不同场景下，不同程度地降低了 网络数据包的“转发延时” • 不同场景下，不同程度地提升了 网络数据包的“吞吐量” • 不同场景下，不同程度地降低了 转发数据包所需的“ CPU 开销” eBPF 简介 eBPF 技术 在 Linux kernel 3.19 开始被 引入，可在用户态进行 eBPF 程序编程，编译 后，动态加载到内核指定的 hook 点上，以 VM 方式安全运行，其能过通过 map 存储结 构存储数据，能通过 10:10000 cgroup ebpf service DNAT connect sendmsg recvmsg getpeername bind cilium的Host-Reachable 技术，利 用eBPF程序，拦截应用在内核connect 、 sendmsg、 recvmsg 、getpeername 、 bind等系统调用，实现 service 的地址解 析，并且伪装通信目的地址，让上层应用 iptables 等 技术，降低了访 问延时。例如在相同环境下，service 数量达到3K，kube-proxy iptables下 的的延时为0.6ms，而cilium的延时为 0.3ms XDP 加速南北向 nodePort 访问 cilium 借助 eBPF 程序 ，能快速完 成 nodePort 、 LoadBalancer service 的解析和转发，其转发性能能比肩 DPDK 技术，且能节省大量CPU资源

performance, distributed memory object caching system. It’s simple yet powerful, and used by dynamic web applica�ons to alleviate database load. Memcached is designed to work efficiently for a very large PRODUCTPAGE_URL=${GATEWAY_URL}/productpage $ echo "Open URL: ${PRODUCTPAGE_URL}" Open that URL in your web browser and check that the applica�on has been successfully deployed. It may take several seconds before 1 1 17m reviews-v2 1/1 1 1 68s Check in your web browser that no stars are appearing in the Book Reviews, even a�er refreshing the page several �mes

performance, distributed memory object caching system. It’s simple yet powerful, and used by dynamic web applications to alleviate database load. Memcached is designed to work efficiently for a very large nodePort}') export PRODUCTPAGE_URL=${GATEWAY_URL}/productpage open ${PRODUCTPAGE_URL} Open that URL in your web browser and check that the application has been successfully deployed. It may take several seconds 1 1 17m reviews-v2 1/1 1 1 68s Check in your web browser that no stars are appearing in the Book Reviews, even after refreshing the page several times

performance, distributed memory object caching system. It’s simple yet powerful, and used by dynamic web applications to alleviate database load. Memcached is designed to work efficiently for a very large nodePort}') export PRODUCTPAGE_URL=${GATEWAY_URL}/productpage open ${PRODUCTPAGE_URL} Open that URL in your web browser and check that the application has been successfully deployed. It may take several seconds 1 1 17m reviews-v2 1/1 1 1 68s Check in your web browser that no stars are appearing in the Book Reviews, even after refreshing the page several times

'oc', run 'export KUBECONFIG=/home/twp/okd/cluster-name/auth/kubeconfig' INFO Access the OpenShift web-console here: https://console-openshift- console.apps.cluster-name.ilya-openshift-test-1.cilium.rocks performance, distributed memory object caching system. It’s simple yet powerful, and used by dynamic web applications to alleviate database load. Memcached is designed to work efficiently for a very large test-lb template: metadata: labels: svc: test-lb spec: containers: - name: web image: nginx imagePullPolicy: IfNotPresent ports: - containerPort: 80

'oc', run 'export KUBECONFIG=/home/twp/okd/cluster-name/auth/kubeconfig' INFO Access the OpenShift web-console here: https://console-openshift- console.apps.cluster-name.ilya-openshift-test-1.cilium.rocks performance, distributed memory object caching system. It’s simple yet powerful, and used by dynamic web applications to alleviate database load. Memcached is designed to work efficiently for a very large test-lb template: metadata: labels: svc: test-lb spec: containers: - name: web image: nginx imagePullPolicy: IfNotPresent ports: - containerPort: 80

performance, distributed memory object caching system. It’s simple yet powerful, and used by dynamic web applications to alleviate database load. Memcached is designed to work efficiently for a very large service dependencies. To access Hubble UI, you can use the following command to forward the port of the web frontend to your local machine: kubectl port-forward -n kube-system svc/hubble-ui --address 0.0.0 nodePort}') export PRODUCTPAGE_URL=${GATEWAY_URL}/productpage open ${PRODUCTPAGE_URL} Open that URL in your web browser and check that the application has been successfully deployed. It may take several seconds

performance, distributed memory object caching system. It’s simple yet powerful, and used by dynamic web applications to alleviate database load. Memcached is designed to work efficiently for a very large ports: - port: "22" protocol: TCP To apply this policy, run: $ kubectl create -f \ |SCM_WEB|\/examples/policies/host/demo-host- policy.yaml ciliumclusterwidenetworkpolicy.cilium.io/demo-host-policy service dependencies. To access Hubble UI, you can use the following command to forward the port of the web frontend to your local machine: kubectl port-forward -n kube-system svc/hubble-ui 12000:80 Open