From 9b14172cf485d154301196da979d6f6bbe713d9a Mon Sep 17 00:00:00 2001
From: Hongliang Liu <lhongliang@vmware.com>
Date: Fri, 18 Aug 2023 17:04:57 +0800
Subject: [PATCH] Set MTU of OVS ports for L7 NetworkPolicy at startup

The MTU of OVS ports for L7 NetworkPolicy should be set to the
calculated MTU value according to traffic mode at every startup.
For example, before this commit, assuming that feature gate
L7NetworkPolicy is enabled in encap mode, then the OVS ports for
L7 NetworkPolicy will be created and their MTU is 1420. If the
traffic mode is changed to noEncap, the MTU of the OVS ports is
still 1420, however, the OVS ports for Pods and antrea-gw0 is 1500
right now. Besides, when creating the OVS ports for L7 NetworkPolicy
for the first time in a Node, without specifying the MTU value, the
minimum MTU value from all OVS ports will be used. The MTU value
might be less than the MTU calculated by Antrea which is used in
Antrea local gateway port and Pod ports, result in the unavailability
of L7 NetworkPolicy.

Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
---
 pkg/agent/agent_linux.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/pkg/agent/agent_linux.go b/pkg/agent/agent_linux.go
index a797c21349f..08d96d8ff67 100644
--- a/pkg/agent/agent_linux.go
+++ b/pkg/agent/agent_linux.go
@@ -358,13 +358,20 @@ func (i *Initializer) prepareL7NetworkPolicyInterfaces() error {
 	returnPort, _ := i.ifaceStore.GetInterfaceByName(config.L7NetworkPolicyReturnPortName)
 	i.l7NetworkPolicyConfig.TargetOFPort = uint32(targetPort.OFPort)
 	i.l7NetworkPolicyConfig.ReturnOFPort = uint32(returnPort.OFPort)
-	// Set the ports with no-flood to reject ARP flood packets.
+	// Set the ports with no-flood to reject ARP flood packets at every startup.
 	if err := i.ovsCtlClient.SetPortNoFlood(int(targetPort.OFPort)); err != nil {
 		return fmt.Errorf("failed to set port %s with no-flood config: %w", config.L7NetworkPolicyTargetPortName, err)
 	}
 	if err := i.ovsCtlClient.SetPortNoFlood(int(returnPort.OFPort)); err != nil {
 		return fmt.Errorf("failed to set port %s with no-flood config: %w", config.L7NetworkPolicyReturnPortName, err)
 	}
+	// Set MTU of the ports to the calculated MTU value at every startup.
+	if err := i.setInterfaceMTU(config.L7NetworkPolicyTargetPortName, i.networkConfig.InterfaceMTU); err != nil {
+		return err
+	}
+	if err := i.setInterfaceMTU(config.L7NetworkPolicyReturnPortName, i.networkConfig.InterfaceMTU); err != nil {
+		return err
+	}
 
 	return nil
 }