当前位置: 首页>后端>正文

Cilium系列-13-启用XDP加速及Cilium性能调优总结

后端2024-05-04 17:04:19

绯诲垪鏂囩珷

  • Cilium 绯诲垪鏂囩珷

鍓嶈█

灏?Kubernetes 鐨?CNI 浠庡叾浠栫粍浠跺垏鎹负 Cilium, 宸茬粡鍙互鏈夋晥鍦版彁鍗囩綉缁滅殑鎬ц兘. 浣嗘槸閫氳繃瀵?Cilium 涓嶅悓妯″紡鐨勫垏鎹?鍔熻兘鐨勫惎鐢? 鍙互杩涗竴姝ユ彁鍗?Cilium 鐨勭綉缁滄€ц兘. 鍏蜂綋璋冧紭椤瑰寘鎷笉闄愪簬:

  • 鍚敤鏈湴璺敱(Native Routing)
  • 瀹屽叏鏇挎崲 KubeProxy
  • IP 鍦板潃浼(Masquerading)鍒囨崲涓哄熀浜?eBPF 鐨勬ā寮?/li>
  • Kubernetes NodePort 瀹炵幇鍦?DSR(Direct Server Return) 妯″紡涓嬭繍琛?/li>
  • 缁曡繃 iptables 杩炴帴璺熻釜(Bypass iptables Connection Tracking)
  • 涓绘満璺敱(Host Routing)鍒囨崲涓哄熀浜?BPF 鐨勬ā寮?(闇€瑕?Linux Kernel >= 5.10)
  • 鍚敤 IPv6 BIG TCP (闇€瑕?Linux Kernel >= 5.19)
  • 绂佺敤 Hubble(浣嗘槸涓嶅缓璁? 鍙瀵熸€ф瘮涓€鐐圭偣鐨勬€ц兘鎻愬崌鏇撮噸瑕?
  • 淇敼 MTU 涓哄法鍨嬪抚(jumbo frames) (闇€瑕佺綉缁滄潯浠跺厑璁?
  • 鍚敤甯﹀绠$悊鍣?Bandwidth Manager) (闇€瑕?Kernel >= 5.1)
  • 鍚敤 Pod 鐨?BBR 鎷ュ鎺у埗 (闇€瑕?Kernel >= 5.18)
  • 鍚敤 XDP 鍔犻€?(闇€瑕?鏀寔鏈湴 XDP 椹卞姩绋嬪簭)
  • (楂樼骇鐢ㄦ埛鍙€?璋冩暣 eBPF Map Size
  • Linux Kernel 浼樺寲鍜屽崌绾?
    • CONFIG_PREEMPT_NONE=y
  • 鍏朵粬:
    • tuned network-* profiles, 濡? tuned-adm profile network-latency 鎴?network-throughput
    • CPU 璋冧负鎬ц兘妯″紡
    • 鍋滄 irqbalance锛屽皢缃戝崱涓柇寮曡剼鎸囧悜鐗瑰畾 CPU

鍦ㄧ綉缁?缃戝崱璁惧/OS绛夋潯浠舵弧瓒崇殑鎯呭喌涓? 鎴戜滑灏藉彲鑳藉鍦板惎鐢ㄨ繖浜涜皟浼橀€夐」, 鐩稿叧浼樺寲椤逛細鍦ㄥ悗缁枃绔犻€愪竴鏇存柊. 鏁鏈熷緟.

浠婂ぉ鎴戜滑鏉ヨ皟浼?Cilium, 鍚敤 XDP 鍔犻€? 浠ヤ究鑳藉鐩存帴浠?strong>缃戠粶椹卞姩灞?/strong>澶勭悊 NodePort 绛夊叆绔欒姹傦紝杩欐湁鍔╀簬鍑忓皯寤惰繜鍜屾墿灞曟湇鍔°€傚彟澶栧苟瀵?Cilium 鎬ц兘璋冧紭鍋氶樁娈垫€荤粨.

XDP 鍔犻€?/h2>

Cilium 鍐呯疆浜嗗 NodePort銆丩oadBalancer 鏈嶅姟鍜屽叿鏈夊閮?IP 鐨勬湇鍔$殑鍔犻€熸敮鎸侊紝浠ヤ究鍦ㄥ悗绔綅浜庤繙绋嬭妭鐐规椂锛屽皢鍒拌揪鐨勮姹備粠璇ヨ妭鐐圭洿鎺ユ帹鍥炪€傝鍔熻兘鍦?Cilium 1.8 鐗堢殑 XDP锛坋Xpress Data Path锛夊眰涓紩鍏ワ紝eBPF 鐩存帴鍦ㄧ綉缁滈┍鍔ㄧ▼搴忎腑杩愯锛岃€屼笉鏄湪鏇撮珮灞備腑杩愯銆?/p>

鍦ㄨ繖绉嶆儏鍐典笅锛岀綉缁滄暟鎹寘涓嶉渶瑕佷竴鐩存帹閫佸埌涓婂眰缃戠粶鍫嗘爤锛岃€屾槸鍦?XDP 鐨勫府鍔╀笅锛孋ilium 鑳藉鐩存帴浠?strong>缃戠粶椹卞姩灞?/strong>澶勭悊杩欎簺璇锋眰銆傞壌浜庡崟涓妭鐐圭殑杞彂鑳藉姏澶у箙鎻愰珮锛岃繖鏈夊姪浜庡噺灏戝欢杩熷拰鎵╁睍鏈嶅姟銆備粠 Cilium 1.8 鐗堝紑濮嬶紝XDP 灞傜殑 kube-proxy 灏嗚鏇挎崲銆?/p>

瑕佹眰

  • Kernel >= 4.19.57, >= 5.1.16, >= 5.2
  • 鏀寔鍘熺敓鐨?XDP 椹卞姩绋嬪簭锛屽叿浣撹鏌ョ湅 Cilium 鐨勯┍鍔ㄧ▼搴忓垪琛?
  • Direct-routing 閰嶇疆
  • 鍩轰簬 eBPF 鐨?kube-proxy 鏇挎崲

瑕佸惎鐢?XDP 鍔犻€燂紝璇锋煡鐪?Cilium 鐨勫叆闂ㄦ寚鍗楋紝鍏朵腑杩樺寘鍚湪鍏叡浜戞彁渚涘晢涓婅繘琛岃缃殑璇存槑銆?/p>

璇ユā寮忚缃?loadBalancer.acceleration 鍏佽閫氳繃 native 閫夐」鍚敤鍔犻€熴€傜鐢ㄩ€夐」鏄粯璁ら€夐」锛岀敤浜庣鐢ㄥ姞閫熴€?strong>澶у鏁版敮鎸?10G 鎴栨洿楂橀€熺巼鐨勯┍鍔ㄧ▼搴忓湪鏈€鏂板唴鏍镐笂涔熸敮鎸?native XDP銆傚浜庡熀浜庝簯鐨勯儴缃诧紝杩欎簺椹卞姩绋嬪簭涓殑澶у鏁伴兘鏈夋敮鎸佹湰鍦?XDP 鐨?SR-IOV 鍙樹綋銆傚浜庡唴閮ㄩ儴缃诧紝Cilium XDP 鍔犻€熷彲涓?Kubernetes 鐨勮礋杞藉钩琛″櫒鏈嶅姟瀹炵幇锛堝 MetalLB锛夌粨鍚堜娇鐢ㄣ€傚姞閫熷姛鑳藉彧鑳藉湪鐢ㄤ簬鐩存帴璺敱鐨勫崟涓澶囦笂鍚敤銆?/p>

璐熻浇骞宠 鍣ㄥ姞閫熻缃敮鎸?DSR銆丼NAT 鍜屾贩鍚堟ā寮?

涓轰簡浜嗚В Cilium 鐨?XDP 鏈嶅姟鍔犻€熷湪鍏ㄥ眬涓殑浣嶇疆锛屼笅鏂囩畝瑕佷粙缁嶄簡 Cilium 1.8 鐨勬湇鍔¤礋杞藉钩琛℃灦鏋?

Cilium系列-13-启用XDP加速及Cilium性能调优总结,第1张
XDP

鍙互鐪嬪嚭锛孋ilium 鍦?eBPF 涓殑 kube-proxy 鏇夸唬鏂规鍦ㄩ珮灞備笂鐢变袱涓富瑕侀儴鍒嗙粍鎴愶細濂楁帴瀛楀眰鐨?eBPF 鍜岄┍鍔ㄥ眰鐨?eBPF銆?/p>

  • 涓滆タ鍚戞祦閲忥紝鍗虫墍鏈?Cilium 绠$悊鑺傜偣涔嬮棿鐨勬湇鍔℃祦閲忥紝浠呭湪鍐呮牳鐨勫鎺ュ瓧灞傚鐞嗭紝鍦ㄦ涔嬪墠涓嶄細涓烘暟鎹寘鍏冩暟鎹垎閰嶅唴瀛樸€傚湪杩欎竴鐐逛笂鎵ц锛屽彲浣?Cilium 娑堥櫎鏈嶅姟杞崲鐨勬瘡鍖呮垚鏈€?/li>
  • 鍗楀寳娴侀噺锛屽嵆浠庡閮ㄦ簮鍒?Cilium 绠$悊鑺傜偣鐨勬墍鏈夊叆绔欐湇鍔℃祦閲忥紝閮藉湪灏藉彲鑳介潬杩戦┍鍔ㄥ眰鐨勫湴鏂硅繘琛屽鐞嗭紝鍦ㄥ崟涓帴鍙d笂杩涜鍏ュ彛鍜屽嚭鍙f搷浣溿€傝繖鏍峰氨鑳介潪甯稿揩閫熷湴澶勭悊杞彂锛岀敋鑷冲彲浠ュ湪鍫嗘爤涓婂眰杩涜浠讳綍鏄傝吹鐨勬搷浣滀箣鍓嶏紝灏嗘祦閲忎涪寮冩垨鍙嶅皠鍥炲叆绔欐帴鍙c€傚鐞嗗崡鍖楁祦閲忕殑鍚庝竴涓粍浠跺垯閫氳繃 XDP 杩涜鍔犻€熴€?/li>

Cilium 鐨勬湇鍔?XDP 鍔犻€熺洰鍓嶆敮鎸佺洿鎺ヨ矾鐢辨ā寮忥紝涓庢垜浠殑 tc eBPF 瀹炵幇鍏变韩鐩稿悓鐨勬牳蹇冧唬鐮併€傚湪 XDP 鏈嶅姟杞崲鍚庯紝鎻愪緵浜嗕笁绉嶅皢娴侀噺閲嶅畾鍚戝埌杩滅▼鍚庣鐨勯€夐」锛欴SR銆丼NAT 鍜?Hybrid銆?/p>

瀹炴柦

helm upgrade cilium cilium/cilium --version 1.13.4 \
    --namespace kube-system \
    --reuse-values \
    --set loadBalancer.acceleration=native

楠岃瘉

瑕侀獙璇佹偍鐨勫畨瑁呮槸鍚︿娇鐢ㄤ簡 XDP 鍔犻€熷姛鑳斤紝璇峰湪浠讳綍涓€涓?Cilium pod 涓繍琛?cilium status锛屽苟鏌ユ壘鎶ュ憡 "XDP Acceleration"鐘舵€佺殑琛岋紝鍏朵腑搴旀樉绀?"Native"銆傚涓嬫墍绀?

$ kubectl -n kube-system exec ds/cilium -- cilium status --verbose | grep XDP
  XDP Acceleration:    Native

璇锋敞鎰忥紝鍦?XDP 灞備负澶勭悊 NodePort 鑰屼粠璁惧鎺ㄥ洖鐨勬暟鎹寘鍦?tcpdump 涓槸鐪嬩笉鍒扮殑锛屽洜涓烘暟鎹寘鎶藉ご鏄湪缃戠粶鍫嗘爤鐨勮緝鍚庨樁娈靛嚭鐜扮殑銆傚彲浠ヤ娇鐢?Cilium 鐨勭洃鎺у懡浠ゆ垨 metric counters 鏉ヨ幏寰楀彲瑙佹€с€?/p>

鎬ц兘鎻愬崌

Cilium 杩涜浜嗗垵姝ョ殑鍩哄噯娴嬭瘯锛屽皢鍗曚釜鏈嶅姟閮ㄧ讲鍒颁竴涓垰鍒氶儴缃蹭簡 kubeadm 鐨勮妭鐐逛笂锛岃鑺傜偣鐨勫唴鏍镐负 5.7锛屼娇鐢ㄥ熀浜?iptables 鍜?ipvs 鐨?kube-proxy 杩愯浠ヨ幏寰楀熀绾匡紝鐒跺悗灏?Cilium 鐨?kube-proxy 鏇挎崲浠?tc 鍜?XDP 绔彃鍏?eBPF锛屽苟灏嗗叾缃簬 eBPF 鐨勬鍓嶆柟锛?/p>

Cilium系列-13-启用XDP加速及Cilium性能调优总结,第2张
XDP Benchmark Graph

鍒濇缁撴灉鏄剧ず锛孋ilium 鐨?kube-proxy 鏇夸唬鍝佺殑 XDP 鍔犻€熻兘鍔涘ぇ骞呮彁鍗囷紝鑳藉鏈€澶ч檺搴﹀湴鍒╃敤鏁版嵁鍖呯敓鎴愬櫒锛屽皢鎵€鏈?1000 涓囦釜浼犲叆璇锋眰鎺ㄩ€佸埌杩滅▼鏈嶅姟鍚庣锛岃€屼娇鐢?kube-proxy 鏃讹紝琚祴鑺傜偣姣忕鍙兘涓哄悓涓€鏈嶅姟杞彂绾?210 涓囦釜璇锋眰锛屽叾浣欒姹傚垯浼氳涓㈠純銆傚湪 ipvs 涓篃瑙傚療鍒颁簡绫讳技鐨勬儏鍐碉紝灏界涓?iptables 鐩告瘮锛宨pvs 瀵瑰ぇ閲忔湇鍔$殑 "棣栧寘 "鍙墿灞曟€ф洿濂斤紝浣嗘瘡鍖呮垚鏈技涔庣暐楂樸€傚皢 kube-proxy 鏇挎崲涓?Cilium 鐨?tc eBPF 瀹炵幇锛屼笉浠呰В鍐充簡 "绗竴鏁版嵁鍖?鍙墿灞曟€ч棶棰橈紝杩樻彁楂樹簡鎬ц兘锛岃繖涓€鐐逛粠璇ヨ妭鐐规瘡绉掔害 360 涓囨璇锋眰涓彲浠ョ湅鍑猴紝涓嶈繃杩欎粛鐒舵棤娉曚笌 Cilium 鍦?XDP 灞傝繘琛屽姞閫熸椂鑾峰緱鐨勬樉钁楀鐩婄浉姣旓細

Cilium系列-13-启用XDP加速及Cilium性能调优总结,第3张
XDP Benchmark

姣旇緝 kube-proxy 鍜?Cilium 鐨?XDP 瀹炵幇鍦ㄦ瘡绉?1000 涓囨璇锋眰涓嬬殑鐏劙鍥撅紝杩樻樉绀轰簡鍦ㄩ┍鍔ㄧ▼搴忕殑杞渚嬬▼涓姞閫熸湇鍔″鐞嗙殑鎹峰緞銆傛澶栵紝涓庡湪 tc 涓嬭繍琛?eBPF 鐨?Cilium 浠ュ強鍦?iptables 鍜?ipvs 妯″紡涓嬬殑 kube-proxy 鐩告瘮锛屽湪 softirq 鐜涓嬶紝XDP 鍔犻€熻浆鍙戞墍闇€鐨勫鐞嗗紑閿€瑕佸皯寰楀銆備笅闈㈢殑娴嬭瘯鍦ㄥ師鏈┖闂茬殑绯荤粺涓婅繍琛岋紝鑺傜偣鐨?CPU 浠呯敤浜庡鐞?softirq銆傚浘涓樉绀轰簡鍙敤鐨勫墿浣?CPU 瀹归噺銆備粠鍥句腑鍙互鐪嬪嚭锛屽嵆浣垮湪鐗瑰畾鑺傜偣姣忕绾?100 涓囦釜璇锋眰鐨勪綆閫熺巼涓嬶紝CPU 涔熷彧灏嗙害 13% 鐨勬椂闂寸敤浜庡鐞?XDP 鐨?softirq 涓婁笅鏂囷紝鍥犳杩樻湁 87% 鐨勫墿浣欏閲忓彲鐢ㄤ簬鍏朵粬鏂归潰锛岃€屽湪 kube-proxy 鎯呭喌涓嬶紝CPU 鑷冲皯灏?60% 鐨勬椂闂寸敤浜庢湇鍔?softirq 涓婁笅鏂囷紝鏈€澶氬彧鏈?40% 鐨勫墿浣欏彲鐢ㄥ閲忋€傚湪姣忕绾?200 涓囨垨 400 涓囦釜璇锋眰鐨勬儏鍐典笅锛宬ube-proxy 鐨勬儏鍐典細鍙樺緱鏇寸碂锛屽彧鏈?1-2% 鐨勭┖闂蹭唤棰濓紝鑰?CPU 瑕佽姳 98% 鐨勬椂闂村湪 softirq 涓婁笅鏂囦腑澶勭悊鏁版嵁鍖咃細

Cilium系列-13-启用XDP加速及Cilium性能调优总结,第4张
XDP CPU

绠€鑰岃█涔嬶紝鍒╃敤 Cilium 鍔犻€?XDP 涓嬬殑 Kubernetes 鏈嶅姟澶勭悊锛?strong>鍙ぇ骞呮彁楂樺悜杩滅▼鍚庣鎺ㄩ€佹暟鎹寘鐨勬€ц兘锛屽悓鏃舵樉钁楅檷浣?CPU 寮€閿€銆傚湪榛樿澶栭儴娴侀噺绛栫暐锛?code>externalTrafficPolicy: Cluster锛変笅锛岃繖涔?strong>鎻愰珮浜嗛泦缇ょ殑鏁翠綋瀹归噺銆傝繖鎰忓懗鐫€锛屽皢鏈嶅姟鎵╁睍鍒版洿澶氬悗绔彧鑳借揪鍒板崟涓妭鐐瑰悜杩欎簺鍚庣杞彂鑳藉姏鐨勪笂闄愩€備笉杩囷紝鍗充娇 Kubernetes 閮ㄧ讲涓嶉渶瑕佸鐞嗛偅涔堝鏁版嵁鍖咃紝杩欎簺 CPU 鍛ㄦ湡涔熷彲浠ラ噴鏀惧嚭鏉ワ紝鐢ㄤ簬瀹為檯鐨勭敤鎴峰伐浣滆礋杞姐€?/p>

灏忕粨

鏈枃缁х画璋冧紭 Cilium, 鍚敤 XDP 鍔犻€? 浠ヤ究鑳藉鐩存帴浠庣綉缁滈┍鍔ㄥ眰澶勭悊 NodePort 绛夊叆绔欒姹? 鍏蜂綋鏀剁泭涓?

  • 澶у箙鎻愰珮鍚戣繙绋嬪悗绔帹閫佹暟鎹寘鐨勬€ц兘
  • 鏄捐憲闄嶄綆 CPU 寮€閿€
  • 鎻愰珮闆嗙兢鐨勬暣浣撳閲?/li>

鑷虫锛屾€ц兘璋冧紭宸插畬鎴愬疄鎴橀獙璇侊細

  • 鉁旓笍 鍚敤鏈湴璺敱 (Native Routing)
  • 鉁旓笍 瀹屽叏鏇挎崲 KubeProxy
  • 鉁旓笍 IP 鍦板潃浼 (Masquerading) 鍒囨崲涓哄熀浜?eBPF 鐨勬ā寮?/li>
  • 鉁旓笍 Kubernetes NodePort 瀹炵幇鍦?DSR(Direct Server Return) 妯″紡涓嬭繍琛?/li>
  • 鉁旓笍 缁曡繃 iptables 杩炴帴璺熻釜 (Bypass iptables Connection Tracking)
  • 鉁旓笍 涓绘満璺敱 (Host Routing) 鍒囨崲涓哄熀浜?BPF 鐨勬ā寮?(闇€瑕?Linux Kernel >= 5.10)
  • 鉂?鍚敤 IPv6 BIG TCP (闇€瑕?Linux Kernel >= 5.19, 鏀寔鐨?NICs: mlx4, mlx5)
    • 鐢变簬娌℃湁鏀寔鐨勭綉鍗? 鏃犳硶瀹屾垚楠岃瘉
  • 鉂?淇敼 MTU 涓哄法鍨嬪抚 (jumbo frames) 锛堥渶瑕佺綉缁滄潯浠跺厑璁革級
    • 鐢变簬缃戠粶鏉′欢涓嶅厑璁? 鏃犳硶瀹屾垚楠岃瘉
  • 鉁旓笍 鍚敤甯﹀绠$悊鍣?(Bandwidth Manager) (闇€瑕?Kernel >= 5.1)
  • 鉁旓笍 鍚敤 Pod 鐨?BBR 鎷ュ鎺у埗 (闇€瑕?Kernel >= 5.18)
  • 鉁旓笍 鍚敤 XDP 鍔犻€?锛堥渶瑕?鏀寔鏈湴 XDP 椹卞姩绋嬪簭锛?/li>

Cilium 鎬ц兘璋冧紭鎬荤粨

鑷虫, 鎴戜滑闃舵鎬у湴瀹屾垚浜?Cilium 涓昏鐨勬€ц兘浼樺寲鐐?

Cilium 璋冧紭鍒嗕负浠ヤ笅鍑犱釜澶х淮搴?

  1. Cilium 璋冧紭
  2. 搴曞眰缃戠粶璋冧紭
  3. Linux Kernel 浼樺寲鍜屽崌绾?/li>
  4. 鍏朵粬缁村害璋冧紭

Cilium 璋冧紭

Cilium 璋冧紭鍖呮嫭:

  • 鍚敤鏈湴璺敱(Native Routing)
  • 瀹屽叏鏇挎崲 KubeProxy
  • IP 鍦板潃浼(Masquerading)鍒囨崲涓哄熀浜?eBPF 鐨勬ā寮?/li>
  • Kubernetes NodePort 瀹炵幇鍦?DSR(Direct Server Return) 妯″紡涓嬭繍琛?/li>
  • 缁曡繃 iptables 杩炴帴璺熻釜(Bypass iptables Connection Tracking)
  • 涓绘満璺敱(Host Routing)鍒囨崲涓哄熀浜?BPF 鐨勬ā寮?(闇€瑕?Linux Kernel >= 5.10)
  • 鍚敤 IPv6 BIG TCP (闇€瑕?Linux Kernel >= 5.19)
  • 绂佺敤 Hubble(浣嗘槸涓嶅缓璁? 鍙瀵熸€ф瘮涓€鐐圭偣鐨勬€ц兘鎻愬崌鏇撮噸瑕?
  • 鍚敤甯﹀绠$悊鍣?Bandwidth Manager) (闇€瑕?Kernel >= 5.1)
  • 鍚敤 Pod 鐨?BBR 鎷ュ鎺у埗 (闇€瑕?Kernel >= 5.18)
  • 鍚敤 XDP 鍔犻€?(闇€瑕?鏀寔鏈湴 XDP 椹卞姩绋嬪簭)
  • (楂樼骇鐢ㄦ埛鍙€?璋冩暣 eBPF Map Size

搴曞眰缃戠粶璋冧紭

搴曞眰缃戠粶璋冧紭鍖呮嫭:

  • 淇敼 MTU 涓哄法鍨嬪抚(jumbo frames) (闇€瑕佺綉缁滄潯浠跺厑璁?

Linux Kernel 浼樺寲鍜屽崌绾?/h3>

Linux Kernel 浼樺寲鍜屽崌绾у寘鎷?

  • CONFIG_PREEMPT_NONE=y

鍏朵粬缁村害璋冧紭

鍏朵粬缁村害璋冧紭鍖呮嫭:

  • tuned network-* profiles, 濡? tuned-adm profile network-latency 鎴?network-throughput
  • CPU 璋冧负鎬ц兘妯″紡
  • 鍋滄 irqbalance锛屽皢缃戝崱涓柇寮曡剼鎸囧悜鐗瑰畾 CPU

Cilium "缁堟瀬"浼樺寲閰嶇疆

鏍规嵁涓汉缁忛獙, 鎺ㄨ崘鐨?Cilium "鎬ц兘妯″紡" 閰嶇疆涓?

棣栧厛, Kernel >= 5.10, 杩欐槸鏈€鏂扮殑绋冲畾鐗堢殑鍐呮牳, 鍙互鍚敤瀵硅皟浼橀潪甯搁噸瑕佺殑"鍩轰簬 BPF 鐨勪富鏈鸿矾鐢?鍔熻兘, 鍙互鍚敤 Cilium 鐨勫ぇ閮ㄥ垎鍔熻兘, 濡備笅:

Cilium 鍔熻兘 鏈€灏?Kernel 鐗堟湰
甯﹀绠$悊鍣?/td> >= 5.1
Egress Gateway >= 5.2
VXLAN 闅ч亾绔偣 (VTEP) 闆嗘垚 >= 5.2
WireGuard 閫忔槑鍔犲瘑 >= 5.6
Session Affinity鐨勫畬鏁存敮鎸?/td> >= 5.7
鍩轰簬 BPF 鐨勪唬鐞嗛噸瀹氬悜 >= 5.7
pod netns 涓殑濂楁帴瀛楃骇 LB 鏃佽矾 >= 5.7
L3 璁惧 >= 5.8
鍩轰簬 BPF 鐨勪富鏈鸿矾鐢?/td> >= 5.10
Pod 鐨?BBR 鎷ュ鎺у埗 >=5.18
IPv6 BIG TCP 鏀寔 >= 5.19

涔嬪悗, 鎺ㄨ崘 Cilium 閰嶇疆鍜屽姛鑳藉寘鎷?

  • 绂佺敤闅ч亾, 绂佺敤鍔犲瘑
  • 鍚敤鏈湴璺敱(Native Routing)
  • 瀹屽叏鏇挎崲 KubeProxy
  • IP 鍦板潃浼(Masquerading)鍒囨崲涓哄熀浜?eBPF 鐨勬ā寮?/li>
  • Kubernetes NodePort 瀹炵幇鍦?DSR(Direct Server Return) 妯″紡涓嬭繍琛?/li>
  • 涓绘満璺敱(Host Routing)鍒囨崲涓哄熀浜?BPF 鐨勬ā寮?(闇€瑕?Linux Kernel >= 5.10)
  • 鍚敤甯﹀绠$悊鍣?Bandwidth Manager) (闇€瑕?Kernel >= 5.1)
  • 鍚敤 XDP 鍔犻€?(闇€瑕?鏀寔鏈湴 XDP 椹卞姩绋嬪簭, 浣嗘槸澶ч儴鍒?10G/40G 缃戝崱, 鍖呮嫭铏氭嫙缃戝崱浠ュ強浜戜緵搴斿晢宸茬粡鏀寔浜?)

缁曡繃 iptables 杩炴帴璺熻釜(Bypass iptables Connection Tracking) 灏辨槸鍙€夐」浜? 鍥犱负鍚敤浜?鍩轰簬 BPF 妯″紡鐨勪富鏈鸿矾鐢?鍚? 鏄病鏈夊繀瑕佽缃敼閫夐」鐨?

鍚敤 IPv6 BIG TCP 涓嶅缓璁惎鐢? 涓€鏂归潰鏄鍐呮牳瑕佹眰杈冮珮, 闇€瑕?Linux Kernel >= 5.19; 鍙︿竴鏂归潰鏄?IPv6 鍦?Kubernetes 鐨勪娇鐢ㄨ繕鏈ぇ瑙勬ā鏅強.

涔熶笉寤鸿涓轰簡鎻愬崌鎬ц兘鑰岀鐢?Hubble, 鍥犱负鍙瀵熸€ф瘮涓€鐐圭偣鐨勬€ц兘鎻愬崌鏇撮噸瑕?

涓嶅缓璁惎鐢?Pod 鐨?BBR 鎷ュ鎺у埗, 涔熸槸鍥犱负鍏跺鍐呮牳瑕佹眰杈冮珮, 闇€瑕?Kernel >= 5.18. 鏈夋潯浠剁殑鍙互鎸夐渶鍚敤.

鏈€缁? 瀹夎鐨勫懡浠ゅ涓?

helm install cilium cilium/cilium --version 1.13.4 \
    --namespace kube-system \
    --set operator.replicas=2 \
    --set hubble.relay.enabled=true \
    --set hubble.ui.enabled=true
    --set tunnel=disabled \
    --set kubeProxyReplacement=strict \
    --set bpf.masquerade=true \
    --set loadBalancer.mode=dsr \
    --set bandwidthManager.enabled=true \
    --set loadBalancer.acceleration=native \
    --set k8sServiceHost=${API_SERVER_IP} \
    --set k8sServicePort=${API_SERVER_PORT}

馃惥Warning

  1. 鏈湴璺敱闇€瑕佹坊鍔犳洿澶?helm 鍙傛暟, 璇锋寜鐓ф偍鐨勫疄闄呮儏鍐佃繘琛岄€夋嫨鍜屾坊鍔?
  2. loadBalancer.mode 鏍规嵁鎮ㄧ殑瀹為檯闇€姹? 浠?DSR 鍜?hybrid 涓€夋嫨. (榛樿 SNAT 妯″紡)

馃帀馃帀馃帀

馃摎锔忓弬鑰冩枃妗?/h2>
  • LoadBalancer & NodePort XDP Acceleration - Kubernetes Without kube-proxy 鈥?Cilium 1.13.4 documentation
  • Cilium 1.8: XDP Load Balancing, Cluster-wide Flow Visibility, Host Network Policy, Native GKE & Azure modes, Session Affinity, CRD-mode Scalability, Policy Audit mode, ...
  • Tuning Guide 鈥?Cilium 1.13.4 documentation

涓変汉琛? 蹇呮湁鎴戝笀; 鐭ヨ瘑鍏变韩, 澶╀笅涓哄叕. 鏈枃鐢变笢椋庡井楦f妧鏈崥瀹?EWhisper.cn 缂栧啓.


https://www.xamrdz.com/backend/3h61941825.html

相关文章: