Cilium

From Wizard Rants
Revision as of 05:09, 20 January 2020 by Northrup2 (talk | contribs)
Jump to navigation Jump to search

Cilium Documentation and Downloads can be found at the Cilium project website.

Flag Options

As the IP addresses used for the cluster prefix are typically allocated from RFC1918 private address blocks and are not publicly routable. Cilium will automatically masquerade the source IP address of all traffic that is leaving the cluster. This behavior can be disabled by running cilium-agent with the option --masquerade=false.

Map Name Scope Default Limit Scale Implications
Connection Tracking node or endpoint 1M TCP/256K UDP Max 1M concurrent TCP connections, max 256K expected UDP answers
Endpoints node 64k Max 64k local endpoints + host IPs per node
IP cache node 512K Max 256K endpoints (IPv4+IPv6), max 512k endpoints (IPv4 or IPv6) across all clusters
Load Balancer node 64k Max 64k cumulative backends across all services across all clusters
Policy endpoint 16k Max 16k allowed identity + port + protocol pairs for specific endpoint
Proxy Map node 512k Max 512k concurrent redirected TCP connections to proxy
Tunnel node 64k Max 32k nodes (IPv4+IPv6) or 64k nodes (IPv4 or IPv6) across all clusters

Map Name Scope Default Limit Scale Implications Connection Tracking node or endpoint 1M TCP/256K UDP Max 1M concurrent TCP connections, max 256K expected UDP answers Endpoints node 64k Max 64k local endpoints + host IPs per node IP cache node 512K Max 256K endpoints (IPv4+IPv6), max 512k endpoints (IPv4 or IPv6) across all clusters Load Balancer node 64k Max 64k cumulative backends across all services across all clusters Policy endpoint 16k Max 16k allowed identity + port + protocol pairs for specific endpoint Proxy Map node 512k Max 512k concurrent redirected TCP connections to proxy Tunnel node 64k Max 32k nodes (IPv4+IPv6) or 64k nodes (IPv4 or IPv6) across all clusters


BPF Map Limitations: https://cilium.readthedocs.io/en/stable/architecture/#bpf-map-limitations