Description
I am setting up an SNMP trap service using NodePort to receive SNMP traps from network devices. However, many of the trap packets sent by these network devices are larger than 1500 bytes and have the DF (Don’t Fragment) flag set, meaning they cannot be fragmented. Unfortunately, the configuration on these network devices cannot be changed.
In our Kubernetes cluster, the MTU (Maximum Transmission Unit) for the node hosts is set to 1500. The NodePort is able to receive UDP packets larger than 1500 bytes with the DF flag, but it doesn’t automatically forward them to the service port. It seems like the packets are being filtered out somewhere in the process.
Question
Where could these packets be getting filtered, and how can this issue be resolved to ensure that the SNMP trap packets are properly forwarded to the service?
Expected behavior
NodePort should correctly forward UDP packets larger than 1500 bytes with the DF flag to the SNMP trap service.
Any advice or suggestions on how to resolve this issue would be greatly appreciated.
Cluster information:
Kubernetes version: v1.22.1
Cloud being used: bare-metal
Installation method: kubeadm
Host OS: Ubuntu 20.04
CNI and version: Calico v3.19
CRI and version: containerd v1.4.9