后，动态加载到内核指定的 hook 点上，以 VM 方式安全运行，其能过通过 map 存储结 构存储数据，能通过 map 同用户态程序交互， 最终实现内核数据进行修改，或者影响内核处 理请求的结果，或者改变内核处理请求的流程。 极大提升了内核处理事件的效率。 截止 linux 5.14 版本，eBPF 有32种类型程序。而 cilium 主要使用了如下类型程序： • sched_cls 。cilium在内核 return）实现，有效减 少了网络转发的跳数，极大提升了 nodePort的转发性能，降低访问延时。 相关测试表明： • kube proxy iptables模式下，请求完 成时间 1.6ms ，connect 时间 0.9 ms • Cilium DSR模式下，请求完成时间 1ms，connect时间0.4ms node2 pod2 process kernel network stack

pod name and service labels $ kubectl exec -ti cilium-88k78 -n kube-system -- cilium policy trace --sr level=info msg="Waiting for k8s api-server to be ready..." subsys=k8s level=info msg="Connected to using Cilium security ids $ kubectl exec -ti cilium-88k78 -n kube-system -- cilium policy trace --sr ---------------------------------------------------------------- Tracing From: [k8s:class=xwing, k8s:io

also support native XDP on a recent kernel. For cloud based deployments most of these drivers have SR-IOV variants that support native XDP as well. For on-prem deployments the Cilium XDP acceleration can

also support native XDP on a recent kernel. For cloud based deployments most of these drivers have SR-IOV variants that support native XDP as well. For on-prem deployments the Cilium XDP acceleration can

also support native XDP on a recent kernel. For cloud based deployments most of these drivers have SR-IOV variants that support native XDP as well. For on-prem deployments the Cilium XDP acceleration can

also support native XDP on a recent kernel. For cloud based deployments most of these drivers have SR-IOV variants that support native XDP as well. For on-prem deployments the Cilium XDP acceleration can