summaryrefslogtreecommitdiff
path: root/data/templates/firewall
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-11-22 10:52:40 +0100
committerChristian Breunig <christian@breunig.cc>2023-11-22 10:52:40 +0100
commit4a163b016333e58fee9d6ec6b53a09e0160b3213 (patch)
treeb8b8d45a498156daa810ef937e8c2689a91ef02b /data/templates/firewall
parent00a28fe512ccb56f4ca57d18c2613ac47242a66d (diff)
downloadvyos-1x-4a163b016333e58fee9d6ec6b53a09e0160b3213.tar.gz
vyos-1x-4a163b016333e58fee9d6ec6b53a09e0160b3213.zip
vxlan: T5759: change default MTU from 1450 -> 1500 bytes
Found an odd behavior on Linux and the VyOS CLI implementation. If adding VXLAN interfaces using iproute2 the MTU differs depending on the creation syntax: ip -4 link add vxlan100 type vxlan dstport 4789 external df unset tos inherit \ ttl 16 nolearning vnifilter local 172.16.33.201 ip -4 link add vxlan200 type vxlan id 200 dstport 4789 local 172.16.33.201 dev eth0 ip -6 link add vxlan300 type vxlan id 300 dstport 4789 local 2001:db8:1::1 dev eth0 132: vxlan300: <BROADCAST,MULTICAST> mtu 1430 qdisc noop state DOWN group default qlen 1000 link/ether 4e:fb:e3:f5:d9:59 brd ff:ff:ff:ff:ff:ff 133: vxlan200: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000 link/ether 0e:4e:f4:76:59:3f brd ff:ff:ff:ff:ff:ff 134: vxlan100: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether ba:b6:b7:0c:b1:37 brd ff:ff:ff:ff:ff:ff VyOS always sets a default MTU of 1450 bytes which is correct for IPv4 p2p links or multicast, but invalid for IPv6 p2p. Also this will break EVPN deployments as ethernet bridges with MTU < 1500 bytes are less fun. Increase default MTU to 1500 bytes. Migrate old configurations to use 1450 bytes if not specified otherwise on the CLI.
Diffstat (limited to 'data/templates/firewall')
0 files changed, 0 insertions, 0 deletions