ArthurChiao's Blog

Recent Posts

  • 2023-01-25

    k8s 基于 cgroup 限制资源使用量(capacity enforcement):模型设计与代码实现(2023)

    1 引言 2 k8s 资源模型 2.1 Node 资源抽象 2.1.1 Capacity 2.1.2 Allocatable 2.1.3 Allocated 2.2 Node 资源切分(预留) 2.2.1 SystemReserved 2.2.2 KubeReserved 2.2.3 EvictionThreshold(驱逐门限)...

  • 2022-12-11

    Pidfd and Socket-lookup BPF (SK_LOOKUP) Illustrated (2022)

    TL; DRMost unix programming text books as well as practices hold the following statements to be true: One socket could be opened by one and only one process (application); One socket could listen/serve on one and only one port; Recall the bind system callint...

  • 2022-12-11

    [译] Socket listen 多地址需求与 SK_LOOKUP BPF 的诞生(LPC, 2019)

    译者序本文组合翻译 Cloudflare 的几篇分享,介绍了他们面临的独特网络需求、解决方案的演进,以及终极解决方案 SK_LOOKUP BPF 的诞生: Programming socket lookup with BPF, LPC, 2019 It’s crowded in here, Cloudflare blog, 2019 Steering connections to sockets with BPF socket lookup hook,eBPF Summit,2020由于译者水平有限,本文不免存在遗漏或错误...

  • 2022-11-12

    [译] Cilium 未来数据平面:支撑 100Gbit/s k8s 集群(KubeCon, 2022)

    译者序本文翻译自 KubeCon+CloudNativeCon North America 2022 的一篇分享:100 Gbit/s Clusters with Cilium: Building Tomorrow’s Networking Data Plane。作者 Daniel Borkmann, Nikolay Aleksandrov, Nico Vibert 都来自 Isovalent(Cilium 母公司)。翻译时补充了一些背景知识、代码片段和链接,以方便理解。翻译已获得 Daniel 授权。由于译者水平有限,本文不免...

  • 2022-10-30

    [译] Cilium:基于 BPF+EDT+FQ+BBR 实现更好的带宽管理(KubeCon, 2022)

    译者序本文翻译自 KubeCon+CloudNativeCon Europe 2022 的一篇分享:Better Bandwidth Management with eBPF。作者 Daniel Borkmann, Christopher, Nikolay 都来自 Isovalent(Cilium 母公司)。翻译时补充了一些背景知识、代码片段和链接,以方便理解。翻译已获得 Daniel 授权。由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。以下是译文。 译者序 1 问题描述 1.1 容器...

  • 2022-10-07

    [译] 流量控制(TC)五十年:从基于缓冲队列(Queue)到基于时间(EDT)的演进(Google, 2018)

    译者序本文组合翻译了 Google 2018 年两篇分享中的技术部分,二者讲的同一件事情,但层次侧重不同: Netdev 2018: Evolving from AFAP: Teaching NICs about time,视角更宏观,因果关系和历史演进讲地较好; OCT 2018: From Queues to Earliest Departure Time,更技术和细节一些。另外翻译过程中适当补充了一些与 Linux/Cilium/BPF 相关的内容。由于译者水平有限,本文不免存在遗漏或错误之处。如有疑问,请查阅原文。以...

  • 2022-09-28

    Trip.com: Large Scale Cloud Native Networking & Security with Cilium/eBPF (eBPFSummit, 2022)

    This is an entended version of our talk at eBPF Summit 2022:Large scale cloud native networking and security with Cilium/eBPF: 4 years production experiences from Trip.com.This version covers more contents and details that’s missing from the talk (for time limitation...

  • 2022-09-03

    BPF 进阶笔记(五):几种 TCP 相关的 BPF(sockops、struct_ops、header options)

    整理一些 TCP 相关的 BPF 内容,主要来自 Facebook 和 Google 的分享。关于 “BPF 进阶笔记” 系列平时学习和使用 BPF 时所整理。由于是笔记而非教程,因此内容不会追求连贯,有基础的同学可作查漏补缺之用。文中涉及的代码,如无特殊说明,均基于内核 5.10。 BPF 进阶笔记(一):BPF 程序(BPF Prog)类型详解:使用场景、函数签名、执行位置及程序示例 BPF 进阶笔记(二):BPF Map 类型详解:使用场景、程序示例 BPF 进阶笔记(三):BPF Map 内核实现 BPF 进阶笔...

  • 2022-08-28

    TCP Socket Listen: A Tale of Two Queues (2022)

    TL; DRThis post digs into the design and implementation of the TCP listen queuesin Linux kernel. Hope that after reading through this post, readers will have adeeper understanding about the underlying working mechanism of TCP/socketlistening and 3-way handshaking, as...

  • 2022-08-06

    The Mysterious Container net.core.somaxconn (2022)

    TL; DRTry to answer several quick questions with a long post: On creating a pod in Kubernetes, if somaxconn is not specified, what the default value will be, and who will set it? If changing node’s sysctl settings, will they be propagated to pods? Are all sysctl p...