Sidecar Acceleration using eBPF reduces the latency that sidecar proxies add to pod traffic. It uses eBPF sockops to short-circuit TCP communication on the same node — bypassing the TCP/IP protocol stack for traffic between an application container and its sidecar proxy in the same pod, and for traffic between sidecar proxies on the same node.
How it works
When a sidecar proxy is injected into an application pod in an Alibaba Cloud Service Mesh (ASM) instance, all inbound and outbound traffic passes through the proxy. This adds a small amount of latency to every request.
Sidecar Acceleration using eBPF intercepts socket operations via sockops and redirects TCP data directly between sockets, skipping the full TCP/IP protocol stack. This applies to two traffic paths:
-
Within a pod: traffic between the application container and its sidecar proxy
-
Within a node: traffic between sidecar proxies on the same node
Prerequisites
Before you install Sidecar Acceleration using eBPF, make sure your environment meets the following requirements:
-
ASM instance version 1.10 or later
-
ACK managed cluster or ACK dedicated cluster (other cluster types are not supported)
All nodes where you want acceleration to apply must run Linux kernel 5.10 or later. Use Alibaba Cloud Linux 3 node images to meet this requirement. If your cluster has mixed kernel versions, acceleration only takes effect on nodes running kernel 5.10 or later. Nodes with earlier kernels, including virtual nodes, continue to work normally — they are simply not accelerated.
Install Sidecar Acceleration using eBPF
After installation, TCP packets with the PSH flag for traffic between an application container and its sidecar proxy cannot be captured on the loopback device. The same applies to PSH-flag packets between sidecar proxies on the same node. If you rely on packet capture for debugging or monitoring, consider this before installing.
-
Create an ASM instance. For more information, see Create an ASM instance.
-
Add your ACK cluster to the ASM instance. Use Alibaba Cloud Linux 3 images as node images when creating the cluster. For more information, see Add a cluster to an ASM instance.
-
Log on to the ACK console. Find your cluster and click its name. Choose Operations > Add-ons, then click the Networking tab. Find Sidecar Acceleration using eBPF and install it. For more information, see Manage components.
Sidecar Acceleration using eBPF takes effect only in the cluster where it is installed. If ASM manages multiple ACK clusters, install the add-on in each cluster separately.
FAQ
How do I verify that Sidecar Acceleration using eBPF is working?
When acceleration is active, TCP data no longer passes through the TCP/IP protocol stack after a connection is established. As a result, packets with the PSH flag stop appearing on the loopback device. To determine whether the communication is accelerated, you can use a packet capture tool such as tcpdump to check whether packets with the PSH flag are transmitted over the TCP connection.
The actual performance improvement depends on your workload and deployment environment.
Does Sidecar Acceleration using eBPF accelerate traffic between pods that have no sidecar proxies?
No. The acceleration only applies to TCP traffic between an application container and its sidecar proxy (within a pod), and between sidecar proxies on the same node. Pods without sidecar proxies injected are not affected.
Does Sidecar Acceleration using eBPF accelerate TCP connections that were established before installation?
No. Only new TCP connections established after the add-on is installed are accelerated. Pre-existing connections are unaffected.
Change records
September 2023
| Version | Release date | Description | Impact |
|---|---|---|---|
| 1.0.15 | September 20, 2023 | Sidecar Acceleration using eBPF is launched. | No impact. |