Unfortunately vxlan doesn’t handle frementation. It is fast though, can push ~5Gbps UDP and >3.6Gbps TCP which I think is being influenced by the brandwidth test quite a bit… on an rb5009.
And vxlan over wireguard works but maxes out the CPU, I still have my testbed up so I did the following
vxlan@1600MTU > wireguard@2800MTU > SFP+ @1500MTU SFP+ >wireguard@2800MTU > vxlan@1600MTU.
I’m able to ping with packets at 1550 so wireguard is handling fragmentation. and passing the oversized vxlan packets through just fine. However, wireguard’s CPU use shows up and limits to around 800Mbps one way and 600-700Mbps both ways on UDP.
As far as handling this in the encryption, sure, but mikrotik doesn’t appear to support much for expanded MTU here. using l1tp or ipip and seeing ipsec, the tunnel is still doing the anti-fragmentation. setting a transport mode policy doesn’t allow for any sort of MTU configuration and tunnels set with high MTUs still throw a ‘packet to large’ error.