Customize your schedule by session topic and skill level: Session Topic - Refer to the "Type" filter list to the right to find a session based on topic. Talk Difficulty - Sessions are categorized as [B]eginner, [I]ntermediate or [A]dvanced at the end of each talk title.
In this talk, we discuss how Comcast VIPER addresses network-scaling bottlenecks using IPVS as a load balancer. We discuss the benefits including enabling us to achieve over 500Gbit/s egress from a modest Kubernetes cluster as well as dynamic VIP allocation.
Using a tool we’ve written in-house called Kube2IPVS, which utilize Kubernetes config maps, we can assign an ingress IP address and port to a Kubernetes service, and our load balancer will automatically reconfigure, with no downtime, to load balance traffic into a service.
We go into technical detail in this presentation, starting with a brief overview of IPVS and why it’s useful. We will then descend into the requirements surrounding L2 adjacency and why ARP is your frenemy. We’ll discuss how we addressed the challenges of running IPVS internal to Kubernetes, including IPVS master and backend co-location.
Finally, we'll highlight how port forwarding is not possible using IPVS in direct-reply mode, and then discuss how Kube2IPVS manages iptables rules to route packets directly into Kubernetes service chains, effectively bypassing this restriction.
