.SupportsEncap() {
-			o.config.DefaultMTU = defaultMTU
-		} else if o.config.TunnelType == ovsconfig.VXLANTunnel {
-			o.config.DefaultMTU = defaultMTUVXLAN
-		} else if o.config.TunnelType == ovsconfig.GeneveTunnel {
-			o.config.DefaultMTU = defaultMTUGeneve
-		} else if o.config.TunnelType == ovsconfig.GRETunnel {
-			o.config.DefaultMTU = defaultMTUGRE
-		} else if o.config.TunnelType == ovsconfig.STTTunnel {
-			o.config.DefaultMTU = defaultMTUSTT
-		}
-
-		if o.config.EnableIPSecTunnel {
-			o.config.DefaultMTU -= ipsecESPOverhead
-		}
-	}
-
 	if o.config.APIPort == 0 {
 		o.config.APIPort = apis.AntreaAgentAPIPort
 	}

docs/configuration.md

@@ -51,9 +51,9 @@ Use `antrea-agent -h` to see complete options.
 # for the GRE tunnel type.
 #enableIPSecTunnel: false
 
-# Default MTU to use for the host gateway interface and the network interface of
-# each Pod. If omitted, antrea-agent will default this value to 1450 to accommodate
-# for tunnel encapsulate overhead.
+# Default MTU to use for the host gateway interface and the network interface of each Pod.
+# If omitted, antrea-agent will discover the MTU of the Node's primary interface and
+# also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable).
 #defaultMTU: 1450
 
 # CIDR Range for services in cluster. It's required to support egress network policy, should

docs/eks-installation.md

@@ -20,9 +20,8 @@ deployment yaml at:
 https://raw.githubusercontent.com/vmware-tanzu/antrea/master/build/yamls/antrea-eks.yml
 ```
 
-Based on EKS worker Node MTU size and Kubernetes service cluster IP range, adjust
-``defaultMTU`` and ``serviceCIDR`` values of antrea-agent.conf in antrea-eks.yml
- accordingly, and apply antrea-eks.yml to the EKS cluster.
+Based on Kubernetes service cluster IP range, adjust ``serviceCIDR`` values of antrea-agent.conf
+in antrea-eks.yml accordingly, and apply antrea-eks.yml to the EKS cluster.
 
 ```bash
 kubectl apply -f antrea-eks.yaml 

docs/gke-installation.md

@@ -94,8 +94,8 @@ For any given release `<TAG>` (e.g. `v0.5.0`), get the Antrea GKE deployment yam
     https://raw.githubusercontent.com/vmware-tanzu/antrea/master/build/yamls/antrea-gke.yml
     ````
 
-    Update ``defaultMTU`` (default is 1500) and ``serviceCIDR`` value of antrea-agent.conf in antrea-gke.yml with
-GKE_SERVICE_CIDR selected at the time of deploying GKE cluster.
+    Update ``serviceCIDR`` value of antrea-agent.conf in antrea-gke.yml with GKE_SERVICE_CIDR selected at the time of
+    deploying GKE cluster.
 
 3. Deploy Antrea
 

pkg/agent/agent.go

@@ -61,8 +61,8 @@ type Initializer struct {
 	routeClient     route.Interface
 	ifaceStore      interfacestore.InterfaceStore
 	ovsBridge       string
-	hostGateway     string     // name of gateway port on the OVS bridge
-	mtu             int        // Pod network interface MTU
+	hostGateway     string // name of gateway port on the OVS bridge
+	mtu             int
 	serviceCIDR     *net.IPNet // K8s Service ClusterIP CIDR
 	networkConfig   *config.NetworkConfig
 	nodeConfig      *config.NodeConfig
@@ -412,9 +412,9 @@ func (i *Initializer) setupGatewayInterface() error {
 	// Idempotent operation to set the gateway's MTU: we perform this operation regardless of
 	// whether or not the gateway interface already exists, as the desired MTU may change across
 	// restarts.
-	klog.V(4).Infof("Setting gateway interface %s MTU to %d", i.hostGateway, i.mtu)
+	klog.V(4).Infof("Setting gateway interface %s MTU to %d", i.hostGateway, i.nodeConfig.NodeMTU)
 
-	i.ovsBridgeClient.SetInterfaceMTU(i.hostGateway, i.mtu)
+	i.ovsBridgeClient.SetInterfaceMTU(i.hostGateway, i.nodeConfig.NodeMTU)
 	if err := i.configureGatewayInterface(gatewayIface); err != nil {
 		return err
 	}
@@ -543,16 +543,23 @@ func (i *Initializer) initNodeLocalConfig() error {
 	if err != nil {
 		return fmt.Errorf("failed to obtain local IP address from k8s: %w", err)
 	}
-	localAddr, _, err := util.GetIPNetDeviceFromIP(ipAddr)
+	localAddr, localIntf, err := util.GetIPNetDeviceFromIP(ipAddr)
 	if err != nil {
 		return fmt.Errorf("failed to get local IPNet:  %v", err)
 	}
 
+	mtu, err := i.getNodeMTU(localIntf)
+	if err != nil {
+		return err
+	}
+	klog.Infof("Setting Node MTU=%d", mtu)
+
 	i.nodeConfig = &config.NodeConfig{
 		Name:            nodeName,
 		OVSBridge:       i.ovsBridge,
 		DefaultTunName:  defaultTunInterfaceName,
 		NodeIPAddr:      localAddr,
+		NodeMTU:         mtu,
 		UplinkNetConfig: new(config.AdapterNetConfig)}
 
 	if i.networkConfig.TrafficEncapMode.IsNetworkPolicyOnly() {
@@ -641,3 +648,27 @@ func getRoundInfo(bridgeClient ovsconfig.OVSBridgeClient) types.RoundInfo {
 
 	return roundInfo
 }
+
+func (i *Initializer) getNodeMTU(localIntf *net.Interface) (int, error) {
+	if i.mtu != 0 {
+		return i.mtu, nil
+	}
+	mtu := localIntf.MTU
+	// Make sure mtu is set on the interface.
+	if mtu <= 0 {
+		return 0, fmt.Errorf("Failed to fetch Node MTU : %v", mtu)
+	}
+	if i.networkConfig.TrafficEncapMode.SupportsEncap() {
+		if i.networkConfig.TunnelType == ovsconfig.VXLANTunnel {
+			mtu -= config.VXLANOverhead
+		} else if i.networkConfig.TunnelType == ovsconfig.GeneveTunnel {
+			mtu -= config.GeneveOverhead
+		} else if i.networkConfig.TunnelType == ovsconfig.GRETunnel {
+			mtu -= config.GREOverhead
+		}
+	}
+	if i.networkConfig.EnableIPSecTunnel {
+		mtu -= config.IpsecESPOverhead
+	}
+	return mtu, nil
+}