TL; DR: Ma CNIs onse amagwira ntchito momwe amayenera, kupatula Kube-Router ndi Kube-OVN, Calico, kupatula kuzindikira kwa MTU basi, ndi yabwino kwambiri.
Zosintha zankhani zamacheke anga akale ( ΠΈ ), panthawi yoyesedwa ndikugwiritsa ntchito Kubernetes 1.19 pa Ubuntu 18.04 yokhala ndi ma CNI osinthidwa kuyambira Ogasiti 2020.
Tisanalowe mu ma metrics ...
Chatsopano ndi chiyani kuyambira Epulo 2019?
- Mutha kuyesa pagulu lanu: Mutha kuyesa pagulu lanu pogwiritsa ntchito chida chathu Kubernetes Network Benchmark:
- Mamembala atsopano awonekera
- from VMware Tanzu
- kuchokera ku alauda.io
- Zochitika Zatsopano: Macheke apano amayesa mayeso a "Pod-to-Pod" pamanetiweki, ndipo "Pod-to-Service" script yawonjezedwa yomwe imayesa mayeso pafupi ndi zochitika zenizeni. Pochita, Pod yanu yokhala ndi API imagwira ntchito ndi maziko ngati ntchito, osati kudzera pa adilesi ya IP ya Pod (ndithudi timayang'ana zonse za TCP ndi UDP pazochitika zonse ziwiri).
- Kugwiritsa ntchito zida: mayeso aliwonse tsopano ali ndi zofananira zake
- Kuchotsa Mayesero Ogwiritsa Ntchito: Sitikuchitanso mayeso a HTTP, FTP ndi SCP popeza mgwirizano wathu wopindulitsa ndi anthu ammudzi ndi osamalira CNI apeza kusiyana pakati pa zotsatira za iperf pa TCP ndi zotsatira za curl chifukwa cha kuchedwa kwa CNI kuyambitsa (masekondi angapo oyambirira a Pod kuyambitsa, komwe sikuli kofanana ndi zochitika zenizeni).
- Open source: magwero onse oyesera (zolemba, zoikamo za yml ndi data yoyambirira "yaiwisi") zilipo
Reference Test Protocol
Protocol ikufotokozedwa mwatsatanetsatane Chonde dziwani kuti nkhaniyi ikunena za Ubuntu 18.04 yokhala ndi kernel yokhazikika.
Kusankha CNI Yowunika
Kuyesa uku kumafuna kufananiza ma CNI opangidwa ndi fayilo imodzi yaml (choncho, zonse zomwe zimayikidwa ndi zolemba, monga VPP ndi ena, sizikuphatikizidwa).
Ma CNI athu osankhidwa kuti afananize:
- Antrea v.0.9.1
- Calico v3.16
- Canal v3.16 (Flannel network + Calico Network Policy)
- Cilium 1.8.2
- Flannel 0.12.0
- Kube-router zaposachedwa (2020-08-25)
- WeaveNet 2.7.0
Kukonza MTU kwa CNI
Choyamba, timayang'ana momwe kuzindikirika kwa MTU kumakhudzira magwiridwe antchito a TCP:
Impact ya MTU pa TCP Performance
Kusiyana kwakukulu kumapezeka mukamagwiritsa ntchito UDP:
Impact ya MTU pa UDP Performance
Poganizira za kukhudzika kwa magwiridwe antchito a HUGE omwe awonetsedwa pamayesero, tikufuna kutumiza kalata yachiyembekezo kwa onse osamalira CNI: chonde onjezani kuzindikira kwa MTU ku CNI. Mupulumutsa ana amphaka, ma unicorns komanso odula kwambiri: Devop yaying'ono.
Komabe, ngati mukufuna kugwiritsa ntchito CNI popanda kuthandizira kuzindikira kwa MTU, mutha kuyisintha pamanja kuti igwire ntchito. Chonde dziwani kuti izi zikugwira ntchito ku Calico, Canal ndi WeaveNet.
Pempho langa laling'ono kwa CNIs ...
Kuyesa kwa CNI: Raw Data
M'chigawo chino, tifanizira CNI ndi MTU yolondola (yodziwikiratu kapena yokhazikitsidwa pamanja). Cholinga chachikulu apa ndikuwonetsa deta yaiwisi mu ma graph.
Nthano yamitundu:
- imvi - chitsanzo (ie chitsulo chopanda kanthu)
- wobiriwira - bandwidth pamwamba pa 9500 Mbps
- yellow - bandwidth pamwamba pa 9000 Mbps
- lalanje - bandwidth pamwamba pa 8000 Mbps
- red - bandwidth pansi pa 8000 Mbps
- buluu - osalowerera (osakhudzana ndi bandwidth)
Kugwiritsa ntchito zinthu zopanda katundu
Choyamba, yang'anani kugwiritsidwa ntchito kwazinthu pamene gululo "likugona".
Kugwiritsa ntchito zinthu zopanda katundu
Pod-to-Pod
Izi zikuganiza kuti kasitomala Pod amalumikizana mwachindunji ndi seva Pod pogwiritsa ntchito adilesi yake ya IP.
Pod-to-Pod Scenario
TCP
Zotsatira za Pod-to-Pod TCP ndi kugwiritsa ntchito kofananira:
UDP
Zotsatira za Pod-to-Pod UDP ndi kugwiritsa ntchito kofananira:
Pod-to-Service
Gawoli ndilofunika pazochitika zenizeni, kasitomala Pod amalumikizana ndi seva Pod kudzera pa ntchito ya ClusterIP.
Pod-to-Service script
TCP
Zotsatira za Pod-to-Service TCP ndi kugwiritsa ntchito kofananira:
UDP
Zotsatira za Pod-to-Service UDP ndi kugwiritsa ntchito kofananira:
Thandizo la ndondomeko ya intaneti
Pakati pa zonsezi, chimodzi chokha chomwe sichigwirizana ndi ndale ndi Flannel. Ena onse amakhazikitsa ndondomeko zamaukonde molondola, kuphatikiza zolowera ndi zotuluka. Ntchito yabwino!
CNI encryption
Pakati pa ma CNI otsimikiziridwa pali omwe amatha kubisa kusinthana kwa netiweki pakati pa Pods:
- Antrea pogwiritsa ntchito IPsec
- Calico pogwiritsa ntchito wireguard
- Cilium pogwiritsa ntchito IPsec
- WeaveNet pogwiritsa ntchito IPsec
Bandwidth
Popeza kwatsala ma CNI ochepa, tiyeni tiyike zochitika zonse mu graph imodzi:
Kugwiritsa ntchito zinthu
M'chigawo chino, tiwunika zomwe zimagwiritsidwa ntchito pokonza kuyankhulana kwa Pod-to-Pod mu TCP ndi UDP. Palibe chifukwa chojambulira chithunzi cha Pod-to-Service popeza sichipereka zambiri.
Kuziyika zonse pamodzi
Tiyeni tiyese kubwereza ma graph onse, tidayambitsa kumvera pang'ono apa, m'malo mwazofunikira ndi mawu akuti "vwry fast", "low", etc.
Mapeto ndi ziganizo zanga
Izi ndizokhazikika pang'ono, chifukwa ndikupereka kutanthauzira kwanga kwa zotsatira.
Ndine wokondwa kuti ma CNI atsopano adawonekera, Antrea idachita bwino, ntchito zambiri zidakhazikitsidwa ngakhale m'mitundu yoyambirira: kuzindikira kwa MTU, kubisa komanso kuyika kosavuta.
Tikayerekeza magwiridwe antchito, ma CNI onse amagwira ntchito bwino, kupatula Kube-OVN ndi Kube-Router. Kube-Router sanathenso kuzindikira MTU, sindinapeze njira yosinthira kulikonse pazolemba ( pempho pamutuwu ndi lotseguka).
Pankhani ya kugwiritsa ntchito zinthu, Cilium amagwiritsabe ntchito RAM yochulukirapo kuposa ena, koma wopanga akuyang'ana masango akuluakulu, omwe sali ofanana ndi kuyesa pamagulu atatu. Kube-OVN imadyanso zinthu zambiri za CPU ndi RAM, koma ndi CNI yachinyamata yochokera ku Open vSwitch (monga Antrea, imachita bwino komanso imadya zochepa).
Aliyense kupatula Flannel ali ndi ndondomeko za intaneti. Ndizotheka kuti sadzawathandiza konse, chifukwa cholinga chake ndi chosavuta kuposa mpiru wotentha: wopepuka, ndi wabwino.
Komanso, mwa zina, ntchito ya encryption ndi yodabwitsa. Calico ndi imodzi mwama CNI akale kwambiri, koma kubisa kudawonjezedwa masabata angapo apitawo. Iwo anasankha wireguard m'malo IPsec, ndi mophweka, izo zimagwira ntchito bwino ndi zodabwitsa, kwathunthu eclipsing ma CNIs ena mbali iyi ya kuyezetsa. Zachidziwikire, kugwiritsidwa ntchito kwazinthu kumawonjezeka chifukwa cha kubisa, koma kupititsa patsogolo komwe kunachitika ndikofunikira (Calico adawonetsa kuwongolera kasanu ndi kamodzi pamayeso achinsinsi poyerekeza ndi Cilium, yomwe ili yachiwiri). Kuphatikiza apo, mutha kuloleza ma wireguard nthawi iliyonse mukatumiza Calico pagulu, ndipo mutha kuyimitsa kwakanthawi kochepa kapena kosatha ngati mukufuna. Ndiwosavuta kwambiri, komabe! Tikukumbutsani kuti Calico sazindikira zokha MTU (gawoli lakonzedwa kuti lizisinthidwa mtsogolo), choncho onetsetsani kuti mwakonza MTU ngati netiweki yanu imathandizira Jumbo Frames (MTU 9000).
Mwa zina, zindikirani kuti Cilium imatha kubisa magalimoto pakati pamagulu amagulu (osati pakati pa Pods), zomwe zingakhale zofunika kwambiri pamagulu amagulu a anthu.
Kuphatikiza apo, ndikulimbikitsidwa kugwiritsa ntchito zotsatirazi:
- Ndikufuna CNI pagulu laling'ono kwambiri KAPENA sindikufuna chitetezo: ntchito ndi Flannel, CNI yopepuka komanso yokhazikika kwambiri (nayenso ndi m'modzi mwa akale kwambiri, malinga ndi nthano yomwe adapangidwa ndi Homo Kubernautus kapena Homo Contaitorus.). Mukhozanso kukhala ndi chidwi ndi ntchito yanzeru kwambiri , onani!
- Mufunika CNI ya gulu lokhazikika: Kalico - kusankha kwanu, koma musaiwale kukonza MTU ngati pakufunika. Mutha kusewera mosavuta komanso mwachilengedwe ndi ndondomeko zapaintaneti, kuyatsa ndi kuzimitsa kubisa, ndi zina.
- Mufunika CNI yamagulu (kwambiri) magulu akulu: Chabwino, mayeserowo samasonyeza khalidwe la magulu akuluakulu, ndingakonde kuyesa mayesero, koma tilibe ma seva mazana ndi kugwirizana kwa 10Gbps. Chifukwa chake njira yabwino ndikuyesa mayeso osinthidwa pama node anu, osachepera ndi Calico ndi Cilium.
Source: www.habr.com