iSulad+shimv2+StratoVirt secure container solution reduces the memory overhead and boot time by 40%. • Dual-plane deployment tool eggo: OSs can be installed with one click for ARM and x86 hybrid clusters, while instructions which are not the intended target of a branch. BTIs and PACs combine to reduce control flow attacks. Optimized huge page memory management: The tail pages among HugeTLB pages are Description openEuler 21.09 inherits the following features from its earlier version: • Process-level control: The etMem configuration file can be used to expand the memory. Compared with the native LRU- based

Technology Communication 10,000 + mainstream applications on cloud native, big data CND, MEC, industrial control,etc. Integrated ecosystems and extensive compatibility through distributed kits Arm, x86, RISC-V seamless offload function and a cross-host and -DPU collaboration framework. This allows management-plane processes to be split and offloaded to the DPU without requiring reconstruction. Once offloaded accelerating I/O on the data plane, DPUs/IPUs are also supporting the offloading of management- and control- plane components. This means that all management and control components of the data center

集群部署管理项目的研发成果，可提供高效稳定的集群部署能力。其支持单集群 多架构、在线和离线部署模式等多种部署模式，可结合 GitOps 管理能力，感知集群配置变化，驱动集群 OS 统一高效部署。 功能描述 1. 集群配置版本化管理：配置统一 Git repo 版本化管理，使用仓库汇总和跟踪集群的配置信息。 2. 配置感知：GitOps 会感知 git 配置库中集群配置信息的变化，向部署引擎发起集群相应的操作请求。 3. 应用 针对 Web 应用中 HTTPS 访问中的 RSA 加密通讯，提供 RSA 算法硬件加速功能，为客户提供高性能，安全的数字化解 决方案。 DPDK 增强 DPDK 全称为 Data Plane Development Kit，是 Intel 提供的一套用户态库，为用户在多个平台提供一套高速处理数据 报文的编程接口，为通信领域，云数据中心等网络或存储应用场景提供高性能加速。 上图绿框部分为

集群部署管理项目，提供高效稳定的集群部署集群的能力。支持单集群多架构、 支持在线和离线部署模式多种部署模式，结合 GitOps 管理能力、感知集群配置变化，驱动集群 OS 统一高效部署。 功能描述 1. 集群配置版本化管理：配置统一 Git repo 版本化管理，使用仓库汇总和跟踪集群的配置信息 ; 2. 配置感知：GitOps 会感知 git 配置库中集群配置信息的变化，给部署引擎发起集群相应的操作请求； 3. Device Driver 版本功能如下： 1. 提供统一的跨边云的协同框架（KubeEdge+），实现边云之间的应用管理与部署，跨边云的通信，以及跨边云 的南向外设管理等基础能力。配置感知：GitOps 会感知 git 配置库中集群配置信息的变化，给部署引擎发起集群 相应的操作请求。 未来还将提供： 1. 边云服务协同：边侧部署 EdgeMesh Agent，云侧部署 EdgeMesh

Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF XDP Newbies BPF Newsletter Podcasts Blog kernel technology called BPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can have resolved a particular DNS name? Why Cilium & Hubble? BPF is enabling visibility into and control over systems and applications at a granularity and efficiency that was not possible before. It does

Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF XDP Newbies BPF Newsletter Podcasts Blog technology called eBPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can have resolved a particular DNS name? Why Cilium & Hubble? eBPF is enabling visibility into and control over systems and applications at a granularity and efficiency that was not possible before. It does

● cilium-agent running on control plane to enable control/data plane connectivity ● Cilium state-keeping in shared cluster etcd Cilium in the DOKS Architecture Data Plane Node #1 cilium-agent Node Node #1 cilium-agent cilium-operator Node #1 cilium-agent cilium-operator Control Plane kube-api-server cilium-agent kube-controller- manager scheduler ….. etcd VPC digitalocean.com How’s

Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF XDP Newbies BPF Newsletter Podcasts Blog technology called eBPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can have resolved a particular DNS name? Why Cilium & Hubble? eBPF is enabling visibility into and control over systems and applications at a granularity and efficiency that was not possible before. It does

Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF XDP Newbies BPF Newsletter Podcasts Blog technology called eBPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can have resolved a particular DNS name? Why Cilium & Hubble? eBPF is enabling visibility into and control over systems and applications at a granularity and efficiency that was not possible before. It does

Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF XDP Newbies BPF Newsletter Podcasts Blog kernel technology called BPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can approaches to struggle to scale side by side with the application as load balancing tables and access control lists carrying hundreds of thousands of rules that need to be updated with a continuously growing