cilium · borkmann · Jun 16, 2023 · Jun 15, 2023 · Jun 13, 2023 · Jun 14, 2023
diff --git a/Documentation/cmdref/cilium-agent.md b/Documentation/cmdref/cilium-agent.md
diff --git a/Documentation/helm-values.rst b/Documentation/helm-values.rst
@@ -47,16 +47,23 @@ IPv6 BIG TCP
 IPv6 BIG TCP allows the network stack to prepare larger GSO (transmit) and GRO
 (receive) packets to reduce the number of times the stack is traversed which
 improves performance and latency. It reduces the CPU load and helps achieve
-higher speeds (i.e. 100Gbit/s and beyond). To pass such packets through the stack
-BIG TCP adds a temporary Hop-By-Hop header after the IPv6 one which is stripped
-before transmitting the packet over the wire. BIG TCP can operate in a DualStack
-setup, IPv4 packets will use the old lower limits (64k) and IPv6 packets will
-use the new larger ones (192k). Note that Cilium assumes the default kernel values
-for GSO and GRO maximum sizes are 64k and adjusts them only when necessary, i.e. if
-BIG TCP is enabled and the current GSO/GRO maximum sizes are less than 192k it
-will try to increase them, respectively when BIG TCP is disabled and the current
-maximum values are more than 64k it will try to decrease them. BIG TCP doesn't
-require network interface MTU changes.
+higher speeds (i.e. 100Gbit/s and beyond).
+
+To pass such packets through the stack BIG TCP adds a temporary Hop-By-Hop header
+after the IPv6 one which is stripped before transmitting the packet over the wire.
+
+BIG TCP can operate in a DualStack setup, IPv4 packets will use the old lower
+limits (64k) if IPv4 BIG TCP is not enabled, and IPv6 packets will use the new
+larger ones (192k). Both IPv4 BIG TCP and IPv6 BIG TCP can be enabled so that
+both use the larger one (192k).
+
+Note that Cilium assumes the default kernel values for GSO and GRO maximum sizes
+are 64k and adjusts them only when necessary, i.e. if BIG TCP is enabled and the
+current GSO/GRO maximum sizes are less than 192k it will try to increase them,
+respectively when BIG TCP is disabled and the current maximum values are more
+than 64k it will try to decrease them.
+
+BIG TCP doesn't require network interface MTU changes.
 
 **Requirements:**
 
@@ -80,7 +87,6 @@ To enable IPv6 BIG TCP:
              --set routingMode=native \\
              --set bpf.masquerade=true \\
              --set ipv6.enabled=true \\
-             --set enableIPv6Masquerade=false \\
              --set enableIPv6BIGTCP=true \\
              --set kubeProxyReplacement=strict
 
@@ -91,6 +97,63 @@ To validate whether your installation is running with IPv6 BIG TCP,
 run ``cilium status`` in any of the Cilium pods and look for the line
 reporting the status for "IPv6 BIG TCP" which should state "enabled".
 
+IPv4 BIG TCP
+============
+
+Similar to IPv6 BIG TCP, IPv4 BIG TCP allows the network stack to prepare larger
+GSO (transmit) and GRO (receive) packets to reduce the number of times the stack
+is traversed which improves performance and latency. It reduces the CPU load and
+helps achieve higher speeds (i.e. 100Gbit/s and beyond).
+
+To pass such packets through the stack BIG TCP sets IPv4 tot_len to 0 and uses
+skb->len as the real IPv4 total length. The proper IPv4 tot_len is set before
+transmitting the packet over the wire.
+
+BIG TCP can operate in a DualStack setup, IPv6 packets will use the old lower
+limits (64k) if IPv6 BIG TCP is not enabled, and IPv4 packets will use the new
+larger ones (192k). Both IPv4 BIG TCP and IPv6 BIG TCP can be enabled so that
+both use the larger one (192k).
+
+Note that Cilium assumes the default kernel values for GSO and GRO maximum sizes
+are 64k and adjusts them only when necessary, i.e. if BIG TCP is enabled and the
+current GSO/GRO maximum sizes are less than 192k it will try to increase them,
+respectively when BIG TCP is disabled and the current maximum values are more
+than 64k it will try to decrease them.
+
+BIG TCP doesn't require network interface MTU changes.
+
+**Requirements:**
+
+* Kernel >= 6.3
+* eBPF Host-Routing
+* eBPF-based kube-proxy replacement
+* eBPF-based masquerading
+* Tunneling and encryption disabled
+* Supported NICs: mlx4, mlx5
+
+To enable IPv4 BIG TCP:
+
+.. tabs::
+
+    .. group-tab:: Helm
+
+       .. parsed-literal::
+
+           helm install cilium |CHART_RELEASE| \\
+             --namespace kube-system \\
+             --set routingMode=native \\
+             --set bpf.masquerade=true \\
+             --set ipv4.enabled=true \\
+             --set enableIPv4BIGTCP=true \\
+             --set kubeProxyReplacement=strict
+
+Note that after toggling the IPv4 BIG TCP option the Kubernetes Pods
+must be restarted for the changes to take effect.
+
+To validate whether your installation is running with IPv4 BIG TCP,
+run ``cilium status`` in any of the Cilium pods and look for the line
+reporting the status for "IPv4 BIG TCP" which should state "enabled".
+
 Bypass iptables Connection Tracking
 ===================================
 

@@ -293,6 +293,7 @@ Socket-level LB bypass in pod netns                    >= 5.7
 L3 devices                                             >= 5.8
 BPF-based host routing                                 >= 5.10
 IPv6 BIG TCP support                                   >= 5.19
+IPv4 BIG TCP support                                   >= 6.3
 ====================================================== ===============================
 
 .. _req_kvstore:

@@ -521,6 +521,7 @@ goroutines
 grafana
 graphviz
 grep
+gve
 hairpinned
 hairpinning
 hardcode
@@ -671,6 +672,7 @@ lbExternalClusterIP
 lbIPAM
 lbMapMax
 leia
+len
 libbpf
 libc
 libceph

@@ -1905,6 +1905,9 @@ definitions:
       ipv6-big-tcp:
         description: Status of IPv6 BIG TCP
         "$ref": "#/definitions/IPV6BigTCP"
+      ipv4-big-tcp:
+        description: Status of IPv4 BIG TCP
+        "$ref": "#/definitions/IPV4BigTCP"
       bandwidth-manager:
         description: Status of bandwidth manager
         "$ref": "#/definitions/BandwidthManager"
@@ -2445,10 +2448,16 @@ definitions:
         additionalProperties:
           type: object
       GSOMaxSize:
-        description: Maximum GSO size on workload facing devices
+        description: Maximum IPv6 GSO size on workload facing devices
         type: integer
       GROMaxSize:
-        description: Maximum GRO size on workload facing devices
+        description: Maximum IPv6 GRO size on workload facing devices
+        type: integer
+      GSOIPv4MaxSize:
+        description: Maximum IPv4 GSO size on workload facing devices
+        type: integer
+      GROIPv4MaxSize:
+        description: Maximum IPv4 GRO size on workload facing devices
         type: integer
   DatapathMode:
     description: Datapath mode
@@ -3037,6 +3046,16 @@ definitions:
       enabled:
         description: Is IPv6 BIG TCP enabled
         type: boolean
+  IPV4BigTCP:
+    description: |-
+      Status of IPv4 BIG TCP
+
+      +k8s:deepcopy-gen=true
+    type: object
+    properties:
+      enabled:
+        description: Is IPv4 BIG TCP enabled
+        type: boolean
   BandwidthManager:
     description: |-
       Status of bandwidth manager