implemented using BPF using efficient hashtables allowing for almost unlimited scale and supports direct server return (DSR) if the loadbalancing opera�on is not performed on the source host. Note: load balancing have kubectl installed then you can simply point it at the microk8s version of the kubernetes API server: export KUBECONFIG=/snap/microk8s/current/client.config Install etcd Install etcd as a StatefulSet link/etcd-config #ca-file: '/var/lib/etcd-secrets/etcd-client-ca.crt' # # In case you want client to server authentication, uncomment the following # lines and create a kubernetes secret by following the tutorial

implemented using BPF using efficient hashtables allowing for almost unlimited scale and supports direct server return (DSR) if the loadbalancing operation is not performed on the source host. Note: load balancing It will deploy a simple probe and echo server running with multiple replicas. The probe will only report readiness while it can successfully reach the echo server: kubectl get pods NAME It will deploy a simple probe and echo server running with multiple replicas. The probe will only report readiness while it can successfully reach the echo server: kubectl get pods NAME

implemented using BPF using efficient hashtables allowing for almost unlimited scale and supports direct server return (DSR) if the loadbalancing operation is not performed on the source host. Note: load balancing the master node using a node-token which can be found on the master node at /var/lib/rancher/k3s/server/node-token. Install K3s on agent nodes and join them to the master node making sure to replace the "kube-state-metrics-7d9774bbd5-n6m5k" deleted pod "l7-default-backend-6f8697844f-d2rq2" deleted pod "metrics-server-v0.3.1-54699c9cc8-7l5w2" deleted Validate the Installation You can monitor as Cilium and all required

Golang Package Compatibility Guarantees API Reference Hubble internals Hubble Architecture Hubble server Hubble Relay Reference Command Cheatsheet Command utilities: Command examples: Kubernetes examples: implemented using BPF using efficient hashtables allowing for almost unlimited scale and supports direct server return (DSR) if the loadbalancing operation is not performed on the source host. Note: load balancing the master node using a node-token which can be found on the master node at /var/lib/rancher/k3s/server/node-token. Install K3s on agent nodes and join them to the master node making sure to replace the

Golang Package Compatibility Guarantees API Reference Hubble internals Hubble Architecture Hubble server Hubble Relay Reference Command Cheatsheet Command utilities: Command examples: Kubernetes examples: optimized for maximum performance, can be attached to XDP (eXpress Data Path), and supports direct server return (DSR) as well as Maglev consistent hashing if the load balancing operation is not performed separate terminal window, run the hubble status command specifying the Hubble Relay address: $ hubble --server localhost:4245 status Healthcheck (via localhost:4245): Ok Current/Max Flows: 5455/16384 (33.29%)

optimized for maximum performance, can be attached to XDP (eXpress Data Path), and supports direct server return (DSR) as well as Maglev consistent hashing if the load balancing operation is not performed kube-system/l7-default-backend-7fd66b8b88- qqhh5 ♻ Restarted unmanaged pod kube-system/metrics-server-v0.3.6- 7b5cdbcbb8-kjl65 ♻ Restarted unmanaged pod kube-system/stackdriver-metadata-agent- clu "kube-state-metrics-7d9774bbd5-n6m5k" deleted pod "l7-default-backend-6f8697844f-d2rq2" deleted pod "metrics-server-v0.3.1-54699c9cc8-7l5w2" deleted Note This may error out on macOS due to -r being unsupported by

optimized for maximum performance, can be attached to XDP (eXpress Data Path), and supports direct server return (DSR) as well as Maglev consistent hashing if the load balancing operation is not performed kube-system/l7-default-backend-7fd66b8b88- qqhh5 ♻ Restarted unmanaged pod kube-system/metrics-server-v0.3.6- 7b5cdbcbb8-kjl65 ♻ Restarted unmanaged pod kube-system/stackdriver-metadata-agent- clu "kube-state-metrics-7d9774bbd5-n6m5k" deleted pod "l7-default-backend-6f8697844f-d2rq2" deleted pod "metrics-server-v0.3.1-54699c9cc8-7l5w2" deleted Note This may error out on macOS due to -r being unsupported by

twagent story Andrey Ignatov, Facebook October 28, 2020 1 ● a daemon ● runs on every Facebook server ● manages all Facebook containers ● a part of the bigger TW system, see the TW paper in OSDI'20 cgroup-bpf 3 Task IP assignment (aka IP-per-task) ● Facebook DC network is IPv6 only ● Every server has /64 IPv6 prefix ● Convenient to have a unique IPv6 per twagent task (e.g. for QoS tagging) ● sendmsg(2): bpf_bind(task_ip) Handle TCP client A connecting to TCP server B in same task by [::1]: ● listen(2): track server port by tracking BPF_TCP_LISTEN and BPF_TCP_CLOSE ● connect(2) to [::1]:

Code and instructions at https://github.com/jsitnicki/ebpf-summit-2020 We will need… a TCP echo server $ sudo dnf install nmap-ncat $ nc -4kle /bin/cat 127.0.0.1 7777 & [1] 1289 $ ss -4tlpn sport SK_DROP : SK_PASS; } is echo service configured on this port? get echo server socket dispatch the packet to echo server Load echo_dispatch program $ make echo_dispatch.bpf.o clang -I…/linux/usr/include

#1 cilium-agent cilium-operator Node #1 cilium-agent cilium-operator Control Plane kube-api-server cilium-agent kube-controller- manager scheduler ….. etcd VPC digitalocean.com How’s Cilium