The "automated" MTU is wrongly interpreted and assigned to Calico

Error logs issued every 10s by calico-node on baremetal servers (not seen on capo):

2026-01-28T23:05:05.209243817Z stdout F 2026-01-28 23:05:05.208 [INFO][57] felix/summary.go 100: Summarising 7 dataplane reconciliation loops over 1m37s: avg=79ms longest=226ms (resync-raw-v4)
2026-01-28T23:05:14.668964574Z stdout F 2026-01-28 23:05:14.668 [INFO][57] felix/vxlan_mgr.go 757: VXLAN device MTU needs to be updated device="vxlan.calico" ipVersion=0x4 new=1500 old=1450
2026-01-28T23:05:14.669620676Z stdout F 2026-01-28 23:05:14.669 [WARNING][57] felix/vxlan_mgr.go 759: Failed to set vxlan tunnel device MTU error=invalid argument ipVersion=0x4
2026-01-28T23:05:24.675584756Z stdout F 2026-01-28 23:05:24.674 [INFO][57] felix/vxlan_mgr.go 757: VXLAN device MTU needs to be updated device="vxlan.calico" ipVersion=0x4 new=1500 old=1450
2026-01-28T23:05:24.675664991Z stdout F 2026-01-28 23:05:24.675 [WARNING][57] felix/vxlan_mgr.go 759: Failed to set vxlan tunnel device MTU error=invalid argument ipVersion=0x4
2026-01-28T23:05:34.678607746Z stdout F 2026-01-28 23:05:34.678 [INFO][57] felix/vxlan_mgr.go 757: VXLAN device MTU needs to be updated device="vxlan.calico" ipVersion=0x4 new=1500 old=1450
2026-01-28T23:05:34.678660138Z stdout F 2026-01-28 23:05:34.678 [WARNING][57] felix/vxlan_mgr.go 759: Failed to set vxlan tunnel device MTU error=invalid argument ipVersion=0x4
2026-01-28T23:05:44.681899876Z stdout F 2026-01-28 23:05:44.681 [INFO][57] felix/vxlan_mgr.go 757: VXLAN device MTU needs to be updated device="vxlan.calico" ipVersion=0x4 new=1500 old=1450
2026-01-28T23:05:44.682214676Z stdout F 2026-01-28 23:05:44.681 [WARNING][57] felix/vxlan_mgr.go 759: Failed to set vxlan tunnel device MTU error=invalid argument ipVersion=0x4
2026-01-28T23:05:54.690790359Z stdout F 2026-01-28 23:05:54.690 [INFO][57] felix/vxlan_mgr.go 757: VXLAN device MTU needs to be updated device="vxlan.calico" ipVersion=0x4 new=1500 old=1450
2026-01-28T23:05:54.690816119Z stdout F 2026-01-28 23:05:54.690 [WARNING][57] felix/vxlan_mgr.go 759: Failed to set vxlan tunnel device MTU error=invalid argument ipVersion=0x4
2026-01-28T23:06:04.6943859Z stdout F 2026-01-28 23:06:04.693 [INFO][57] felix/vxlan_mgr.go 757: VXLAN device MTU needs to be updated device="vxlan.calico" ipVersion=0x4 new=1500 old=1450

And indeed the value used by the calico helm release seems to be 1500 :

installation:
        backend: null
        calicoNetwork:
          bgp: Disabled
          ipPools:
          - cidr: 100.72.0.0/16
            encapsulation: VXLAN
            natOutgoing: Enabled
          mtu: 1500 <<<<

But our automatic MTU calculation is supposed to set it to 1450.

Indeed this automatic MTU calculation has been addressed/improved through various MRs in the past :

• !4471 (merged)
• !4253 (merged)
• !3283 (merged)

It appears that there is a missing interpretation of internal values already derived from a previous calculation before determining the final MTU.

Example :

  calico_mtu: |-
    {{- /* Calculate final MTU */ -}}
    {{- $mtu := sub .Values._internal.base_cni_mtu .Values._internal.calico_encapsulation_overhead -}}
    {{- $mtu | include "preserve-type" -}}

  foocalico_mtu: |-
    {{- /* Calculate final MTU */ -}}
    {{- tuple . "_internal.base_cni_mtu" | include "interpret" -}}
    {{- tuple . "_internal.calico_encapsulation_overhead" | include "interpret" -}}
    {{- $mtu := sub .Values._internal.base_cni_mtu .Values._internal.calico_encapsulation_overhead -}}
    {{- $mtu | include "preserve-type" -}}


$helm template . --values ... | grep calico_mtu
      calico_mtu: 1500
      foocalico_mtu: 1450