Skip to content

Instantly share code, notes, and snippets.

@anfernee

anfernee/cilium-bpf.md

Last active March 17, 2021 06:02
Show Gist options
  • Save anfernee/6a41671df7f848dd7a776aba2bf05f85 to your computer and use it in GitHub Desktop.
Save anfernee/6a41671df7f848dd7a776aba2bf05f85 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cilium-bpf.md

NodePort

Calling from bpf_host.c:to-netdev and bpf_overlay.c:to-overlay

  • nodeport_nat_fwd()
  • tail_handle_nat_fwd_ipv4()
    • nodeport_nat_ipv4_fwd()
      • snat_v4_needed(&addr, &from_endpoint) # check source see if it's from_endpoint.
      • if needed: snat_v4_process(EGRESS, target, from_endpoint) # DO SNAT

Calling from handle_ipv4() from bpf_host.c:from-host bpf_overlay.c:from-lxc and bpf_xdp.c:from-lxc

  • nodeport_lb4()
    • lb4_extract_key(ip4, l4_off, &key, ...) # get lb4_key: ip:port:proto
    • svc = lb4_lookup_service(&key, false)
    • tail_nodeport_nat_ipv4()
      • snat_v4_process()
      • redirect()
Raw
health-check.md

Very detailed commit message: https://github.com/cilium/cilium/commit/72949b4b49d43e6dbb4714929222acb688ce6dd2

There are many health check related options here:

	// EnableEndpointHealthChecking is the name of the EnableEndpointHealthChecking option
  // default: true
  // launch cilium-health: endpoint health check
	EnableEndpointHealthChecking = "enable-endpoint-health-checking"

	// EnableHealthCheckNodePort is the name of the EnableHealthCheckNodePort option
  // default: true
	EnableHealthCheckNodePort = "enable-health-check-nodeport"
  
  // EnableHealthDatapath enables IPIP health probes data path
	EnableHealthDatapath bool
  
  // DSR + IPIP + lb-only: Requires 5.12.0 or newer.
  option.Config.EnableHealthDatapath =
			option.Config.DatapathMode == datapathOption.DatapathModeLBOnly &&
				option.Config.NodePortMode == option.NodePortModeDSR &&
				option.Config.LoadBalancerDSRDispatch == option.DSRDispatchIPIP
        
  flags.Bool(option.EnableHealthChecking, defaults.EnableHealthChecking, "Enable connectivity health checking")
	option.BindEnv(option.EnableHealthChecking)

	flags.Bool(option.EnableHealthCheckNodePort, defaults.EnableHealthCheckNodePort, "Enables a healthcheck nodePort server for NodePort services with 'healthCheckNodePort' being set")
	option.BindEnv(option.EnableHealthCheckNodePort)
  
  // http service health check nodeport
  if option.Config.EnableHealthCheckNodePort {
		localHealthServer = healthserver.New()
	}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment