ArthurChiao's Blog

Recent Posts

  • 2022-11-12

    [译] Cilium 未来数据平面:支撑 100Gbit/s k8s 集群(KubeCon, 2022)

    译者序本文翻译自 KubeCon+CloudNativeCon North America 2022 的一篇分享:100 Gbit/s Clusters with Cilium: Building Tomorrow’s Networking Data Plane。作者 Daniel Borkmann, Nikolay Aleksandrov, Nico Vibert 都来自 Isovalent(Cilium 母公司)。翻译时补充了一些背景知识、代码片段和链接,以方便理解。翻译已获得 Daniel 授权。由于译者水平有限,本文不免...

  • 2022-10-30

    [译] Cilium:基于 BPF+EDT+FQ+BBR 实现更好的带宽管理(KubeCon, 2022)

    译者序本文翻译自 KubeCon+CloudNativeCon Europe 2022 的一篇分享:Better Bandwidth Management with eBPF。作者 Daniel Borkmann, Christopher, Nikolay 都来自 Isovalent(Cilium 母公司)。翻译时补充了一些背景知识、代码片段和链接,以方便理解。翻译已获得 Daniel 授权。由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。以下是译文。 译者序 1 问题描述 1.1 容器...

  • 2022-10-07

    [译] 流量控制(TC)五十年:从基于缓冲队列(Queue)到基于时间(EDT)的演进(Google, 2018)

    译者序本文组合翻译了 Google 2018 年两篇分享中的技术部分,二者讲的同一件事情,但层次侧重不同: Netdev 2018: Evolving from AFAP: Teaching NICs about time,视角更宏观,因果关系和历史演进讲地较好; OCT 2018: From Queues to Earliest Departure Time,更技术和细节一些。另外翻译过程中适当补充了一些与 Linux/Cilium/BPF 相关的内容。由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。以...

  • 2022-09-28

    Trip.com: Large Scale Cloud Native Networking & Security with Cilium/eBPF (eBPFSummit, 2022)

    This is an entended version of our talk at eBPF Summit 2022:Large scale cloud native networking and security with Cilium/eBPF: 4 years production experiences from Trip.com.This version covers more contents and details that’s missing from the talk (for time limitation...

  • 2022-09-03

    BPF 进阶笔记(五):几种 TCP 相关的 BPF(sockops、struct_ops、header options)

    整理一些 TCP 相关的 BPF 内容,主要来自 Facebook 和 Google 的分享。关于 “BPF 进阶笔记” 系列平时学习和使用 BPF 时所整理。由于是笔记而非教程,因此内容不会追求连贯,有基础的同学可作查漏补缺之用。文中涉及的代码,如无特殊说明,均基于内核 5.10。 BPF 进阶笔记(一):BPF 程序(BPF Prog)类型详解:使用场景、函数签名、执行位置及程序示例 BPF 进阶笔记(二):BPF Map 类型详解:使用场景、程序示例 BPF 进阶笔记(三):BPF Map 内核实现 BPF 进阶笔...

  • 2022-08-28

    TCP Socket Listen: A Tale of Two Queues (2022)

    TL; DRThis post digs into the design and implementation of the TCP listen queuesin Linux kernel. Hope that after reading through this post, readers will have adeeper understanding about the underlying working mechanism of TCP/socketlistening and 3-way handshaking, as...

  • 2022-08-06

    The Mysterious Container net.core.somaxconn (2022)

    TL; DRTry to answer several quick questions with a long post: On creating a pod in Kubernetes, if somaxconn is not specified, what the default value will be, and who will set it? If changing node’s sysctl settings, will they be propagated to pods? Are all sysctl p...

  • 2022-07-25

    Differentiate three types of eBPF redirects (2022)

    TL; DRThere are three types of eBPF redirection fashions in Linux kernel that mayconfuse developers often: bpf_redirect_peer() bpf_redirect_neighbor() bpf_redirect()This post helps to clarify them by digging into the code in history order,and also discusses usages...

  • 2022-07-18

    Linux tracing/profiling 基础:符号表、调用栈、perf/bpftrace 示例等(2022)

    整理一些 tracing/profiling 笔记,目前大部分内容都来自Practical Linux tracing系列文章。 1 引言 1.1 热点与调用栈分析(perf record/report/script) 1.2 符号(symbols) 1.3 小结 2 极简程序 hello-world:探究符号 2.1 C 源码 2.2 编译成目标文件(不带 -g) 2.3 查看目标文件(objdump/readelf) 2.4...

  • 2022-07-14

    Cracking Kubernetes Authentication (AuthN) Model (2022)

    Part of this post’s contents first appeared in User and workload identities in Kubernetes,which was kindly edited, re-illustrated and exemplified by learnk8s.io, andvery friendly to beginners.The version posted here in contrast has a biased focus on the design andimp...