Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

configs: add CONFIG_NETKIT=y #6641

Merged
merged 1 commit into from
Jan 31, 2025
Merged

configs: add CONFIG_NETKIT=y #6641

merged 1 commit into from
Jan 31, 2025
+6 −0

Conversation

sholdee
Copy link

@sholdee sholdee commented Jan 31, 2025

NetKit is the Linux BPF-programmable network device, introduced in kernel 6.7 and used by Cilium CNI for high-performance container networking.

More details:

It would be great to have this enabled with kernel 6.12. I have compiled with the flag and tested this on my RPi 5 Kubernetes cluster and everything looks good:

ethan@k3s-master-0:~ $ uname -a
Linux k3s-master-0 6.12.11-v8-16k+ #1 SMP PREEMPT Thu Jan 30 15:58:02 CST 2025 aarch64 GNU/Linux

ethan@k3s-master-0:~ $ sudo modprobe configs

ethan@k3s-master-0:~ $ zgrep CONFIG_NETKIT /proc/config.gz
CONFIG_NETKIT=y

ethan@k3s-master-0:~ $ modinfo netkit
name:           netkit
filename:       (builtin)
alias:          rtnl-link-netkit
license:        GPL
file:           drivers/net/netkit
author:         Nikolay Aleksandrov <razor@blackwall.org>
author:         Daniel Borkmann <daniel@iogearbox.net>
description:    BPF-programmable network device

ethan@k3s-master-0:~ $ sudo kubectl exec -it cilium-5zntq -n kube-system -- cilium status | grep "Mode:"
Defaulted container "cilium-agent" out of: cilium-agent, config (init), mount-cgroup (init), apply-sysctl-overwrites (init), mount-bpf-fs (init), clean-cilium-state (init), install-cni-binaries (init)
Attach Mode:             TCX
Device Mode:             netkit

Cilium status:

    /¯¯\
 /¯¯\__/¯¯\    Cilium:             OK
 \__/¯¯\__/    Operator:           OK
 /¯¯\__/¯¯\    Envoy DaemonSet:    OK
 \__/¯¯\__/    Hubble Relay:       OK
    \__/       ClusterMesh:        disabled

DaemonSet              cilium             Desired: 5, Ready: 5/5, Available: 5/5
DaemonSet              cilium-envoy       Desired: 5, Ready: 5/5, Available: 5/5
Deployment             hubble-ui          Desired: 1, Ready: 1/1, Available: 1/1
Deployment             hubble-relay       Desired: 1, Ready: 1/1, Available: 1/1
Deployment             cilium-operator    Desired: 3, Ready: 3/3, Available: 3/3
Containers:            hubble-ui          Running: 1
                       hubble-relay       Running: 1
                       cilium-operator    Running: 3
                       cilium             Running: 5
                       cilium-envoy       Running: 5
Cluster Pods:          118/118 managed by Cilium
Helm chart version:    
Image versions         hubble-ui          quay.io/cilium/hubble-ui:v0.13.1@sha256:e2e9313eb7caf64b0061d9da0efbdad59c6c461f6ca1752768942bfeda0796c6: 1
                       hubble-ui          quay.io/cilium/hubble-ui-backend:v0.13.1@sha256:0e0eed917653441fded4e7cdb096b7be6a3bddded5a2dd10812a27b1fc6ed95b: 1
                       hubble-relay       quay.io/cilium/hubble-relay:v1.16.6@sha256:ca8dcaa5a81a37743b1397ba2221d16d5d63e4a47607584f1bf50a3b0882bf3b: 1
                       cilium-operator    quay.io/cilium/operator-generic:v1.16.6@sha256:13d32071d5a52c069fb7c35959a56009c6914439adc73e99e098917646d154fc: 3
                       cilium             quay.io/cilium/cilium:v1.16.6@sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da: 5
                       cilium-envoy       quay.io/cilium/cilium-envoy:v1.30.9-1737073743-40a016d11c0d863b772961ed0168eea6fe6b10a5@sha256:a69dfe0e54b24b0ff747385c8feeae0612cfbcae97bfcc8ee42a773bb3f69c88: 5

@pelwell
Copy link
Contributor

pelwell commented Jan 31, 2025

Although this option is a built-in, it barely changes the kernel size at all:


armhf:
  Before:
  -rwxrwxr-x 1 phil phil 22110584 Jan 31 15:54 vmlinux
  -rwxrwxr-x 1 phil phil 16212924 Jan 31 15:54 arch/arm/boot/Image

  After:
  -rwxrwxr-x 1 phil phil 22113068 Jan 31 15:50 vmlinux
  -rwxrwxr-x 1 phil phil 16213096 Jan 31 15:50 arch/arm/boot/Image

arm64:
  Before:
  -rwxrwxr-x 1 phil phil 33935616 Jan 31 15:43 vmlinux
  -rw-rw-r-- 1 phil phil 26817024 Jan 31 15:43 arch/arm64/boot/Image

  After:
  -rwxrwxr-x 1 phil phil 33937632 Jan 31 15:39 vmlinux
  -rw-rw-r-- 1 phil phil 26817024 Jan 31 15:39 arch/arm64/boot/Image

We're also concerned about the effect on performance, particularly for fundamental subsystems like networking, but from what I can see it only affects bpf support (which is already opt-in for users), and mainly by adding new cases to switch statements, which should have a negligible impact for non-users.

I'm inclined to accept this. Thoughts, @popcornmix?

@popcornmix
Copy link
Collaborator

Okay.

@pelwell pelwell merged commit 8afad65 into raspberrypi:rpi-6.12.y Jan 31, 2025
11 of 12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sholdee @pelwell @popcornmix