后，动态加载到内核指定的 hook 点上，以 VM 方式安全运行，其能过通过 map 存储结 构存储数据，能通过 map 同用户态程序交互， 最终实现内核数据进行修改，或者影响内核处 理请求的结果，或者改变内核处理请求的流程。 极大提升了内核处理事件的效率。 截止 linux 5.14 版本，eBPF 有32种类型程序。而 cilium 主要使用了如下类型程序： • sched_cls 。cilium在内核 TC 处实现数据包转发、负载均衡、过滤 cilium 使用 eBPF 程序，借助 bpf_redirect() 或 bpf_redirect_peer() 等 helper 函数，快速帮助同宿主机间 的流量转发，节省了大量的内核协议栈 处理流程 pod 1 process kernel network stack raw PREROUTING mangle PREROUTING nat PREROUTING tc

Verifier List connec�on tracking entries: sudo cilium bpf ct list global Flush connec�on tracking entries: sudo cilium bpf ct flush List proxy configura�on: sudo cilium bpf proxy list Kubernetes examples: SEE ALSO cilium bpf ct Synopsis Op�ons Op�ons inherited from parent commands SEE ALSO cilium bpf ct flush Synopsis Op�ons Op�ons inherited from parent commands SEE ALSO cilium bpf ct list Synopsis Op�ons ALSO cilium bpf nat Synopsis Op�ons Op�ons inherited from parent commands SEE ALSO cilium bpf nat flush Synopsis Op�ons Op�ons inherited from parent commands SEE ALSO cilium bpf nat list Synopsis Op�ons

ansible_user=core -e bootstrap_os=coreos -e kube_network_plugin=cilium -b --become-user=root --flush-cache -e ansible_ssh_private_key_file= Validate Cluster To check Verifier List connection tracking entries: sudo cilium bpf ct list global Flush connection tracking entries: sudo cilium bpf ct flush List proxy configuration: sudo cilium bpf proxy list Kubernetes examples: ALSO cilium bpf ct Synopsis Options Options inherited from parent commands SEE ALSO cilium bpf ct flush Synopsis Options Options inherited from parent commands SEE ALSO cilium bpf ct list Synopsis Options

ansible_user=core -e bootstrap_os=coreos -e kube_network_plugin=cilium -b --become-user=root --flush-cache -e ansible_ssh_private_key_file= Validate Cluster To check Verifier List connection tracking entries: sudo cilium bpf ct list global Flush connection tracking entries: sudo cilium bpf ct flush List proxy configuration: sudo cilium bpf proxy list Kubernetes examples: ALSO cilium bpf ct Synopsis Options Options inherited from parent commands SEE ALSO cilium bpf ct flush Synopsis Options Options inherited from parent commands SEE ALSO cilium bpf ct list Synopsis Options

ansible_user=core -e bootstrap_os=coreos -e kube_network_plugin=cilium -b --become-user=root --flush-cache -e ansible_ssh_private_key_file= Validate Cluster To check Verifier List connection tracking entries: sudo cilium bpf ct list global Flush connection tracking entries: sudo cilium bpf ct flush List proxy configuration: sudo cilium bpf proxy list Kubernetes examples: ALSO cilium bpf ct Synopsis Options Options inherited from parent commands SEE ALSO cilium bpf ct flush Synopsis Options Options inherited from parent commands SEE ALSO cilium bpf ct list Synopsis Options

the helm command will configure Cilium to use overlay routing mode (which is the helm default). 2. Flush iptables rules added by VPC CNI iptables -t nat -F AWS-SNAT-CHAIN-0 \\ && iptables -t nat -F AWS-SNAT-CHAIN-1 ansible_user=core -e bootstrap_os=coreos -e kube_network_plugin=cilium -b --become-user=root --flush-cache -e ansible_ssh_private_key_file= If you are interested ansible_user=core -e bootstrap_os=coreos -e kube_network_plugin=cilium -b --become-user=root --flush-cache -e ansible_ssh_private_key_file= Validate Cluster To check

ansible_user=core -e bootstrap_os=coreos -e kube_network_plugin=cilium -b --become-user=root --flush-cache -e ansible_ssh_private_key_file= If you are interested ansible_user=core -e bootstrap_os=coreos -e kube_network_plugin=cilium -b --become-user=root --flush-cache -e ansible_ssh_private_key_file= Validate Cluster To check Verifier List connection tracking entries: sudo cilium bpf ct list global Flush connection tracking entries: sudo cilium bpf ct flush Kubernetes examples: If you running Cilium on top of Kubernetes you

ansible_user=core -e bootstrap_os=coreos -e kube_network_plugin=cilium -b --become-user=root --flush-cache -e ansible_ssh_private_key_file= If you are interested ansible_user=core -e bootstrap_os=coreos -e kube_network_plugin=cilium -b --become-user=root --flush-cache -e ansible_ssh_private_key_file= Validate Cluster To check Verifier List connection tracking entries: sudo cilium bpf ct list global Flush connection tracking entries: sudo cilium bpf ct flush Kubernetes examples: If you running Cilium on top of Kubernetes you