Re: Fragmentation on UDP layer possible?

Development discussion of WireGuard
 help / color / mirror / Atom feed

From: StarBrilliant <coder@poorlab.com>
To: wireguard@lists.zx2c4.com
Subject: Re: Fragmentation on UDP layer possible?
Date: Mon, 13 Aug 2018 05:55:59 +1000	[thread overview]
Message-ID: <CA+7UkwKAHjQupRegijs-N6Jxp6r=hmZCt7Kj2goYPdziREeANA@mail.gmail.com> (raw)
In-Reply-To: <20180813000611.3296fa66@natsu>

On Mon, Aug 13, 2018 at 5:06 AM Roman Mamedov <rm@romanrm.net> wrote:
>
> On Mon, 13 Aug 2018 02:53:44 +1000
> StarBrilliant <coder@poorlab.com> wrote:
>
> > I know Wireguard can already do IP layer fragmentation. (Just set
> > tunnel MTU >= 1441 then fragmentation will be turned on)
>
> Is that really expected to work? I tried setting MTU 9000 on both ends of a WG
> tunnel, but large packets still do not seem to come through properly. Did you
> try using it like that in any kind of environment (aside from that one
> restrictive network)?
>
> In theory using MTU 9000 or such would help lower the huge overhead percentage
> of running IP over VXLAN over IP over WG over IP. I was looking into that the
> other day, but my idea was to fragment VXLAN packets across multiple WG ones,
> which turned out to be impossible (VXLAN RFC forbids fragmentation).

I have succeeded in setting a MTU of 1966 bytes inside VXLAN with a
non-restrictive Ethernet.
Due to a Linux bug, you need to do "sudo ethtool -K vxlan0 rx off tx
off", or all UDP packets will have wrong checksums and being dropped.

You might want to check my project on generating a Wireguard+VXLAN
with a tool https://github.com/m13253/VxWireguard-Generator
(Note that this is not production-ready. In other words, please back
up your main database often)

next prev parent reply	other threads:[~2018-08-12 19:44 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-12 16:53 StarBrilliant
2018-08-12 19:06 ` Roman Mamedov
2018-08-12 19:55   ` StarBrilliant [this message]
2018-08-14 10:29   ` Baptiste Jonglez
2018-08-14 20:26     ` Derek Fawcus
2018-08-13  6:40 ` Jason A. Donenfeld
2018-08-13  6:53   ` StarBrilliant

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CA+7UkwKAHjQupRegijs-N6Jxp6r=hmZCt7Kj2goYPdziREeANA@mail.gmail.com' \
    --to=coder@poorlab.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).