Skip to content
This repository has been archived by the owner on May 13, 2024. It is now read-only.

feat: MCS Bridge - Integrating eBPF based controller (Proposal) #71

Open
naqvis opened this issue Mar 15, 2023 · 0 comments
Open

feat: MCS Bridge - Integrating eBPF based controller (Proposal) #71

naqvis opened this issue Mar 15, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@naqvis
Copy link
Collaborator

naqvis commented Mar 15, 2023

Please describe the Improvement and/or Feature Request

Proposal is made to make use of eBPF for cross cluster communication, in the environment (OS Kernel) where it is available.

MCS Bridge Controller Startup Process

  1. Read ServiceImport resources and initialize metadata of multi-cluster service using eBPF maps.
  2. Load and mount eBPF programs for MCS Bridge.
  3. Start a proxy service for accessing cross-cluster services:
    • Supports forwarding of Endpoints across multiple clusters and local clusters.
    • Supports various policy modes such as load balancing, failover, etc.

MCS Bridge - Working Principle

DNS Interception

MCS Bridge intercepts DNS requests and forwards them to MCS Bridge Controller. MCS Bridge Controller completes the domain name resolution for cross-cluster services by reading the eBPF map to determine if the service to be resolved is a multi-cluster service. If it is a multi-cluster service, the resolution is returned directly. Otherwise, the request is sent to the upstream domain name service to complete the domain name resolution.

Business Request Interception

When an application accesses a service and establishes a connection, MCS Bridge reads the eBPF map to determine if the target service of the request is a cross-cluster service:

  • If it is not a multi-cluster service, no action is taken.
  • If it is a multi-cluster service, the request is forwarded to MCS Bridge Controller.
  • MCS Bridge Controller completes the policy scheduling for accessing multi-cluster services.

Architecture

mcs bridge

  • MCS Bridge operates only in the Outbound direction of the container that initiates the request.
  • MCS Bridge operates only for requests whose target service is a cross-cluster service.
  • MCS Bridge completes L4 data forwarding.
  • MCS Bridge Controller completes complex request scheduling based on L7 policies.

Scope (please mark with X where applicable)

  • New Functionality [X]
  • Install [ ]
  • Gateway API - GatewayClass [ ]
  • Gateway API - Gateway [ ]
  • Gateway API - HTTPRoute [ ]
  • Gateway API - TLSRoute [ ]
  • Gateway API - TCPRoute [ ]
  • Gateway API - UDPRoute [ ]
  • Gateway API - PolicyReference [ ]
  • Ingress [ ]
  • Egress [ ]
  • MultiCluster [X ]
  • PIPY Control Plane [ ]
  • PIPY Script/Config [ ]
  • CLI Tool [ ]
  • Metrics [ ]
  • Certificate Management [ ]
  • Sidecar Injection [ ]
  • Logging [ ]
  • Debugging [ ]
  • Tests [ ]
  • Demo [ ]
  • CI System [ ]
  • Project Release [ ]

Possible use cases

Clusters running OS Kernel with proper eBPF support.
@naqvis naqvis added the enhancement New feature or request label Mar 15, 2023
@addozhang addozhang mentioned this issue Mar 15, 2023
Closed
2 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@naqvis