Antrea对Kubernetes Pod网络的加速和一键诊断

1、Antrea 对 Kubernetes Pod网络的加速和一键诊断Project Antrea is an open source container network plugin (CNI) providing Pod connectivity, NetworkPolicy enforcement and ClusterIP distributed load-balancing with Open vSwitch in Kubernetes.=+What is Project Antrea?24Project Antrea ValueBuild mindshare in cloud nati

2、ve and Kubernetes community and user base.Enhance NetworkPolicy capabilities.Easy for developers and operators to acquire and start using.Open vSwitch enables:Data plane performanceWindows compatibilityDeep diagnostic capabilitiesEasy extensibilityRuns anywhereOverlay and non-overlay modes supported

3、Tanzu Kubernetes cluster, EKS, AKS, GKE,bare metal2K cluster nodesIntegrate with VMware Tanzu Kubernetes Grid and Tanzu Kubernetes Grid Service.Default container networking plugin for workload Kubernetes cluster.Build Open Source MindshareLightweight, Performant, Scalable, Runs AnywhereIntegrate wit

4、h VMware ProductsProject Antrea Architecture4Worker NodeWorker NodeMaster Nodekubeletantrea agentkube- proxykubectlpod Apod Bkube- apiantrea ctrlrcontrol-plane data-planeCRDsNetwork PolicyantctlGatewayGatewayTunnelCNICNIantrea agentIPtableskube- proxyIPtablesveth pairveth pairOctant UIAgenda5OpenvSw

5、itch: Hardware AccelerationOctant UI and Antrea Traceflow Collecting Support BundleOpenvSwitch: Hardware Acceleration7Confidential Virtualized Networking v.s. Accelerated Networking7Programmable TopologyReference: linkAdvanced policyVirtualized NetworkingLower CPU Overhead for Enhanced EfficiencyLow

6、er and more deterministic latencyLegacy Network AccelerationHigher packet rateOpenvSwitch + Hardware Offload = Best of Both Worlds8Virtual Switch Control PlaneHardware Accelerated Data PlaneStandard Hardware Abstraction InterfaceOVS Hardware OffloadBest of both worlds: Enable hardware-accelerated ne

7、tworking data planewith programmable control planeReference: linkOpenvSwitch Hardware Offload Concept9HostSmartNICPodOVS PipelineMove to SmartNICHostSmartNICPodOVS PipelineReference: linkOpenvSwitch Hardware Offload: A Closer Look10OVSPod1Pod2Pod3PFSmartNICvethVFVFRepeSwitchReference: linkVFRepVFOpe

8、nvSwitch Hardware Offload: Dataplane Comparison11Software only OVS ImplementationSoftware-defined, Hardware-acceleratedHigh latency, low bandwidth, CPU intensiveOVS-vswitchdOVS Kernel ModuleUser spaceKernelOVS Kernel ModuleLow latency, high bandwidth, CPU efficientOVS-vswitchdUser spaceKernelSmartNI

9、CFirst flow packetFallback FRWD packetHardware offloaded packetsReference: linkAntrea CNI Workflow12OVS BridgeVFrepKubeletMultus CNIControl PlaneData PlanePod12sriov-network- device-pluginNIC Eswitch3Antrea CNI456VF0Prerequisites:SR-IOV SmartNICSR-IOV Network Device PluginMultus CNIVF Pool Initializ

10、ationReference: linkHardware Offload Demo13Reference: linkLinux CentOS 7.7Kubernetes 1.18Linux 5.7 kernelAntrea v0.8.0 with offload patchesNVIDIA Mellanox ConnectX-5 SmartNICsOctant UI Plugin for Antrea15Confidential Antrea Octant Plugin15OctantAn extensible platform for developers to better underst

11、and how applications run on a Kubernetes cluster./vmware-tanzu/octantAntrea Octant PluginMonitor Antrea controller and agent health.Interact with Traceflow session.Antrea Octant Plugin Demo16Antrea Traceflow18Confidential 19Traceflow: Exposing the Traffic PathTraceflow is to expose and visualize the

12、 path information:All hops in the pathNetworking functions applied to packet forwardingSpoofguardK8s NetworkPolicyK8s Cluster IPIts useful forConfirming NetworkPolicy EffectsTraceflow Implementationkube- apiAntre aAge ntAntre aAge ntOctan t2.1 Watch TraceflowCR2.2 Watch TraceflowCRTunnel3.1 Install

13、Special Flows4. Inject Specialpacket3.2 Install Special Flows5.1 Report Observation s195.2 Report Observation s6.1 UpdateTraceflow Result6.2 UpdateTraceflow Result1. Write Traceflow CR7. Return Traceflow ResultTraceflow DemoDefine a new Traceflow request.Get Traceflow observations.Visualize the obse

14、rvation in Octant UI20Collecting Support Bundle22Confidential antctl: CLI tool for Antrea22antctlGenerate support bundle for Antrea controller and agentsQuery Antrea health informationGet Antrea internal data structuresDump OpenvSwitch flowsSupport Bundle Demo23Admin uses antctl to collect debug informationSupport bundle contentsAntrea controllerHealth, internal data structures, memory profileAntrea agentsHealth, internal data structures, memory profileOpenvSwitch flows,