Reputation: 661
Why is cilium-proxy faster than kube-proxy ipvs mode?
I've read the cilium documents and the benchmark shows that cilium-proxy using ebpf is faster than kube-proxy ipvs mode. I'm not an expert on inner workings on ebpf or anything so it would be great if anyone could explain why cilium-proxy is faster than kube-proxy ipvs mode in detail.
Upvotes: 0
Views: 1907
Answers (1)
Reputation: 7948
eBPF allows Cilium to hook into the kernel at lower point or higher points depending on the desired path.
For North/South traffic, Cilium can leverage XDP which sits right on top of the driver to forward packets without the need to allocate socket buffers and has a shorter code path overall. This link has additional details.
In East/West traffic, especially if a pod needs to connect to another pod on the same node, Cillium can forward packets directly from one socket to another without having to go through the full network stack and lookup tables. Again, shortening the code path and thus decreasing CPU load. Here is a reference.
It all comes down to taking shortcuts to shorten code paths.
Upvotes: 2
Related Questions
- Kubernetes CNI vs Kube-proxy
- does calico also run in ipvs mode when kube proxy is runing in ipvs mode
- Kube-proxy with IPVS mode doesn't keep a connection
- heterogeneous kubernetes cluster, container performance difference
- What causes pods to be slow in kubernetes?
- API Gateway performance comparison between Kubernetes and Native. TPS 20% loss
- Why is the kubelet slower than docker cli to start a container?
- what parameters can impove kube-proxy performance?
- `kubctl get pods` has high latency
- Does kube-proxy prefer local pods to remote ones