ProHoster > Blog > Tsamaiso > Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)
Ena ke ntlafatso ea ka benchmark e fetileng, eo hona joale e sebetsang ho Kubernetes 1.14 ka mofuta oa morao-rao oa CNI ho tloha ka Mmesa 2019.

Pele ho tsohle, ke batla ho leboha sehlopha sa Cilium: bashanyana ba ile ba nthusa ho hlahloba le ho lokisa mengolo ea ho hlahloba metrics.

Ke eng e fetohileng ho tloha ka November 2018

Mona ke se fetohileng ho tloha ka nako eo (haeba u rata):

Flannel e ntse e le sebopeho se potlakileng le se bonolo ka ho fetisisa sa CNI, empa e ntse e sa tšehetse maano a marang-rang le encryption.

Romana ha e sa tšehetsoa, ​​kahoo re e tlositse boemong ba palo.

Hona joale WeaveNet e tšehetsa maano a marang-rang bakeng sa Ingress le Egress! Empa tlhahiso e fokotsehile.

Ho Calico, o ntse o hloka ho hlophisa boholo ba pakete ea boholo (MTU) bakeng sa ts'ebetso e ntle ka ho fetisisa. Calico e fana ka likhetho tse peli bakeng sa ho kenya CNI, kahoo o ka etsa ntle le sebaka se arohaneng sa polokelo ea ETCD:

  • ho boloka boemo ho Kubernetes API e le lebenkele la data (boholo ba lihlopha <50 nodes);
  • ho boloka boemo ho Kubernetes API e le lebenkele la data le nang le proxy ea Typha ho imolla moroalo ho K8S API (boholo ba lihlopha> 50 nodes).

Calico e phatlalalitse tšehetso maano a boemo ba kopo ka holim'a Istio bakeng sa ts'ireletso ea boemo ba kopo.

Hona joale Cilium e ts'ehetsa encryption! Cilium e fana ka encryption ka lithanele tsa IPSec mme e fana ka mokhoa o mong ho netweke e patiloeng ea WeaveNet. Empa WeaveNet e potlakile ho feta Cilium e nang le encryption e lumelletsoeng.

Hona joale Cilium e se e le bonolo ho e sebelisa ka lebaka la opereishene ea ETCD e hahiloeng.

Sehlopha sa Cilium se lekile ho fokotsa boima ba 'mele ho tloha ho CNI ea sona ka ho fokotsa tšebeliso ea mohopolo le litšenyehelo tsa CPU, empa bahlolisani ba eona ba ntse ba le bobebe.

Boemo ba benchmark

Benchmark e tsamaisoa ho li-server tse tharo tsa Supermicro tse sa sebetseng tse nang le switch ea 10 Gb Supermicro. Li-server li hokahane ka kotloloho ho switch ka lithapo tsa DAC SFP + tse sa sebetseng 'me li hlophisitsoe ho VLAN e tšoanang le liforeimi tsa jumbo (MTU 9000).

Kubernetes 1.14.0 e kentsoe ho Ubuntu 18.04 LTS ka Docker 18.09.2 (mofuta oa kamehla oa Docker tokollong ena).

Ho ntlafatsa ho ikatisa, re ile ra etsa qeto ea ho lula re hlophisa monghali sebakeng sa pele, beha karolo ea seva ea benchmark ho seva sa bobeli, le karolo ea moreki ho ea boraro. Ho etsa sena, re sebelisa NodeSelector ho li-deployments tsa Kubernetes.

Re tla hlalosa liphetho tsa benchmark sekaleng se latelang:

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)

Ho khetha CNI bakeng sa benchmark

Ena ke tekanyetso ea CNI feela ho tsoa lethathamong le karolong mabapi le ho theha sehlopha se le seng sa master se nang le kubeadm Sheba litokomane tsa molao tsa Kubernetes. Ho li-CNI tsa 9, re tla nka 6 feela: re tla kenyelletsa tse thata ho kenya le / kapa tse sa sebetseng ntle le tlhophiso ho latela litokomane (Romana, Contiv-VPP le JuniperContrail/TungstenFabric).

Re tla bapisa li-CNI tse latelang:

  • Calico v3.6
  • Canal v3.6 (ha e le hantle Flannel bakeng sa marang-rang + Calico joalo ka firewall)
  • Cilium 1.4.2
  • Flannel 0.11.0
  • Kube-router 0.2.5
  • WeaveNet 2.5.1

bophirima

Ha CNI e le bonolo ho e kenya, maikutlo a rona a pele a tla ba betere. Li-CNI tsohle tse tsoang bencheng li bonolo haholo ho li kenya (ka taelo e le 'ngoe kapa tse peli).

Joalokaha re boletse, li-server le switch li hlophisitsoe ka liforeimi tsa jumbo tse nolofalitsoeng (re beha MTU ho 9000). Re ka thaba haeba CNI e ikhethela MTU e ipapisitse le tlhophiso ea li-adapter. Leha ho le joalo, ke Cilium le Flannel feela ba ileng ba khona ho etsa sena. Li-CNI tse ling kaofela li na le likopo ho GitHub ho kenyelletsa boithuto ba MTU ka boits'oaro, empa re tla e hlophisa ka letsoho ka ho fetola ConfigMap bakeng sa Calico, Canal le Kube-router, kapa ho fetisa phetoho ea tikoloho bakeng sa WeaveNet.

Bothata ke bofe ka MTU e fosahetseng? Setšoantšo sena se bontša phapang pakeng tsa WeaveNet e nang le MTU ea kamehla le liforeimi tsa jumbo tse lumelletsoeng:

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)
MTU e ama ts'ebetso joang?

Re bone hore na MTU e bohlokoa hakae bakeng sa ts'ebetso, joale ha re boneng hore na li-CNIs tsa rona li e tseba joang ka bo eona:

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)
CNI e iphumanela MTU ka bo eona

Kerafo e bontša hore o hloka ho lokisa MTU bakeng sa Calico, Canal, Kube-router le WeaveNet bakeng sa ts'ebetso e nepahetseng. Cilium le Flannel ba ile ba khona ho tseba hantle MTU ka bobona ntle le litlhophiso leha e le life.

Tshireletso

Re tla bapisa ts'ireletso ea CNI ka likarolo tse peli: bokhoni ba ho patala data e fetisitsoeng le ts'ebetsong ea maano a marang-rang a Kubernetes (ho ipapisitse le liteko tsa 'nete, eseng litokomane).

Ke lintlha tse peli feela tsa CNIs encrypt data: Cilium le WeaveNet. Koetliso WeaveNet e nolofalitsoe ka ho beha phasewete ea encryption joalo ka phetoho ea tikoloho ea CNI. IN litokomane WeaveNet e e hlalosa ka tsela e rarahaneng, empa ntho e 'ngoe le e' ngoe e etsoa habonolo. Koetliso cilium e hlophisitsoeng ka litaelo, ka ho theha Kubernetes liphiri, le ka ho fetola daemonSet (e rarahaneng ho feta ho WeaveNet, empa Cilium e na le mohato ka mohato. litaelo).

Mabapi le ts'ebetsong ea leano la marang-rang, ba atlehile Calico, Canal, Cilium le WeaveNet, moo o ka hlophisang melao ea Ingress le Egress. Bakeng sa Kube-router ho na le melao ea Ingress feela, le Flannel Ha ho na maano a marang-rang ho hang.

Liphetho ka kakaretso ke tsena:

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)
Liphetho tsa Benchmark tsa Ts'ebetso ea Ts'ireletso

Tlhahiso

Benchmark ena e bonts'a kakaretso ea ho feta bonyane makhetlo a mararo tekong ka 'ngoe. Re leka ts'ebetso ea TCP le UDP (ho sebelisa iperf3), lits'ebetso tsa 'nete tse kang HTTP (e nang le Nginx le curl) kapa FTP (e nang le vsftpd le curl) mme qetellong ts'ebetso ea kopo e sebelisa encryption e thehiloeng ho SCP (ho sebelisa moreki le seva OpenSSH).

Bakeng sa liteko tsohle, re entse benchmark ea tšepe e se nang letho (mola o motala) ho bapisa ts'ebetso ea CNI le ts'ebetso ea marang-rang ea matsoalloa. Mona re sebelisa sekala se tšoanang, empa ka 'mala:

  • Yellow = e ntle haholo
  • Orange = e ntle
  • Blue = joalo-joalo
  • Bofubelu = bobe

Re ke ke ra nka li-CNI tse hlophisitsoeng hantle 'me re tla bonts'a liphetho tsa CNIs ka MTU e nepahetseng. (Tlhokomeliso: Cilium ha e bale MTU ka nepo haeba o nolofalletsa ho ngolla, kahoo o tla tlameha ho fokotsa MTU ho 8900 ka mokhoa oa 1.4. Mofuta o latelang, 1.5, o iketsetsa sena.)

Liphetho ke tsena:

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)
Ts'ebetso ea TCP

Li-CNI tsohle li sebelitse hantle ho benchmark ea TCP. CNI e nang le encryption e salletse morao haholo hobane encryption e theko e boima.

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)
Ts'ebetso ea UDP

Le mona, li-CNI tsohle li sebetsa hantle. CNI e nang le encryption e bontšitse sephetho se batlang se tšoana. Cilium e nyenyane ka mor'a tlhōlisano, empa ke 2,3% feela ea tšepe e se nang letho, kahoo ha se phello e mpe. U se ke ua lebala hore Cilium le Flannel feela ba iketsetse MTU ka nepo, 'me tsena ke liphetho tsa bona ntle le tlhophiso efe kapa efe e eketsehileng.

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)

Ho thoe'ng ka kopo ea sebele? Joalokaha u bona, ts'ebetso e akaretsang ea HTTP e tlase hanyane ho feta ea TCP. Le ha o sebelisa HTTP ka TCP, re hlophisitse iperf3 boemong ba TCP ho qoba ho qala butle ho ka amang palo ea HTTP. Batho bohle ba entse mosebetsi o motle mona. Kube-router e na le molemo o hlakileng, empa WeaveNet ha ea sebetsa hantle: hoo e ka bang 20% ​​e mpe ho feta tšepe e se nang letho. Cilium le WeaveNet tse nang le encryption li shebahala li soabile haholo.

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)

Ka FTP, protocol e 'ngoe e thehiloeng ho TCP, liphetho lia fapana. Flannel le Kube-router li etsa mosebetsi ona, empa Calico, Canal le Cilium li saletse morao hanyenyane 'me li ka ba butle ka 10% ho feta tšepe e se nang letho. WeaveNet e ka morao ka hoo e ka bang 17%, empa WeaveNet e patiloeng e ka pele ka 40% ho feta Cilium e patiloeng.

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)

Ka SCP re ka bona hang-hang hore na encryption ea SSH e re bitsa bokae. Hoo e ka bang li-CNI tsohle li sebetsa hantle, empa WeaveNet e salletse morao hape. Cilium le WeaveNet tse nang le encryption ho lebelletsoe hore li mpe ka ho fetesisa ka lebaka la encryption e habeli (SSH + CNI).

Mona ke lethathamo la kakaretso le liphetho:

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)

Tšebeliso ea lisebelisoa

Joale a re bapiseng hore na CNI e sebelisa lisebelisoa joang tlas'a meroalo e boima (nakong ea phetisetso ea TCP, 10 Gbps). Litekong tsa ts'ebetso re bapisa CNI le tšepe e se nang letho (mola o motala). Bakeng sa tšebeliso ea lisebelisoa, a re bonts'eng Kubernetes e hloekileng (mohala o pherese) ntle le CNI 'me re bone hore na CNI e sebelisa lisebelisoa tse kae.

Ha re qaleng ka mohopolo. Mona ke boleng bo tloaelehileng ba RAM ea li-node (ho sa kenyeletsoe li-buffers le cache) ho MB nakong ea phetisetso.

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)
Tšebeliso ea memori

Flannel le Kube-router li bontšitse litholoana tse ntle haholo - 50 MB feela. Calico le Canal e 'ngoe le e 'ngoe e na le 70. WeaveNet e sebelisa ka ho hlaka ho feta tse ling - 130 MB, 'me Cilium e sebelisa hoo e ka bang 400.
Joale a re hlahlobeng tšebeliso ea nako ea CPU. E hlokomelehang: setšoantšo ha se bontše liphesente, empa ppm, ke hore, 38 ppm bakeng sa "tšepe e se nang letho" ke 3,8%. Liphetho ke tsena:

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)
Tšebeliso ea CPU

Calico, Canal, Flannel le Kube-router li sebetsa hantle haholo ka CPU - ke 2% feela ho feta Kubernetes ntle le CNI. WeaveNet e salla morao haholo ka 5% e eketsehileng, e lateloa ke Cilium ka 7%.

Kakaretso ea tšebeliso ea lisebelisoa ke ena:

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)

Liphello

Lethathamo le nang le liphetho tsohle:

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)
Liphetho tse akaretsang tsa benchmark

fihlela qeto e

Karolong ea ho qetela ke tla hlahisa maikutlo a ka a ikemetseng ka liphello. Hopola hore benchmark ena e leka feela tlhahiso ea khokahanyo e le 'ngoe sehlopheng se senyenyane haholo (li-node tse 3). Ha e sebetse ho lihlopha tse kholo (<50 nodes) kapa likamano tse tšoanang.

Ke khothaletsa ho sebelisa li-CNI tse latelang ho latela maemo:

  • Na u na le sehlopheng sa hau li-node tse nang le lisebelisoa tse fokolang (li-GB tse 'maloa tsa RAM, li-cores tse' maloa) 'me ha u hloke likarolo tsa ts'ireletso - khetha Flannel. Ena ke e 'ngoe ea li-CNI tse bolokang chelete ka ho fetisisa. 'Me e lumellana le mefuta e mengata ea meralo ea meralo (amd64, arm, arm64, joalo-joalo). Ho phaella moo, ena ke e 'ngoe ea tse peli (e' ngoe ke Cilium) CNI e ka khethollang MTU ka bo eona, kahoo ha ho hlokahale hore u lokise letho. Kube-router e boetse e loketse, empa ha e tšoane le maemo mme o tla hloka ho hlophisa MTU ka letsoho.
  • Haeba ho hlokahala encrypt marangrang bakeng sa polokeho, nka WeaveNet. Se ke oa lebala ho hlakisa boholo ba MTU haeba u sebelisa liforeimi tsa jumbo, 'me u nolofalletse ho ngolla ka ho hlakisa senotlolo ka ho feto-fetoha ha tikoloho. Empa ho molemo ho lebala ka ts'ebetso - ke litšenyehelo tsa ho kenyelletsa.
  • etsoe tshebediso e tlwaelehileng Kea eletsa Calico. CNI ena e sebelisoa haholo lisebelisoa tse fapaneng tsa ho tsamaisa Kubernetes (Kops, Kubespray, Rancher, joalo-joalo). Joalo ka WeaveNet, etsa bonnete ba hore u lokisa MTU ho ConfigMap haeba u sebelisa liforeimi tsa jumbo. Ke sesebelisoa se nang le mesebetsi e mengata se sebetsang hantle mabapi le tšebeliso ea lisebelisoa, ts'ebetso le ts'ireletso.

'Me qetellong, ke u eletsa hore u latele tsoelo-pele cilium. CNI ena e na le sehlopha se sebetsang haholo se sebetsang haholo sehlahisoa sa bona (likarolo, polokelo ea lisebelisoa, ts'ebetso, ts'ireletso, lihlopha ...) 'me li na le merero e thahasellisang haholo.

Kubernetes Network Plugin (CNI) Benchmark Results over 10 Gbps Network (E ntlafalitsoe: Mmesa 2019)
Setšoantšo se bonoang bakeng sa khetho ea CNI

Source: www.habr.com

Eketsa ka tlhaloso