This repository contains a set of tools to measure the egress filtering performance using BPF, iptables, ipsets and calico.
-
Setup two computers to run the test. You need to have Docker, iptables and ipset installed and you should be able to connect to those computers with SSH without requiring a password.
-
Download the latest Lokomotive release
Unpack and move to a desired locatin:
tar xvf lokoctl_$VERSION_linux_amd64.tar.gz mv lokoctl_$VERSION_linux_amd64/lokoctl ~/.local/bin/lokoctl
-
Create a Kubernetes cluster using Lokomotive with at least one worker node.
A minimal working configuration that can be deployed on Packet (acquired by Equinix Metal)
Update the variables in
lokocfg.varsand execute:git clone [email protected]:kinvolk/egress-filtering-benchmark.git cd lokomotive lokoctl cluster apply
Set location of kubeconfig using the environment variable KUBECONFIG:
cd egress-filtering-benchmark/lokomotive export KUBECONFIG=$PWD/assets/cluster-assets/auth/kubeconfigLabel the worker node as follows:
kubectl label node calico-benchmark-pool-1-worker-0 nodetype=worker-benchmark -
Configure the parameters of the test in the parameters.py file.
-
Install the required libraries in the client to run the Python script
pip install -r requirements.txt
- Execute the tests:
$ cd benchmark
$ make
$ python run_tests.py --mode udp --username USERNAME --client CLIENTADDR --server SERVERADDR
This will create some csv files with the information about the test. You can plot them by your self or follow the next step.
- Plot the data by running
$ python plot_data.py
This will create some svg files with the graphs.
The BPF filter is inspired by the tc-bpf man page and the Cilium documentation.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent