revolutionizing-service-mesh-with-kernel-native-sidecarless-architecture-zhi-chang-yi-wu-jie-xin-liu-huawei-technologies-co-ltd.pdf

1、Revolutionizing Service Meshwith Kernel-Native sidecarlessArchitectureAbout MeKmesh MaintainerLinux Kernel ContributorsXin LiuSoftwar Engineer,HuaweiAgendaKmesh OverviewHow to implement L4/L7 traffic offloadRestarting without stop the serviceHigh-performance non-intrusive observabilityAgendaKmesh Ov

2、erviewHow to implement L4/L7 traffic offloadRestarting without stop the serviceHigh-performance non-intrusive observabilityKmesh OverviewKmesh is a high-performance and low overhead service mesh data plane based on eBPF and programmable kernel.Kmesh brings traffic management,security and monitoring

3、to service communication without needing application code changes.It is nativelysidecarless,zero intrusion and without adding any resource cost to application container.High PerformanceLow overheadHigh availabilitySecurity isolation Flexible management modeSeamless compatibilityKernel-Native:L4L7 ul

4、timate performanceDual EngineL4/l7 Slicing the layers Flexible managementOSL7 UpstreamServiceAkmesh-daemonIstiodadsOSL7 Upstreamkmesh-daemonadsServiceBwaypoint(L7)OSL4 Upstreamkmesh-daemonIstiodworkloadOSL7Upstreamkmesh-daemonworkloadServiceAServiceBAgendaKmesh OverviewHow to implement L4/L7 Upstrea

5、mRestarting without stop the serviceHigh-performance non-intrusive observabilityIstio sidecar performance profilingThe network time consumption shows that：The sidecar architecture introduces a large amount of latency overhead.Upstream is only 10%of grid overhead.Most overheads are caused by data cop

6、y,two extra link setup communications,and context switch scheduling.App AsidecarsidecarApp BkernelCtx switch 25%TCP/IPstack 40%Iptables 10%Downstream 15%Upstream 10%SidecarProfilingKernel-Native L7 UpstreamService AconnectsendmsgL4 pre connectFake tcp_connectCgroup/Connect4setsockopt(TCP_ULP，Kmesh)K