《任玉鑫--基于eBPF的应用层负载均衡的优化实践与探索.pdf》由会员分享，可在线阅读，更多相关《任玉鑫--基于eBPF的应用层负载均衡的优化实践与探索.pdf（16页珍藏版）》请在三个皮匠报告上搜索。

1、基于eBPF的应用层负载均衡的优化实践与探索第二届 eBPF开发者大会w w w.e b p f t r a v e l.c o m中 国 西 安任 玉 鑫 华 为Background：micro-serviceCharacteristics Long service chain Layer-7 load balancing Load balancer co-locationBackground：L7 load balancing Nginx、HAProxy、Envoy Load distribution Application awareness High performance requi

2、rementBackground：current practiceProxy-based solution：more hops，redundant processingIstioCiliumBackground：current practiceSecurity，Isolation，Compatibility issueLibraryDPDKProblem summaryComponentsSidecar ProxyProtocol parsing4.5us(5.11%)Load balancing13us(14.78%)Connection splicing22us(25%)Socket pr

3、ocessing3.83us(4.35%)Kernel protocol26.9us(30.62%)Others17.7us(20.12%)SidecarKernel BypassLibraryDuplicated ProcessingHighHighLowSystem CallsHighLowHighCross-processHighHighLowIsolationHighHighLowCompatibilityHighLowLowOverhead breakdownApproach comparisonDesign：architectureGoals Near-zero unnecessa

4、ry overhead Service isolation and security Operational compatibilityeBPFDesign：benefits Intercept complete message contents Fast message process Flexible message rewriting Modular extensionDesign：challenges Challenge 1:insufficient and inflexible connection management in the kernel.Challenge 2:compl

5、ex application layer states maintenance in the kernel.Design：eBPF Interpositionimplements backend selection in eBPF to execute in the kernel Packet parsing：extract packet contents Service location:combine message contents with IP Routing:match requests with routing rules sequentially,and the last ma

6、tched rule resolves the destination service Instance selection:conventional loading balancing algorithms,such as round-robin,random,and the least requestDesign：socket redirection New socket types Connection pool Request mapEvaluation：ScalabilityEvaluation：BookinfoIstio：43.2%higher throughput,33.2%lo

7、wer latencyCilium：10.2%higher throughput,13.3%lower latencyeBPFEvaluation：Google BoAeBPFFuture work More protocols support More L7 functionalities Coordinating with user-space customized features Online update ReliabilityOpen source Kmesh：an efficient in-kernel service mesh frameworkWill integrate into kmesh！https:/ 应用无感的流量治理 自动对接Istio等软件高性能 网格转发时延60%服务启动性能40%低开销 网格底座开销70%安全隔离 ebpf虚机安全 cgroup级编排隔离全栈可视化 端到端指标采集*主流观测平台对接*开放生态 支持xDS协议标准24年2月Kmesh v0.2版本helm安装部署支持workload基础功能24年4月24年6月Kmesh v0.3版本预计支持waypoint对接鉴权熔断限流mTLS透明加密数据面运维增强23年12月Kmesh v0.1版本L4L7流量治理ns粒度托管网格数据面镜像发布Kmesh技术交流群