In some cases we have experienced an issue where the MTU inside a Linux VM was different than the MTU of the tap device and the virtual ethernet device in the host. In particular, the CNI was setting a specific MTU value for the virtual ethernet network device inside the network namespace. Then in urunc we correctly create a new tap device using the MTU value obtained from the virtual ethernet network device. However, the Linux VM was not getting the MTU information from anywhere and was using the default value (e.g. 1500).
This mismatch can cause various problems in network connectivity. Therefore, we need to make sure that the network devices inside the sandbox always have the same MTU as the host network devices. For guests that use virtio-net (e.g. Linux) this can be done by setting the MTU value in the monitor. Unfortunately, not all monitors support this. In more details:
In some cases we have experienced an issue where the MTU inside a Linux VM was different than the MTU of the tap device and the virtual ethernet device in the host. In particular, the CNI was setting a specific MTU value for the virtual ethernet network device inside the network namespace. Then in urunc we correctly create a new tap device using the MTU value obtained from the virtual ethernet network device. However, the Linux VM was not getting the MTU information from anywhere and was using the default value (e.g. 1500).
This mismatch can cause various problems in network connectivity. Therefore, we need to make sure that the network devices inside the sandbox always have the same MTU as the host network devices. For guests that use virtio-net (e.g. Linux) this can be done by setting the MTU value in the monitor. Unfortunately, not all monitors support this. In more details:
mtuorhost_mtu(depending on the version) option in-netdevcli option (See https://www.qemu.org/docs/master/system/qemu-manpage.html#hxtool-5)