Fragmentation on UDP layer possible?
StarBrilliant
coder at poorlab.com
Sun Aug 12 21:55:59 CEST 2018
On Mon, Aug 13, 2018 at 5:06 AM Roman Mamedov <rm at romanrm.net> wrote:
>
> On Mon, 13 Aug 2018 02:53:44 +1000
> StarBrilliant <coder at poorlab.com> wrote:
>
> > I know Wireguard can already do IP layer fragmentation. (Just set
> > tunnel MTU >= 1441 then fragmentation will be turned on)
>
> Is that really expected to work? I tried setting MTU 9000 on both ends of a WG
> tunnel, but large packets still do not seem to come through properly. Did you
> try using it like that in any kind of environment (aside from that one
> restrictive network)?
>
> In theory using MTU 9000 or such would help lower the huge overhead percentage
> of running IP over VXLAN over IP over WG over IP. I was looking into that the
> other day, but my idea was to fragment VXLAN packets across multiple WG ones,
> which turned out to be impossible (VXLAN RFC forbids fragmentation).
I have succeeded in setting a MTU of 1966 bytes inside VXLAN with a
non-restrictive Ethernet.
Due to a Linux bug, you need to do "sudo ethtool -K vxlan0 rx off tx
off", or all UDP packets will have wrong checksums and being dropped.
You might want to check my project on generating a Wireguard+VXLAN
with a tool https://github.com/m13253/VxWireguard-Generator
(Note that this is not production-ready. In other words, please back
up your main database often)
More information about the WireGuard
mailing list