How Does Isovalent Cilium Improve K8s Performance?

What is eBPF and how does it improve Kubernetes performance? Scott Moore talks to Bill Mulligan at Isovalent about why eBPF is a better choice for network traffic shaping, queuing, and observability than native K8s implementations.

Kubernetes has become the cornerstone of modern cloud-native infrastructure, but as deployments grow in complexity and scale, optimizing performance becomes increasingly crucial. eBPF and Cilium are revolutionizing Kubernetes performance.

Understanding eBPF

eBPF (extended Berkeley Packet Filter) has gained significant traction in the Kubernetes ecosystem. While not a new concept, its relevance has surged with widespread Kubernetes adoption. eBPF extends the original Berkeley Packet Filter, a technology underlying network analysis tools like TCP dump and Wireshark. The game-changing aspect of eBPF is its ability to make the Linux kernel programmable securely and efficiently.

Key Benefits of eBPF

eBPF allows for dynamic addition of new features and functionalities directly within the kernel, similar to how JavaScript transformed static web pages. This capability enhances the programmability of the Linux kernel, enabling developers to implement custom logic without modifying the kernel source code. eBPF’s secure and performant execution ensures that these additions do not compromise system stability or performance.

Cilium: Leveraging eBPF for Kubernetes Performance

Cilium, developed by Isovalent, harnesses eBPF’s power to address performance limitations often encountered in traditional Kubernetes networking. Many underlying technologies Kubernetes relies on, such as iptables, were designed for a different era of computing and struggle to efficiently handle the demands of massive, dynamic Kubernetes clusters.

Cilium’s Approach

Cilium introduces a streamlined layer that bypasses some traditional Kubernetes overhead, bringing performance closer to that of a native host. It uses its own method of queuing to control packet scheduling, similar to message queues like RabbitMQ within Kubernetes. This approach significantly reduces latency and improves transaction rates, making it ideal for high-performance applications.

Kubernetes Performance Gains with Cilium

The results of implementing Cilium are impressive. By leveraging eBPF, Cilium achieves a substantial reduction in latency and a significant increase in transaction rates compared to traditional methods. Real-world examples further demonstrate Cilium’s benefits:

A recent performance test by a German cloud provider showed a notable improvement in requests per second and a reduction in latency when using Cilium for Ingress capabilities. Additionally, there was a considerable decrease in CPU usage.
An internet provider in the Czech Republic experienced a dramatic reduction in CPU usage after switching to Cilium’s Layer 4 load balancer from an ipvs-based one.

These case studies underscore the significant performance gains that can be achieved by adopting Cilium.

Enhanced Observability

eBPF and Cilium offer significant advantages in observability. Because eBPF operates within the kernel, it provides a comprehensive view of everything happening at that level. This allows for the tracking of granular metrics like read/write throughput with a level of detail that traditional observability tools might miss. Cilium’s companion tool, Hubble, provides network observability with kernel context, offering deeper insights into Kubernetes networking. Furthermore, Cilium integrates with Grafana, enabling users to visualize this rich eBPF observability data through custom dashboards. This enhanced visibility is invaluable for performance engineers seeking to understand and optimize their Kubernetes deployments.

Getting Started with Cilium

For those looking to explore Cilium’s benefits:

Visit cilium.io and docs.cilium.io for comprehensive documentation and getting started guides.
Cilium supports various Kubernetes installations, from local setups like Kind to managed cloud providers.
Cilium is already the default CNI (Container Network Interface) for major cloud providers, meaning many users are likely already leveraging its underlying benefits.

Future Developments

Isovalent has launched Cilium Service Mesh, aiming to provide a comprehensive connectivity and security solution at Layer 7, building upon Cilium’s existing capabilities at Layers 3 and 4. The goal is to offer a unified approach for understanding, connecting, and securing Kubernetes applications across all network layers.

Conclusion

eBPF and Cilium are transforming Kubernetes performance by addressing traditional bottlenecks and providing deep kernel-level insights. These technologies offer significant improvements in latency, transaction rates, and resource utilization. For organizations serious about optimizing their Kubernetes deployments, exploring Cilium and its eBPF foundation is a crucial step towards achieving peak performance.

By leveraging eBPF’s kernel-level capabilities and Cilium’s optimized networking approach, Kubernetes administrators can significantly enhance cluster efficiency, reduce operational overhead, and improve application responsiveness. As Kubernetes continues to evolve, technologies like eBPF and Cilium will play an increasingly vital role in ensuring optimal performance and scalability for cloud-native applications.

Check out this episode about Continuous Profiling With eBPF