Created on 07-30-2024 09:41 PM Edited on 07-31-2024 03:12 AM By Jean-Philippe_P
Description | This article describes how to configure or troubleshoot GENEVE encapsulation using the UTM profile. |
Scope | FortiGate, VMWare, GENEVE, NSX-T. |
Solution |
A FortiGate (FGT) can be deployed over NSX-T technology or other virtualization technology, and defining GENEVE ports for certain overlay networking use cases is needed.
GENEVE (Generic Network Virtualization Encapsulation) is a network encapsulation protocol designed to provide flexibility and extensibility for network virtualization. It is compatible with existing network infrastructure and the idea behind it is to unify the efforts made by other initiatives like VXLAN and NVGRE, with the intent to eliminate the wild growth of encapsulation protocols. RFC 8926: Geneve: Generic Network Virtualization Encapsulation (rfc-editor.org)
The GENEVE encapsulation adds overhead to each packet impacting overall throughput. It is important to ensure that the MTU is set to at least 1600 bytes to maintain efficient packet processing. Using lower values may lead to a performance degradation in the throughput so in case this happens it is important to verify the MTU.
Below is a simple configuration example for setting up GENEVE on a FortiGate VM deployed in NSX-T, to avoid performance degradation the MTU value is set to 1700 as suggested by VMware: Guidance to Set Maximum Transmission Unit (vmware.com).
config system interface |