diff --git a/salt/_pillar/metalk8s.py b/salt/_pillar/metalk8s.py
index 96436cca8a..3d2203a807 100644
--- a/salt/_pillar/metalk8s.py
+++ b/salt/_pillar/metalk8s.py
@@ -15,6 +15,7 @@
 
 DEFAULT_POD_NETWORK = '10.233.0.0/16'
 DEFAULT_SERVICE_NETWORK = '10.96.0.0/12'
+DEFAULT_MTU = 1460
 
 
 def _load_config(path):
@@ -101,6 +102,9 @@ def _load_networks(config_data):
     if errors:
         return __utils__['pillar_utils.errors_to_dict'](errors)
 
+    if 'mtu' not in networks_data['workloadPlane']:
+        networks_data['workloadPlane']['mtu'] = DEFAULT_MTU
+
     return {
         'control_plane': networks_data['controlPlane'],
         'workload_plane': networks_data['workloadPlane'],
diff --git a/salt/metalk8s/kubernetes/cni/calico/configured.sls b/salt/metalk8s/kubernetes/cni/calico/configured.sls
index 725f6c985d..150ccda1d3 100644
--- a/salt/metalk8s/kubernetes/cni/calico/configured.sls
+++ b/salt/metalk8s/kubernetes/cni/calico/configured.sls
@@ -1,8 +1,16 @@
 {%- from "metalk8s/map.jinja" import kube_api with context %}
 {%- from "metalk8s/map.jinja" import kubernetes with context %}
+{%- from "metalk8s/map.jinja" import networks with context %}
 
 {%- set kubernetes_service_ip = salt.metalk8s_network.get_kubernetes_service_ip() %}
 
+{#- Check that workload MTU configured is smaller than the local workload interface one #}
+{%- set workload_local_mtu = salt.metalk8s_network.get_mtu_from_ip(grains.metalk8s.workload_plane_ip) %}
+{%- if networks.workload_plane.mtu > workload_local_mtu %}
+  {{ raise('Trying to configure CNI with ' ~ networks.workload_plane.mtu
+           ~ ' MTU but local workload interface MTU is smaller: ' ~ workload_local_mtu) }}
+{%- endif %}
+
 include:
   - metalk8s.internal.m2crypto
 
@@ -36,7 +44,8 @@ Create CNI calico configuration file:
             log_level: "info"
             datastore_type: "kubernetes"
             nodename: {{ grains.id }}
-            mtu: 1440
+            # NOTE: MTU for calico = workload MTU - 20 (for IPinIP header)
+            mtu: {{ networks.workload_plane.mtu - 20 }}
             ipam:
               type: "calico-ipam"
             policy:
diff --git a/salt/metalk8s/kubernetes/cni/calico/deployed.sls b/salt/metalk8s/kubernetes/cni/calico/deployed.sls
index 73e2d1235d..50a5aa4b0d 100644
--- a/salt/metalk8s/kubernetes/cni/calico/deployed.sls
+++ b/salt/metalk8s/kubernetes/cni/calico/deployed.sls
@@ -23,7 +23,8 @@ data:
   calico_backend: "bird"
 
   # Configure the MTU to use
-  veth_mtu: "1440"
+  # NOTE: MTU for calico = workload MTU - 20 (for IPinIP header)
+  veth_mtu: "{{ networks.workload_plane.mtu - 20 }}"
 
   # The CNI network configuration to install on each node.  The special
   # values in this config will be automatically populated.