Documentation
¶
Overview ¶
Package mtu is a library for tracking and configuring MTU for devices and routes.
Index ¶
Constants ¶
View Source
const ( // MaxMTU is the highest MTU that can be used for devices and routes // handled by Cilium. It will typically be used to configure inbound // paths towards containers where it is guaranteed that the packet will // not be rerouted to another node, and therefore will not lead to // any form of IP fragmentation. // One might expect this to be 65535, however Linux seems to cap the // MTU of routes at 65520, so we use this value below. MaxMTU = 65520 // EthernetMTU is the standard MTU for Ethernet devices. It is used // as the MTU for container devices when running direct routing mode. EthernetMTU = 1500 // TunnelOverheadIPv{4,6} is an approximation for bytes used for tunnel // encapsulation. It accounts for: // IPv4 IPv6 // (Outer ethernet is not accounted against MTU size) // Outer IP header: 20B 40B // Outer UDP header: 8B 8B // Outer VXLAN header: 8B 8B // Original Ethernet: 14B 14B // --- --- // Total extra bytes: 50B 70B TunnelOverheadIPv4 = 50 TunnelOverheadIPv6 = 70 // DsrTunnelOverhead is about the GENEVE DSR option that gets inserted // by the LB, when addressing a Service in hs-ipcache mode DsrTunnelOverhead = 12 // EncryptionIPsecOverhead is an approximation for bytes used for // encryption. Depending on key size and encryption type the actual // size may vary here we do calculations for 128B keys and Auth. The // overhead is accounted for as: // Outer IP header: 20B // SPI: 4B // Sequece Numbers: 4B // Next Header: 1B // ICV: 16B // Padding: 16B // 128bit Auth: 16B // --- // Total extra bytes: 77B EncryptionIPsecOverhead = 77 // EncryptionDefaultAuthKeyLength is 16 representing 128B key recommended // size for GCM(AES*) in RFC4106. Users may input other lengths via // key secrets. EncryptionDefaultAuthKeyLength = 16 // WireguardOverhead is an approximation for the overhead of WireGuard // encapsulation. // // https://github.com/torvalds/linux/blob/v5.12/drivers/net/wireguard/device.c#L262: // MESSAGE_MINIMUM_LENGTH: 32B // Outer IPv4 or IPv6 header: 40B // Outer UDP header: 8B // --- // Total extra bytes: 80B WireguardOverhead = 80 // IPIPv4Overhead is the overhead for the IPv4 header used in IPIP devices. // sizeof(struct iphdr) IPIPv4Overhead = 20 // IPIPv6Overhead is the overhead for the IPv6 header (40B) as well as tunnel // encap limit option used in IP6IP6 devices. // sizeof(struct ipv6hdr) + 8 // See kernel commit 381601e5bbae ("Make the ip6_tunnel reflect the true mtu.") // for details. IPIPv6Overhead = 48 )
Variables ¶
View Source
var Cell = cell.Module( "mtu", "MTU discovery", cell.ProvidePrivate(newTable), cell.Provide( statedb.RWTable[RouteMTU].ToTable, newForCell, ), cell.Invoke(newEndpointUpdater), cell.Config(defaultConfig), )
View Source
var DefaultPrefixV4 = netip.MustParsePrefix("0.0.0.0/0")
View Source
var DefaultPrefixV6 = netip.MustParsePrefix("::/0")
View Source
var ( MTURouteIndex = statedb.Index[RouteMTU, netip.Prefix]{ Name: "cidr", FromObject: func(rm RouteMTU) index.KeySet { return index.NewKeySet(index.NetIPPrefix(rm.Prefix)) }, FromKey: index.NetIPPrefix, FromString: index.NetIPPrefixString, Unique: true, } )
Functions ¶
Types ¶
type Config ¶ added in v1.16.0
type Config struct {
// Enable route MTU for pod netns when CNI chaining is used
EnableRouteMTUForCNIChaining bool
}
type Configuration ¶
type Configuration struct {
// contains filtered or unexported fields
}
Configuration is an MTU configuration as returned by NewConfiguration
func NewConfiguration ¶
func NewConfiguration(authKeySize int, encryptEnabled, encapEnabled, wireguardEnabled, tunnelOverIPv6 bool) Configuration
NewConfiguration returns a new MTU configuration which is used to calculate MTU values from a base MTU based on the config.
func (Configuration) Calculate ¶ added in v1.17.0
func (c Configuration) Calculate(baseMTU int) RouteMTU
type EndpointMTUUpdateHook ¶ added in v1.17.0
type EndpointMTUUpdater ¶ added in v1.17.0
type EndpointMTUUpdater interface {
// RegisterHook registers a hook to be called when updating the MTU of endpoints.
// The hook is called from within the network namespace of each endpoint.
RegisterHook(hook EndpointMTUUpdateHook)
}
type LatestMTUGetter ¶ added in v1.17.0
type LatestMTUGetter struct {
// contains filtered or unexported fields
}
func (*LatestMTUGetter) GetDeviceMTU ¶ added in v1.17.0
func (m *LatestMTUGetter) GetDeviceMTU() int
func (*LatestMTUGetter) GetRouteMTU ¶ added in v1.17.0
func (m *LatestMTUGetter) GetRouteMTU() int
func (*LatestMTUGetter) GetRoutePostEncryptMTU ¶ added in v1.17.0
func (m *LatestMTUGetter) GetRoutePostEncryptMTU() int
func (*LatestMTUGetter) IsEnableRouteMTUForCNIChaining ¶ added in v1.17.0
func (m *LatestMTUGetter) IsEnableRouteMTUForCNIChaining() bool
type MTUManager ¶ added in v1.17.0
type MTUManager struct {
Config *Configuration
// contains filtered or unexported fields
}
Source Files
Click to show internal directories.
Click to hide internal directories.