Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for SockLB events #816

Merged
merged 2 commits into from
Nov 21, 2022
Merged

Add support for SockLB events #816

merged 2 commits into from
Nov 21, 2022

Conversation

gandro
Copy link
Member

@gandro gandro commented Nov 16, 2022

This adds support for Trace SockLB events. These events are similar to L3/L4 trace events, but are traced on the socket level. This means they have a few differences to regular trace events:

  • There are events for pre- and post-translation. This means that we now get visibility into the service load balancing, meaning that source/destination service is populated before NAT/after rev-NAT.
  • These events do not contain the source port or packet related details (such as TCP flags, Ethernet headers etc).
  • Because the events are emitted on a socket level, there is no meaningful traffic direction or reply status. The reply status and traffic direction of the trace sock events is unknown.
  • These events have two verdicts: TRACED and TRANSLATED. The former is used when ever the SockLB BPF hook is executed, the latter is additionally emitted if NAT or reverse NAT has been applied.

Here is an example of pod-to-a pod doing a service lookup for the echo-a service (first the DNS lookup against kubedns, then a TCP connection to the echo-a service):
image

@gandro gandro added the release-note/major This PR introduces major new functionality to Hubble. label Nov 16, 2022
@gandro gandro requested review from a team as code owners November 16, 2022 13:54
@gandro gandro requested review from rolinh and removed request for a team November 16, 2022 13:54
chancez
chancez reviewed Nov 16, 2022
View reviewed changes
Copy link
Contributor

@chancez chancez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So these are displayed by default right? I wonder: should they be?

@gandro
Copy link
Member Author

gandro commented Nov 17, 2022

So these are displayed by default right? I wonder: should they be?

I would argue they should. The service IP is not visible anywhere otherwise. Before SockLB was a thing, Hubble would show the clusterIP in from-endpoint events (iirc), that visibility got lost till recently.

rolinh
rolinh approved these changes Nov 17, 2022
View reviewed changes
Copy link
Member

@rolinh rolinh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@gandro
Copy link
Member Author

gandro commented Nov 21, 2022

Somehow GitHub seems to be stuck on the status checks. Closing an re-opening.

@gandro gandro closed this Nov 21, 2022
@gandro gandro reopened this Nov 21, 2022
@gandro gandro force-pushed the pr/gandro/trace-socklb-events branch from 1a5b658 to fb779fc Compare November 21, 2022 09:16
@gandro
vendor: Bump github.com/cilium/cilium to latest master
c02f546 
This pulls in the new Hubble API definitions for SockLB events.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro
printer: Add support for SockLB events
9dfd1d5 
This adds support for Trace SockLB events. These events are similar to
L3/L4 trace events, but are traced on the socket level. This means they
have a few differences to regular trace events:

 - There are events for pre- and post-translation. This means that we
   now get visibility into the service load balancing, meaning that
   source/destination service is populated before NAT/after rev-NAT.
 - These events do not contain the source port or packet related
   details (such as TCP flags, Ethernet headers etc).
 - Because the events are emitted on a socket level, there is no
   meaningful traffic direction or reply status. The reply status and
   traffic direction of the trace sock events is unknown.
 - These events have two verdicts: TRACED and TRANSLATED. The former is
   used when ever the SockLB BPF hook is executed, the latter is
   additionally emitted if NAT or reverse NAT has been applied.

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
@gandro gandro force-pushed the pr/gandro/trace-socklb-events branch from fb779fc to 9dfd1d5 Compare November 21, 2022 09:25
kaworu
kaworu approved these changes Nov 21, 2022
View reviewed changes
Copy link
Member

@kaworu kaworu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @gandro!

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Nov 21, 2022
@gandro gandro merged commit d580ee4 into master Nov 21, 2022
@gandro gandro deleted the pr/gandro/trace-socklb-events branch November 21, 2022 09:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaworu kaworu kaworu approved these changes

@rolinh rolinh rolinh approved these changes

@chancez chancez chancez approved these changes

@michi-covalent michi-covalent michi-covalent approved these changes

Assignees
No one assigned
Labels
ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/major This PR introduces major new functionality to Hubble.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@gandro @kaworu @rolinh @chancez @michi-covalent