Golang Package Compatibility Guarantees API Reference Hubble internals Hubble Architecture Hubble server Hubble Relay Reference Command Cheatsheet Command utilities: Command examples: Kubernetes examples: infrastructure as the only requirement is IP connectivity between hosts which is typically already given. Native Routing: Use of the regular routing table of the Linux host. The network is required to be capable requires some awareness of the underlying networking infrastructure. This mode works well with: Native IPv6 networks In conjunction with cloud network routers If you are already running routing daemons

Golang Package Compatibility Guarantees API Reference Hubble internals Hubble Architecture Hubble server Hubble Relay Reference Command Cheatsheet Command utilities: Command examples: Kubernetes examples: infrastructure as the only requirement is IP connectivity between hosts which is typically already given. Native Routing: Use of the regular routing table of the Linux host. The network is required to be capable requires some awareness of the underlying networking infrastructure. This mode works well with: Native IPv6 networks In conjunction with cloud network routers If you are already running routing daemons

infrastructure as the only requirement is IP connectivity between hosts which is typically already given. Native Routing: Use of the regular routing table of the Linux host. The network is required to be capable requires some awareness of the underlying networking infrastructure. This mode works well with: Native IPv6 networks In conjunction with cloud network routers If you are already running routing daemons optimized for maximum performance, can be attached to XDP (eXpress Data Path), and supports direct server return (DSR) as well as Maglev consistent hashing if the load balancing operation is not performed

infrastructure as the only requirement is IP connectivity between hosts which is typically already given. Native Routing: Use of the regular routing table of the Linux host. The network is required to be capable requires some awareness of the underlying networking infrastructure. This mode works well with: Native IPv6 networks In conjunction with cloud network routers If you are already running routing daemons optimized for maximum performance, can be attached to XDP (eXpress Data Path), and supports direct server return (DSR) as well as Maglev consistent hashing if the load balancing operation is not performed

infrastructure as the only requirement is IP connectivity between hosts which is typically already given. Native Routing: Use of the regular routing table of the Linux host. The network is required to be capable requires some awareness of the underlying networking infrastructure. This mode works well with: Native IPv6 networks In conjunction with cloud network routers If you are already running routing daemons implemented using BPF using efficient hashtables allowing for almost unlimited scale and supports direct server return (DSR) if the loadbalancing operation is not performed on the source host. Note: load balancing

infrastructure as the only requirement is IP connectivity between hosts which is typically already given. Native Routing: Use of the regular routing table of the Linux host. The network is required to be capable requires some awareness of the underlying networking infrastructure. This mode works well with: Native IPv6 networks In conjunction with cloud network routers If you are already running routing daemons implemented using BPF using efficient hashtables allowing for almost unlimited scale and supports direct server return (DSR) if the loadbalancing operation is not performed on the source host. Note: load balancing

implemented using BPF using efficient hashtables allowing for almost unlimited scale and supports direct server return (DSR) if the loadbalancing opera�on is not performed on the source host. Note: load balancing approximately 5GB of RAM and supports hypervisors like VirtualBox that run on Linux, macOS, and Windows. Install kubectl & minikube Install kubectl version >= v1.10.0 as described in the Kubernetes have kubectl installed then you can simply point it at the microk8s version of the kubernetes API server: export KUBECONFIG=/snap/microk8s/current/client.config Install etcd Install etcd as a StatefulSet

networking stack. This enhances network performance and flexibility making it ready for the cloud-native world. Projects using eBPF for networking include Cilium and Katran, for example. System calls formed the Hive Alliance. After years of proven production experience, eBPF has been adopted for Windows and other privileged execution contexts. The eBPF Foundation now brings together a cross-platform (the giraffe), and Tai (the elephant) are copy- right The Linux Foundation, on behalf of the Cloud Native Computing Foundation. They are licensed under Creative Commons Attribution 4.0 International (CC-BY-4

NAT DSR 加速南北向 nodePort 访问 传统的 nodePort 转发，伴随着 SNAT的发生。而 Cilium 为 nodePort 提供了 native 和 IPIP 等方式的 DSR （direct server return）实现，有效减 少了网络转发的跳数，极大提升了 nodePort的转发性能，降低访问延时。 相关测试表明： • kube proxy iptables模式下，请求完 redirect_peer redirect_neigh step1 client -> node1 : nodePort step3 client -> pod2 : targetPort native DSR DNAT and No SNAT step4 pod2:targetPort -> client step6 node2 : nodePort -> client client ipv4 tunnel case: soure identity->vxlan VNI field tc eBPF look up identiy by source ip for ipv4 native-routing case tc eBPF insert source identity to skb->mark worker node2 implement policy selecting

twagent story Andrey Ignatov, Facebook October 28, 2020 1 ● a daemon ● runs on every Facebook server ● manages all Facebook containers ● a part of the bigger TW system, see the TW paper in OSDI'20 cgroup-bpf 3 Task IP assignment (aka IP-per-task) ● Facebook DC network is IPv6 only ● Every server has /64 IPv6 prefix ● Convenient to have a unique IPv6 per twagent task (e.g. for QoS tagging) ● sendmsg(2): bpf_bind(task_ip) Handle TCP client A connecting to TCP server B in same task by [::1]: ● listen(2): track server port by tracking BPF_TCP_LISTEN and BPF_TCP_CLOSE ● connect(2) to [::1]: