From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 2EB661FF165
	for <inbox@lore.proxmox.com>; Thu, 17 Jul 2025 19:49:14 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id A692A9E0B;
	Thu, 17 Jul 2025 19:50:18 +0200 (CEST)
From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Thu, 17 Jul 2025 19:50:10 +0200
Message-Id: <20250717175012.606372-2-s.hanreich@proxmox.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250717175012.606372-1-s.hanreich@proxmox.com>
References: <20250717175012.606372-1-s.hanreich@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.210 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
 methods
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [qemuserver.pm, proxmox.com, network.pm, 8006.pid]
Subject: [pve-devel] [PATCH qemu-server v3 1/1] net: automatically set
 host_mtu to bridge mtu for virtio netdevs
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

When creating a new network device from the UI and leaving the MTU
field empty, it defaults to 1500. This is inconvenient in cases where
the MTU of the bridge is not 1500 and lead to some confusion of users
[1]. Containers already inherit the bridge MTU when the field is left
empty, so align the behavior of VMs to be more in line with the more
convenient behavior of containers.

The common case where this was encountered was with creating network
devices on SDN VXLAN vnets. There the default MTU for bridges is 1450,
since VXLAN adds some overhead and we automatically subtract that
overhead from the default bridge MTU (1500) if no MTU is explicitly
set in the zone configuration. Before that users always had to
explicitly set the MTU to 1450 or 1 for every network device created,
which is error-prone.

[1] https://forum.proxmox.com/threads/bug-vxlan-and-mtu.161412

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 src/PVE/QemuServer.pm                  | 30 ++++++++++++++------------
 src/PVE/QemuServer/Network.pm          |  3 ++-
 src/test/cfg2cmd/netdev_vxlan.conf     |  7 ++++++
 src/test/cfg2cmd/netdev_vxlan.conf.cmd | 28 ++++++++++++++++++++++++
 src/test/run_config2command_tests.pl   |  6 ++++++
 5 files changed, 59 insertions(+), 15 deletions(-)
 create mode 100644 src/test/cfg2cmd/netdev_vxlan.conf
 create mode 100644 src/test/cfg2cmd/netdev_vxlan.conf.cmd

diff --git a/src/PVE/QemuServer.pm b/src/PVE/QemuServer.pm
index ec554c4a..d7398648 100644
--- a/src/PVE/QemuServer.pm
+++ b/src/PVE/QemuServer.pm
@@ -1452,21 +1452,23 @@ sub print_netdevice_full {
 
     $tmpstr .= ",bootindex=$net->{bootindex}" if $net->{bootindex};
 
-    if (my $mtu = $net->{mtu}) {
-        if ($net->{model} eq 'virtio' && $net->{bridge}) {
-            my $bridge_mtu = PVE::Network::read_bridge_mtu($net->{bridge});
-            if ($mtu == 1) {
-                $mtu = $bridge_mtu;
-            } elsif ($mtu < 576) {
-                die "netdev $netid: MTU '$mtu' is smaller than the IP minimum MTU '576'\n";
-            } elsif ($mtu > $bridge_mtu) {
-                die "netdev $netid: MTU '$mtu' is bigger than the bridge MTU '$bridge_mtu'\n";
-            }
-            $tmpstr .= ",host_mtu=$mtu";
-        } else {
-            warn
-                "WARN: netdev $netid: ignoring MTU '$mtu', not using VirtIO or no bridge configured.\n";
+    my $mtu = $net->{mtu};
+
+    if ($net->{model} eq 'virtio' && $net->{bridge}) {
+        my $bridge_mtu = PVE::Network::read_bridge_mtu($net->{bridge});
+
+        if (!defined($mtu) || $mtu == 1) {
+            $mtu = $bridge_mtu;
+        } elsif ($mtu < 576) {
+            die "netdev $netid: MTU '$mtu' is smaller than the IP minimum MTU '576'\n";
+        } elsif ($mtu > $bridge_mtu) {
+            die "netdev $netid: MTU '$mtu' is bigger than the bridge MTU '$bridge_mtu'\n";
         }
+
+        $tmpstr .= ",host_mtu=$mtu" if $mtu != 1500;
+    } elsif (defined($mtu)) {
+        warn
+            "WARN: netdev $netid: ignoring MTU '$mtu', not using VirtIO or no bridge configured.\n";
     }
 
     if ($use_old_bios_files) {
diff --git a/src/PVE/QemuServer/Network.pm b/src/PVE/QemuServer/Network.pm
index 9ca31435..56df83fb 100644
--- a/src/PVE/QemuServer/Network.pm
+++ b/src/PVE/QemuServer/Network.pm
@@ -110,7 +110,8 @@ my $net_fmt = {
         type => 'integer',
         minimum => 1,
         maximum => 65520,
-        description => "Force MTU, for VirtIO only. Set to '1' to use the bridge MTU",
+        description =>
+            "Force MTU of network device (VirtIO only). Setting to '1' or empty will use the bridge MTU",
         optional => 1,
     },
 };
diff --git a/src/test/cfg2cmd/netdev_vxlan.conf b/src/test/cfg2cmd/netdev_vxlan.conf
new file mode 100644
index 00000000..af9e31c7
--- /dev/null
+++ b/src/test/cfg2cmd/netdev_vxlan.conf
@@ -0,0 +1,7 @@
+# TEST: Test inheriting the MTU from a bridge with MTU != 1500
+bootdisk: scsi0
+cores: 3
+memory: 768
+name: netdev
+net0: virtio=A2:C0:43:77:08:A0,bridge=vxlan_bridge
+ostype: l26
diff --git a/src/test/cfg2cmd/netdev_vxlan.conf.cmd b/src/test/cfg2cmd/netdev_vxlan.conf.cmd
new file mode 100644
index 00000000..a2f3579d
--- /dev/null
+++ b/src/test/cfg2cmd/netdev_vxlan.conf.cmd
@@ -0,0 +1,28 @@
+/usr/bin/kvm \
+  -id 8006 \
+  -name 'netdev,debug-threads=on' \
+  -no-shutdown \
+  -chardev 'socket,id=qmp,path=/var/run/qemu-server/8006.qmp,server=on,wait=off' \
+  -mon 'chardev=qmp,mode=control' \
+  -chardev 'socket,id=qmp-event,path=/var/run/qmeventd.sock,reconnect-ms=5000' \
+  -mon 'chardev=qmp-event,mode=control' \
+  -pidfile /var/run/qemu-server/8006.pid \
+  -daemonize \
+  -smp '3,sockets=1,cores=3,maxcpus=3' \
+  -nodefaults \
+  -boot 'menu=on,strict=on,reboot-timeout=1000,splash=/usr/share/qemu-server/bootsplash.jpg' \
+  -vnc 'unix:/var/run/qemu-server/8006.vnc,password=on' \
+  -cpu kvm64,enforce,+kvm_pv_eoi,+kvm_pv_unhalt,+lahf_lm,+sep \
+  -m 768 \
+  -global 'PIIX4_PM.disable_s3=1' \
+  -global 'PIIX4_PM.disable_s4=1' \
+  -device 'pci-bridge,id=pci.1,chassis_nr=1,bus=pci.0,addr=0x1e' \
+  -device 'pci-bridge,id=pci.2,chassis_nr=2,bus=pci.0,addr=0x1f' \
+  -device 'piix3-usb-uhci,id=uhci,bus=pci.0,addr=0x1.0x2' \
+  -device 'usb-tablet,id=tablet,bus=uhci.0,port=1' \
+  -device 'VGA,id=vga,bus=pci.0,addr=0x2' \
+  -device 'virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3,free-page-reporting=on' \
+  -iscsi 'initiator-name=iqn.1993-08.org.debian:01:aabbccddeeff' \
+  -netdev 'type=tap,id=net0,ifname=tap8006i0,script=/usr/libexec/qemu-server/pve-bridge,downscript=/usr/libexec/qemu-server/pve-bridgedown,vhost=on' \
+  -device 'virtio-net-pci,mac=A2:C0:43:77:08:A0,netdev=net0,bus=pci.0,addr=0x12,id=net0,rx_queue_size=1024,tx_queue_size=256,bootindex=300,host_mtu=1450' \
+  -machine 'type=pc+pve0'
diff --git a/src/test/run_config2command_tests.pl b/src/test/run_config2command_tests.pl
index 16a56987..ab781e00 100755
--- a/src/test/run_config2command_tests.pl
+++ b/src/test/run_config2command_tests.pl
@@ -439,6 +439,12 @@ my $pve_common_network;
 $pve_common_network = Test::MockModule->new('PVE::Network');
 $pve_common_network->mock(
     read_bridge_mtu => sub {
+        my ($bridge_name) = @_;
+
+        if ($bridge_name eq 'vxlan_bridge') {
+            return 1450;
+        }
+
         return 1500;
     },
 );
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel