Skip to content

[cni-cilium] Fix mtu #16751

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
apolovov merged 4 commits into from
Dec 2, 2025
Merged

[cni-cilium] Fix mtu #16751

apolovov merged 4 commits into from
Dec 2, 2025

Conversation

@AndreyPavlovFlant
Copy link
Member

@AndreyPavlovFlant AndreyPavlovFlant commented Nov 28, 2025
edited
Loading

Description

The basic logic of MTU configuration in Cilium is:

  • The full MTU value is always set on pod interfaces.
  • In the case of using encapsulation or encryption, an abbreviated MTU value is set on the default route inside the pod.

However, this logic does not work well in the context of virtualization, where internal interfaces are created with the MTU of the pod and there is no way to determine the MTU of routes. To work correctly with virtualization, we have previously made changes to create pod interfaces with a reduced MTU.

With the latest version of Cilium, a mechanism for automatically updating MTUs on all pod interfaces has been added, while still following its basic logic.

In this PR, we will make the same change to the automatic MTU update mechanism.

Why do we need it, and what problem does it solve?

When using custom high MTU values, different calculation methods in two different places can lead to problems.

Why do we need it in the patch release (if we do)?

This has been identified in production clusters, and it has become a problem.

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: cni-cilium
type: fix
summary: The MTU configuration has been updated.
impact: The MTU will be updated on all interfaces of all pods.
impact_level: default

@AndreyPavlovFlant AndreyPavlovFlant added this to the v1.75.0 milestone Nov 28, 2025
@AndreyPavlovFlant AndreyPavlovFlant self-assigned this Nov 28, 2025
@github-actions github-actions bot added the area/network Pull requests that update cni and network modules label Nov 28, 2025
@AndreyPavlovFlant
[cni-cilium] test mtu
457de81 
Signed-off-by: Andrey Pavlov <andrey.pavlov@flant.com>
@AndreyPavlovFlant
Revert "[cni-cilium] test mtu"
32aeaa6 
This reverts commit 26b16be.

Signed-off-by: Andrey Pavlov <andrey.pavlov@flant.com>
@AndreyPavlovFlant
mtu2
acf07bc 
Signed-off-by: Andrey Pavlov <andrey.pavlov@flant.com>
@AndreyPavlovFlant AndreyPavlovFlant changed the title [cni-cilium] test mtu [cni-cilium] Fix mtu Dec 1, 2025
@AndreyPavlovFlant
++
781f9bc 
Signed-off-by: Andrey Pavlov <andrey.pavlov@flant.com>
@AndreyPavlovFlant AndreyPavlovFlant added the e2e/run/static Run e2e tests for static cluster label Dec 1, 2025
@deckhouse-BOaTswain
Copy link
Collaborator

deckhouse-BOaTswain commented Dec 1, 2025
edited
Loading

🟢 e2e: Static for deckhouse:cilium-test-mtu succeeded in 45m19s.

Workflow details

Static-Static-Containerd-1.32 - Connection string: ssh -J astra@178.72.152.81 astra@192.168.199.143

🟢 e2e: Static, Containerd, Kubernetes 1.32 succeeded in 44m12s.

@github-actions github-actions bot removed the e2e/run/static Run e2e tests for static cluster label Dec 1, 2025
@AndreyPavlovFlant AndreyPavlovFlant added the e2e/run/vcd Run e2e tests in vCloudDirector label Dec 1, 2025
@deckhouse-BOaTswain
Copy link
Collaborator

deckhouse-BOaTswain commented Dec 1, 2025
edited
Loading

🟢 e2e: VCD for deckhouse:cilium-test-mtu succeeded in 36m34s.

Workflow details

VCD-Standard-Containerd-1.32 - Connection string: ssh -J ubuntu@80.249.129.56 ubuntu@192.168.254.154

🟢 e2e: VCD, Containerd, Kubernetes 1.32 succeeded in 35m30s.

@github-actions github-actions bot removed the e2e/run/vcd Run e2e tests in vCloudDirector label Dec 1, 2025
@AndreyPavlovFlant AndreyPavlovFlant marked this pull request as ready for review December 1, 2025 18:30
@AndreyPavlovFlant AndreyPavlovFlant modified the milestones: v1.75.0, v1.73.8 Dec 1, 2025
@apolovov apolovov merged commit 4508e62 into main Dec 2, 2025
94 of 96 checks passed
@apolovov apolovov deleted the cilium-test-mtu branch December 2, 2025 07:33
@deckhouse-BOaTswain deckhouse-BOaTswain mentioned this pull request Dec 2, 2025
Merged
@Taior Taior added the status/backport Cherry-pick PR to the release branch from the Milestone label Dec 2, 2025
github-actions bot pushed a commit that referenced this pull request Dec 2, 2025
@AndreyPavlovFlant @Taior
[cni-cilium] Fix mtu (#16751)
4ca077f 
Signed-off-by: Andrey Pavlov <andrey.pavlov@flant.com>
@deckhouse-BOaTswain deckhouse-BOaTswain removed the status/backport Cherry-pick PR to the release branch from the Milestone label Dec 2, 2025
deckhouse-BOaTswain added a commit that referenced this pull request Dec 2, 2025
@deckhouse-BOaTswain @AndreyPavlovFlant
[cni-cilium] Fix mtu (#16751) (#16801)
6023a22 
Signed-off-by: Andrey Pavlov <andrey.pavlov@flant.com>
Co-authored-by: AndreyPavlovFlant <139264830+AndreyPavlovFlant@users.noreply.github.com>
@deckhouse-BOaTswain
Copy link
Collaborator

deckhouse-BOaTswain commented Dec 2, 2025

Cherry pick PR 16801 to the branch release-1.73 successful!

@Taior
Copy link
Member

Taior commented Dec 2, 2025

/backport 1.74

github-actions bot pushed a commit that referenced this pull request Dec 2, 2025
@AndreyPavlovFlant @Taior
[cni-cilium] Fix mtu (#16751)
c5999b8 
Signed-off-by: Andrey Pavlov <andrey.pavlov@flant.com>
deckhouse-BOaTswain added a commit that referenced this pull request Dec 2, 2025
@deckhouse-BOaTswain @AndreyPavlovFlant
[cni-cilium] Fix mtu (#16751) (#16803)
f8ac9fb 
Signed-off-by: Andrey Pavlov <andrey.pavlov@flant.com>
Co-authored-by: AndreyPavlovFlant <139264830+AndreyPavlovFlant@users.noreply.github.com>
@deckhouse-BOaTswain
Copy link
Collaborator

deckhouse-BOaTswain commented Dec 2, 2025

Cherry pick PR 16803 to the branch release-1.74 successful!

@deckhouse-BOaTswain deckhouse-BOaTswain mentioned this pull request Dec 2, 2025
Merged
This was referenced Dec 30, 2025
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@apolovov apolovov apolovov approved these changes

Assignees

@AndreyPavlovFlant AndreyPavlovFlant

Labels

area/network Pull requests that update cni and network modules status/backport/success

Projects

None yet

Milestone

v1.73.8

Development

Successfully merging this pull request may close these issues.

5 participants

@AndreyPavlovFlant @deckhouse-BOaTswain @Taior @apolovov