cgroup_sock_addr 。cilium在 cgroup 中实现对service解析 • sock_ops + sk_msg。记录本地应用之间通信的socket，实现本地数据包的加速转发 加速同节点pod间通信 cilium 使用 eBPF 程序，借助 bpf_redirect() 或 bpf_redirect_peer() 等 helper 函数，快速帮助同宿主机间 的流量转发，节省了大量的内核协议栈 stack node 加速跨节点pod间通信 pod在跨节点通 信的场景下， cilium 借助 eBPF redirect 能力，帮 助数据包在主机物 理网卡和pod虚拟 网卡之间快速转发， 能够完全 bypass 内核协议族的处理。 在某测试场景下， 跨节点间的 pod 通 信的 tcp 性能，比 node间应用通信的 tcp 性能还稍高 woker node2 woker woker node1 pod1 process kernel network stack tc ingress kernel network stack netfilter tc egress veth veth eth0 tc ingress tc egress redirect_peer redirect_neigh kernel network

KCM， etcd，api-server, coredns… 系统调用异常：网络请 求，内存申请，文件操 作，CGroup… 内核异常：进程调度， 内存管理，文件管理， 夯机宕机，资源异 常… 应用组件异常：线程池满，数据库连接无法获取， OOM，文件读取错误… 无法自顶向下端到端 串联导致棘手问题频 发。 Kubernetes下的可观测 Golang + eBPF实现数据采 ✅ perf ✅ … eBPF的编程实践 bcc libbpf + bpf + core 编程  bcc 依靠运行时汇编，将整个大型LLVM/Clang 库带入并嵌入其中  编译过程中资源用量大，对Cpu、Mem有要求  依赖内核的头包  bpf 程序跟其他的用户空间的程序没有太大区别  编译成二进制文件，可以适应不同运行环境  libbpf 扮演bpf程序装载机角色 Mysql Redis Kafka hcmine 节点 属性 关系 架构感知，节点和关系以及他们的属性，能够正确地反应当前运行的网络关系，帮助 用户感知架构，通过对比期望架构，发现问题，通常在新应用上线，新地区开服，整 体链路梳理等场景使用。 异常发现 节点 属性 关系 规则 异常发现，通过节点和关系颜色表达，能够快速地发现特点的节点和关系异常，进一步提升问题发 现和定位的效率，

packets emitted by the application containers, allowing to validate the identity at the receiving node. Security identity management is performed using a key-value store. Secure access to and from external means that each host can allocate IPs without any coordination between hosts. The following multi node networking models are supported: Overlay: Encapsulation-based virtual network spanning all hosts EDT-based (Earliest Departure Time) rate-limiting with eBPF for container traffic that is egressing a node. This allows to significantly reduce transmission tail latencies for applications and to avoid locking

packets emitted by the application containers, allowing to validate the identity at the receiving node. Security identity management is performed using a key-value store. Secure access to and from external means that each host can allocate IPs without any coordination between hosts. The following multi node networking models are supported: Overlay: Encapsulation-based virtual network spanning all hosts EDT-based (Earliest Departure Time) rate-limiting with eBPF for container traffic that is egressing a node. This allows to significantly reduce transmission tail latencies for applications and to avoid locking

packets emitted by the application containers, allowing to validate the identity at the receiving node. Security identity management is performed using a key-value store. Secure access to and from external means that each host can allocate IPs without any coordination between hosts. The following multi node networking models are supported: Overlay: Encapsulation-based virtual network spanning all hosts EDT-based (Earliest Departure Time) rate-limiting with eBPF for container traffic that is egressing a node. This allows to significantly reduce transmission tail latencies for applications and to avoid locking

packets emitted by the application containers, allowing to validate the identity at the receiving node. Security identity management is performed using a key-value store. Secure access to and from external means that each host can allocate IPs without any coordination between hosts. The following multi node networking models are supported: Overlay: Encapsulation-based virtual network spanning all hosts io/docs/setup/learning-environment/minikube/] to demonstrate deployment and operation of Cilium in a single-node Kubernetes cluster. The minikube VM requires approximately 5GB of RAM and supports hypervisors like

packets emitted by the application containers, allowing to validate the identity at the receiving node. Security identity management is performed using a key-value store. Secure access to and from external means that each host can allocate IPs without any coordination between hosts. The following multi node networking models are supported: Overlay: Encapsulation-based virtual network spanning all hosts io/docs/getting-started-guides/minikube/] to demonstrate deployment and operation of Cilium in a single-node Kubernetes cluster. The minikube VM requires approximately 5GB of RAM and supports hypervisors like

packets emitted by the application containers, allowing to validate the identity at the receiving node. Security identity management is performed using a key-value store. Secure access to and from external means that each host can allocate IPs without any coordination between hosts. The following multi node networking models are supported: Overlay: Encapsulation-based virtual network spanning all hosts io/docs/getting-started-guides/minikube/] to demonstrate deployment and operation of Cilium in a single-node Kubernetes cluster. The minikube VM requires approximately 5GB of RAM and supports hypervisors like

Troubleshoo�ng Monitoring & Metrics Exported Metrics Cilium as a Kubernetes pod Cilium as a host-agent on a node Troubleshoo�ng Component & Cluster Health Connec�vity Problems Policy Troubleshoo�ng Automa�c Diagnosis network packets emi�ed by the applica�on containers, allowing to validate the iden�ty at the receiving node. Security iden�ty management is performed using a key-value store. Secure access to and from external This means that each host can allocate IPs without any coordina�on between hosts. The following mul� node networking models are supported: Overlay: Encapsula�on based virtual network spawning all hosts.

data deluge on modern storage 2 Compute node CPU Network Storage node Flash The data deluge on modern storage 3 Compute node 3 CPU Network Storage node Flash 16-lane PCIe, 16GB/s 64 SSDs DoS 6 Compute node CPU Network Storage node Flash eBPF and DoS 7 Compute node CPU Network Storage node Flash DoS eBPF and DoS 8 Compute node CPU Network Storage node Flash DoS DoS 9 Compute node CPU Network Storage node Flash DoS in reverse! 10 Compute node CPU Network Storage node Flash Data DoS in reverse! 11 Compute node CPU Network Storage node Flash Data