Toggle navigation sidebar
Toggle in-page Table of Contents
前言
目录
Linux 内核
Interrupt Context and Process Context
Namespace
pid namespace
PID Namespace 的 Main process 结束 与 zombie child process
PID1 in containers
Network Namespace
Fun with network namespaces, part 1
Kernel Network
Kernel Network Data Struct
kernel network stack
Network Receive Path
bpf-trace-net-stack
TCP IP Architecture Design - Sameer Seth
Linux Network Stack Instrumentation Points
Understanding TCP/IP Network Stack & Writing Network Apps
Kernel TCP
tcp implementation
TCP Socket 缓存、接收窗口参数
tcp keepalive
TCP Reset 的原因
SYN Cookies
TCP Inspect
SO_LINGER socket opt
TCP TIME-WAIT
Socket
Socket 相关数据结构
Socket Buffer Queue
socket listen queues
Socket Close/Shutdown 的临界状态与异常逻辑
Kernel Routing
Netfilter
Nftables - Packet flow and Netfilter hooks in detail
conntrack
Connection tracking (conntrack) - Part 1: Modules and Hooks
Connection tracking (conntrack) - Part 2: Core Implementation
Connection tracking (conntrack) - Part 3: State and Examples
连接跟踪(conntrack):原理、应用及 Linux 内核实现
Network address translation part 4 – Conntrack troubleshooting
Out of Window Invalid Packet
NAT local port collision and SYN retransmit (NAT 分配端口冲突与 SYN 重传)
iptables Troubleshooting
Conntrack tales - one thousand and one flows
定位 conntrack TCP RESET 问题
IPVS
========= IP Sysctl
Documentation for /proc/sys/net/
Scheduler(调度器)
调度点(Scheduler Point)
Kubernetes
Kubernetes Eviction
Out-of-memory (OOM) in Kubernetes – Part 4: Pod evictions, OOM scenarios and flows leading to them
Kubernetes Network
Kube Proxy
Cracking Kubernetes Node Proxy (aka kube-proxy)
Destructive test
What happens when one of your Kubernetes nodes fails?
Monitoring
Resource Monitoring
How to alert for Pod Restart & OOMKilled in Kubernetes
Pod
pod phase
Persistent Volumes
CSI
可观察性 - Observability
Prometheus
Prometheus 基础知识
METRIC TYPES
Histograms 与 Summary 比较
Step and query_range - 步长与查询范围
Rate - 秒增量
Top
Metrics Design
rate
vs
increase
functions
Log
Filebeat
Fluent Bit
图解 Fluent Bit 内部设计
Node Exporter
Time metric - 发现时钟漂移
CPU frequency scaling metrics from the node exporter
Disk
Dashboard Best Practices
Java GC
eBPF based monitoring
Network
TCP
TCP Windows
Understanding Throughput and TCP Windows
TCP Ephemeral port
How to stop running out of ephemeral ports and start to love long-lived connections
Ephemeral port exhaustion and how to avoid it
Challenge ACK
TLS
TLS Handshake
测试工具
ALPN
Cipher Suite(密码套件)
key exchange algorithm(密钥交换算法)
TLS Close Alert: close_notify
boringssl
Dump TLS(TLS 抓包)
Troubleshooting Tools
tcpdump
Wireshark
用 Wireshark 分析 TCP Segmentation Offload (TSO)
HTTP
http 1.1
HTTP/1.1 Connection
Service Mesh
Envoy
TCP Proxy
Envoy Socket backlog
Istio
Istio mTLS
Istio mTLS 自动识别说明(Smartness Explained)
Understanding Istio’s Secure Naming
Metadata Exchange
TCP MX
metadata exchange plugin
Istio ALPN
istio-alpn-upstream
Istio ALPN Issues
Istio Gateway TCP Keepalive
Understanding TCP telemetry collection
Access Log
c 语言
libc
libc Stdout Buffering
数据库
Cassandra
The Cassandra Architecture
Cassandra’s Data Model
Writing
Reading
Thread Pool
Data Files
Metrics
Client Drivers
Ceph
RADOS
krbd
Deep Dive Into Ceph’s Kernel Client
observability
prometheus module
Rook prometheus monitoring
硬件
CPU
PMU counters and profiling basics
eBPF
libbpf
图解 eBPF 基础库 libbpf 示例流程
悟
Career
Jerks
从《Why I Left Facebook》扯到蘇東坡《卜算子》
basic theory
The matter of time()
底层技术
Linux ELF
ELF 格式简述
.md
.pdf
Service Mesh
Service Mesh
#
Envoy
TCP Proxy
TCP Proxy
TCP Proxy Configuration
Dynamic cluster selection
Routing to a subset of hosts
Statistics
TCP Proxy(proto)
Envoy Socket backlog
Istio
Istio mTLS
Istio mTLS 自动识别说明(Smartness Explained)
Introduction
Environment details
Scenario 1, no sidecars on either side
Scenario 2, non-injected client to injected and non-injected services
Why is Istio/envoy allowing plain text?
Enable STRICT mode
STRICT mode filter chains
FilterChain matching
ALPN
How client sidecar adds Istio-defined ALPNs in the TLS client hello message
http traffic
tcp traffic
Switch back to PERMISSIVE mode
PERMISSIVE mode filter chains
Scenario 3 i.e injected client talking to injected and non-injected servers
Injected client to injected sever
Injected client to non-injected sever
Summary
Understanding Istio’s Secure Naming
Certificates
Istio Mutual TLS Authentication
Example
What all happens at data path?
DNS Resolution
mTLS Handshake with resolved address
DNS Spoofing
Secure Naming to rescue
What about SAN validation for non-mesh services
Summary
Metadata Exchange
HTTP
Goal
Design Proposed Work
Stateless approach
HTTP header size considerations
TCP
TCP MX
metadata exchange plugin
Metadata exchange plugin introduction
TCP MX 设计文档
内部实现细节
Ref
metadata exchange plugin
Metadata exchange plugin Introduction
Stats plugin
For HTTP, HTTP/2, and GRPC traffic the proxy generates the following metrics
For TCP traffic the proxy generates the following metrics
Feature gaps between Mixer-based telemetry and Telemetry V2
Istio ALPN
Protocol sniffing
Background
Objective
Overview
Protocol sniffing for inbound listener
Filter chains
Get ALPN
Alternatives Considered
Other
istio-alpn-upstream
ALPN 名字
TCP ALPN
HTTP ALPN
Istio ALPN Issues
Istio Gateway TCP Keepalive
socket opts
socket 级别的 opts 列表:
TCP 级别的 opts 列表
Linux 的协议列表
Linux 的默认的参数值
常见 Load Balancer / TLS proxy 的行为
自动 keepalive load balancer 的两端
偷偷关闭连接
相关的 Envoy 配置资料
Design Doc Links
Nebulous Future
Release 1.4
Release 1.3
Release 1.1
Observability
Understanding TCP telemetry collection
TCP attributes
Access Log
Pod Level enable access log