Hi everyone, I have a wireguard tunnel between two sites inside it, a vxlan passes that carries the VoIP segment from site 1 to site 2. If wireguard has mtu 1420, do I have to set up vxlan with mtu 1370?
From someone way smarter than me… at least on MT stuff, and networking, and …
the answer is yes, the UDP + vxlan header + ethernet header occupy 50 bytes in total, so indeed if the MTU of the carrier interface (Wireguard) is 1420, the MTU of the VxLAN interface will be 1370
Thanks
The math is right.
Generally MTU being right is a good thing. TCP things adjust themselves, so MTU being right is actually helpful.
One side note as MTU get lower from tunnels-in-tunnels… sometimes that effects dumber UDP protocols. For example (& before it get device-lock’ed), if you run a /tool/bandwidth-test with UDP and “both” directions on the VXLAN traffic, you’ll notice you need to set the “local-udp-tx-size=” and “remote-udp-tx-size=” to accommodate the lower MTU and get results. And a bandwidth-test be worth to try anyway before and after the MTU adjustments.
Now most common UDP things (like QUIC) know that folks might use tunnels-in-tunnels and do reasonable things. For UDP things that don’t like lower MTUs, the only fixes is either use the wrong MTU (i.e. VXLAN mtu=1500) or adjust the UDP app to use smaller packets. Generally you have to get more specialty protocols (like MPEG-TS+FEC, where an encoder might have to use lower #subframe/packet) to run into these problems.
Anyway, any UDP protocols are just something to watch for when changing MTUs.