China Accelerate Service Mesh Network with ebpf Luyao Zhong Istio Meetup China Agenda ● TCP/IP stack overhead in service mesh ● Background knowledge of eBPF ● Independent solution to bypass TCP/IP stack Acceleration(same host) Istio Meetup China ebpf Background Knowledge Loader & Verification Architecture https://ebpf.io/what-is-ebpf/ Istio Meetup China ebpf Background Knowledge map ● Share collected information ● Accessed from eBPF programs as well as from applications in user space ● Map type o HASHMAP o SOCKHASH: Hold socket as value Istio Meetup China ebpf Background Knowledge Prog type

Accelerate Istio-CNI with ebpf Xu Yizhou & Guo Ruijing #IstioCon Agenda ● Istio-CNI ● tcp/ip stack overhead between sidecar and service ● Background knowledge of ebpf ● Acceleration for Inbound/Outbound/Envoy #IstioCon ebpf Background Knowledge Prog type ● ebpf provide various programs type for different purpose ● We choose SOCK_OPS & SK_SKB to implement function #IstioCon ebpf Background Knowledge Knowledge map ● Share collected information and to store state ● Accessed from eBPF programs as well as from applications in user space #IstioCon Work Flow of Acceleration ● Attach SOCK_OPS program

bandwidth ○ Ultra low latency #IstioCon Performance Limitations: Solutions ● Software techniques ○ (eBPF-based) TCP/IP stack bypass ○ HTTP/3 & QUIC ● Hardware acceleration technologies ○ SRIOV/DPDK ○ 30%~50% ● Others ○ Latency between Pods ○ Latency introduced by C/S #IstioCon (eBPF-based) TCP/IP Stack Bypass ● eBPF ○ In-kernel virtual machine ○ Running user code in kernel space safety ○ Tracing sk_msg_md ■ Match & redirect ● ~5% improvements #IstioCon TCP/IP Stack Bypass (cont.) ● Leverage eBPF ● Target Pod/VMs on the same node ● Use case: edge computing ○ Limited number of nodes ○ More

Sidecar ● Use protocol specific traffic sniffing (i.e. gRPC call discovery) to find out dependencies ● eBPF magic to get service calls? We use the first approach currently as it is protocol-agnostic and works