top | item 46673814

(no title)

Founder of loophole labs here!

Cilium is definitely the gold standard if you’re working with Kubernetes clusters and need a full CNI, but if you want to extend CNI functionality without replacing it, then this approach is the only option.

It works quite well because Cillium (and all CNIs that I’m aware of) don’t use XDP like the blog post mentions, they use Netkit instead which is an alternative to veth designed for netfilter-like use cases.

This means XDP can work alongside Cillium (with enough tweaking) which is what we wanted to be able to do.

If you’re using pure containers and no CNI, then of course this provides a significant speed up even beyond netkit devices.

discuss

spliffedr|1 month ago

It is nice to see people thinking and working on low level networking stuff that everyone will benefit. I think even single node clusters/container hosts will benefit a lot from XDP loophole. I'll keep an eye on it.