Istio RPS/pod: 5000 64 Istio proxy performance and capacity Adopting Istio Envoy concurrency setting is also very important for performance. ● Default -> 2 ● For minimal performance impact different level of concurrency and resources ● Account for RPS/pod when calculating the capacity and beware of HPA ● Capacity differs greatly depending on both CPU resources and concurrency 65 Abstracting

分为Envoy主线程及worker线程： • 主线程： • 负责初始化Envoy并读取解析配置文件 • 启动gRPC监听器，并启动xDS变化监听 • 启动日志写入线程，每个目标日志文件有独立线程负责输出 • 启动concurrency数目的工作线程 • 启动看门狗线程监控各个工作线程是否定期touch，否则SIGABRT杀掉线程 • 启动admin RESTful监听，处理运行状态输出，prometheus收集等请求 • 定期将工作线程内监控数据stat进行合并 • 定期刷新DNS信息，加速域名解析。 • 目标cluster内主机列表健康状态判断。 • worker线程： • 通过启动配置参数concurrency指定，不支持动态调整。 • 启动virtualoutbound/virtualinbound网络监听，每个工作线程都对此监听端口进行监听。 由内核随机挑选监听线程处理新连接。 • 进行连 pilot-agent /usr/local/bin/pilot-agent • 可以通过自定义deployment内istio注解修改部分启动参数。 • proxy.istio.io/config: “{concurrency: 6}“ #修改工作线程数，sidecar模式默认2 • sidecar.istio.io/proxyImage: “istio/proxyv2new:1.9.0“ #修改默认注入镜像

5G specific tags ● Optimize HTTP/2 stream and connection settings ● Configure sidecar proxy concurrency Tuning Istio to Meet 5G Requirements 13 ©2021 Aspen Mesh. All rights reserved. ● Istio architectural TTLs ● RSA to ECC migration ● Missing www-authenticate header ● Tuning per-workload proxy concurrency ● Consuming Istio generated certificates at gateways Learnings Along the Way 14 ©2021 Aspen

(CPU, memory, etc.) ○ Secondary Goal ■ Fine-tune configuration params - debounce interval, push concurrency, etc. #IstioCon Control-plane Scale Testing: Setup ● Setup ○ Create Gateway Pods & thousands

downstream and upstream need to be trusted ■ Stability (quite a few issues/broken functionalities) ● Concurrency limitations ■ Lack of docs etc. #IstioCon VM High Performance Networking ● VM  Host IO interface