Accelerate Istio-CNI with ebpf Xu Yizhou & Guo Ruijing #IstioCon Agenda ● Istio-CNI ● tcp/ip stack overhead between sidecar and service ● Background knowledge of ebpf ● Acceleration for Inbound/Outbound/Envoy #IstioCon ebpf Background Knowledge Prog type ● ebpf provide various programs type for different purpose ● We choose SOCK_OPS & SK_SKB to implement function #IstioCon ebpf Background Knowledge Knowledge map ● Share collected information and to store state ● Accessed from eBPF programs as well as from applications in user space #IstioCon Work Flow of Acceleration ● Attach SOCK_OPS program

bandwidth ○ Ultra low latency #IstioCon Performance Limitations: Solutions ● Software techniques ○ (eBPF-based) TCP/IP stack bypass ○ HTTP/3 & QUIC ● Hardware acceleration technologies ○ SRIOV/DPDK ○ 30%~50% ● Others ○ Latency between Pods ○ Latency introduced by C/S #IstioCon (eBPF-based) TCP/IP Stack Bypass ● eBPF ○ In-kernel virtual machine ○ Running user code in kernel space safety ○ Tracing sk_msg_md ■ Match & redirect ● ~5% improvements #IstioCon TCP/IP Stack Bypass (cont.) ● Leverage eBPF ● Target Pod/VMs on the same node ● Use case: edge computing ○ Limited number of nodes ○ More