Nico Vibert is a Senior Technical Marketing Engineer at Isovalent – the company behind the open-source cloud native solution Cilium. Nico has worked in many different roles – operations and support, design and architecture, technical pre-sales – at companies such as HashiCorp, VMware and Cisco. Nico’s focus is primarily on network, cloud and automation and he loves creating content and writing books. Nico regularly speaks at events, whether on a large scale such as VMworld, Cisco Live or at smaller forums such as VMware and AWS User Groups or virtual events such as HashiCorp HashiTalks. Outside of Isovalent, Nico’s passionate about intentional diversity & inclusion initiatives and is Chief DEI Officer at the Open Technology organization OpenUK.
InternalTrafficPolicy on Cilium – Mini Demo
In this mini-demo, you will learn about internalTrafficPolicy support on Cilium! This feature was added with Cilium 1.13.
In this mini demo, we’re looking at Cilium with internal traffic policy. So, what we’ve got here is two services that have different settings. Echo-1 has a default internal traffic policy of ‘Cluster’, and Echo-2 has an internal traffic policy of ‘local’. Both of these services have two Pods that are based in two different nodes, kind-worker and kind-worker2.
When I first run a curl to the service from the pod Worker, which is based in Kind-Worker node, we see replies coming from both parts. By default, services are randomly distributed across all endpoints. So, when we do a curl and compare and count how many queries are sent to kind-worker node and how many to kind-worker2 node, it’s pretty evenly randomly distributed.
Now, when we use the internal traffic policy local, the traffic will be only forwarded if there is an available endpoint that is local to the same node. So, pod-worker is in kind-worker, we’ll see that the queries coming back only are from the pod in kind-worker itself, there won’t be replies from kind-worker2. And that’s it. Thanks for watching.”