{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Cilium 是近兩年最火的雲原生網絡方案之一。Cilium 的核心基於 eBPF,有兩大亮點:基於 eBPF 的靈活、高性能網絡,以及基於 eBPF 的 L3-L7 安全策略實現。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"攜程 2019 年開始在生產環境使用 Cilium,本文將介紹 Cilium 在攜程的落地情況,以及我們基於 Cilium 的、覆蓋虛擬機、物理機和容器的雲原生安全的一些探索。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"一、網絡演進簡要回顧"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從 2013 年到 2018 年,我們經歷了物理機到虛擬機再到容器的基礎設施演進,但網絡技術棧基本都是沿用 Neutron+OVS —— 即使對我們(前期)的 Kubernetes 集羣也是如此。但業務開始往 Kubernetes 遷移之後,這套 Neutron+OVS 的網絡方案越來越捉襟見肘,尤其是在部署密度更高、規模更大的容器面前,這種大二層網絡模型的軟件和硬件瓶頸暴露無遺 [1]。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爲了解決這些問題,更重要的,爲了滿足雲原生業務的各種需求(例如,支持Kubernetes 的 Service 模型),我們調研了很多較新的網絡方案,綜合評估之後,選擇了 Cilium+BGP 的組合 [3]。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/ed\/d9\/edde2a09eb450b144f663151276051d9.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":true,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
攜程 Cilium+BGP 雲原生網絡實踐
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Cilium 是近兩年最火的雲原生網絡方案之一。Cilium 的核心基於 eBPF,有兩大亮點:基於 eBPF 的靈活、高性能網絡,以及基於 eBPF 的 L3-L7 安全策略實現。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"攜程 2019 年開始在生產環境使用 Cilium,本文將介紹 Cilium 在攜程的落地情況,以及我們基於 Cilium 的、覆蓋虛擬機、物理機和容器的雲原生安全的一些探索。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"一、網絡演進簡要回顧"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從 2013 年到 2018 年,我們經歷了物理機到虛擬機再到容器的基礎設施演進,但網絡技術棧基本都是沿用 Neutron+OVS —— 即使對我們(前期)的 Kubernetes 集羣也是如此。但業務開始往 Kubernetes 遷移之後,這套 Neutron+OVS 的網絡方案越來越捉襟見肘,尤其是在部署密度更高、規模更大的容器面前,這種大二層網絡模型的軟件和硬件瓶頸暴露無遺 [1]。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爲了解決這些問題,更重要的,爲了滿足雲原生業務的各種需求(例如,支持Kubernetes 的 Service 模型),我們調研了很多較新的網絡方案,綜合評估之後,選擇了 Cilium+BGP 的組合 [3]。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/ed\/d9\/edde2a09eb450b144f663151276051d9.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":true,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章