I wrote a deep dive on Isovalent.com on Cilium implements traffic rate-limiting on Kubernetes Pods. It was a pretty lengthy process to write this up but I enjoyed reading up white papers on Quality of Service and Linux networking to be as accurate as possible.
I had recorded a brief demo on this topic a few weeks ago but if you want to learn more, read this!
A few more additional notes as I couldn’t quite fit it all in in the blog post:
- There’s a lot of innovation happening in the networking space that starts – or at least is implemented first – in the Linux networking kernel stack. That’s something I didn’t appreciate until I started working on Cilium full time.
- The rate-limit feature is interesting and researching it took me back to the times where I was either learning QoS when I was studying for my CCIE or when I was actually implementing it.
- Networking in the Kubernetes world is similar but different to the old traditional Cisco world. What I find especially interesting here is, as I said in the first part of the post, we already had some Kubernetes-native mechanisms to address compute contention in Kubernetes but doing the same of networking was much harder.
- Writing a blog post like this can be challenging because the readers can have very different background. How can I simultaneously address the DevOps engineer, the network architect, the Linux expert ? It’s just about impossible to find a common language… Just know that I tried to make it easy to read for everyone who might have a requirement to implement some kind of traffic policing/shaping on Kubernetes.
- The feature I am describing enforces egress traffic limit, based on Bytes per seconds. This is different from Service Mesh traffic limit, which might be based on API call limitations for some example.
- The blog post was inspired by a KubeCon session I saw in Valencia earlier this year and follows a similar storyline.
- It’s not a feature you can just test on Kind unfortunately – you’re going to need some real HW for this.
- I had lots of folks reviewing this blog post – thanks to all of them – so hopefully it’s accurate but if you spot any mistakes, just drop me a message.
- The next deep dive blog post I have coming up on Isovalent.com is a deep dive on BBR on Cilium. That’s pretty cool and again it gave me up the opportunity to learn and do some research some bleeding edge tech.
Thanks for reading.