New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add documentation for vlan bpf bypass. #17539
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Content looks good, although I suggested a bunch of edits for the grammar and phrasing. Please have a look: a few are typos and need be addressed, but other than this you don't necessarily have to adopt all of my suggestions.
Thanks a lot for the contribution!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, pending that the issue on the location of the comment, raised by Martynas, is addressed. Thanks!
Follow-up for PR: cilium#16772 Signed-off-by: Viktor Kuzmin <kvaster@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One non-blocking comment below. Documentation changes LGTM!
|
||
The list of allowed VLAN tags cannot be too big in order to keep eBPF program of predictable size. Currently this list | ||
should contain no more than 5 entries. If you need more, then there is only one way for now: you need to allow | ||
all tags with cilium-agent flag ``--vlan-bpf-bypass=0``. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand this limit was added to avoid complexity issues. Did anyone actually validate that it works with 5 VLAN tags? What other options were enabled during that test?
If we want to cover this in CI, I think we should extend the MAX_HOST_OPTIONS
macro in bpf/Makefile
.
/cc @joestringer
Documentation for vlan bpf bypass.
Follow-up for PR: #16772
Signed-off-by: Viktor Kuzmin kvaster@gmail.com