Description of problem:
MTU should be adjusted when IPsec is enabled to account for packet overhead of adding IPsec headers.
Version-Release number of selected component (if applicable): OCP 4.7
Steps to Reproduce:
1. Start cluster with IPsec disabled
2. Create Pod
3. Run `ip l | grep mtu` in pod to view MTU
4. Start cluster with IPsec enabled
5. Create Pod
6. Run `ip l | grep mtu` in pod to view MTU
* MTUs are the same value
* MTU with IPsec enabled should be adjusted to account for IPsec header
@mark.d.gray Whats the ipsec mtu overhead supposed to be?
@anusaxen: The overhead is 46B at a maximum.
Per doc https://access.redhat.com/documentation/en-us/openshift_container_platform/3.11/html/cluster_administration/admin-guide-ipsec, the ipsec overhead is 62B.
(In reply to Ke Wang from comment #6)
> Per doc
> 11/html/cluster_administration/admin-guide-ipsec, the ipsec overhead is 62B.
The overhead of IPsec depends on the IPsec mode (transport or tunnel) and the encryption algorithm used. I am unsure how it was configured in 3.11 but it may have been using different parameters. For 4.7, it should have a maximum overhead of 46B. The motivation for this is described in the commit message of the PR.