xDS push performance

ZhuangYuZY · March 12, 2021, 7:18am

I run knative on istio with sidecar injection enable with mTLS strict mode, knative namespace and end user namespace enable istio sidecar. Knative has cold start feature, when no HTTP request, then no pod running, when HTTP request coming, start a new pod to serve the request.
Before we are running knative + istio without sidecar injection and mTLS, the response time of helloworld application is about 4~6 seconds including pod start time.
After we enable istio mesh + sidecar + mTLS, the response time is about 13~15 seconds (sometime more), that means istio use 9 seconds to do xDS and take effect. Is it reasonable ? For knative, we are running serverless application, 9 seconds means bad user experience.

|----pod start time 4 secs----| from 06:36:30 to 06:36:36
|----Istiod push xDS and take effort----| from 06:36:36 to 06:36:45
Knative probe detect user container response health check in 06:36:45.

Istiod log: Another question what happens between 06:35:39 and 06:35:45 ?

2021-03-12T06:35:30.739159Z	info	Sidecar injection request for legacy1/app3-wlxbd-1-deployment-6746f89fff-***** (actual name not yet known)
2021-03-12T06:35:36.278481Z	info	ads	Incremental push, service app3-wlxbd-1-private.legacy1.svc.cluster.local has no endpoints
2021-03-12T06:35:37.278674Z	info	ads	Push debounce stable[347] 1: 1.000119745s since last change, 1.000119506s since last push, full=false
2021-03-12T06:35:37.278812Z	info	ads	XDS: Incremental Pushing:2021-03-02T17:44:24Z/129 ConnectedEndpoints:10
2021-03-12T06:35:37.569373Z	info	ads	ADS: new connection for node:sidecar~172.17.3.48~app3-wlxbd-1-deployment-6746f89fff-x6h54.legacy1~legacy1.svc.cluster.local-7134
2021-03-12T06:35:37.572265Z	info	ads	CDS: PUSH for node:app3-wlxbd-1-deployment-6746f89fff-x6h54.legacy1 resources:43
2021-03-12T06:35:37.732172Z	info	ads	EDS: PUSH for node:app3-wlxbd-1-deployment-6746f89fff-x6h54.legacy1 resources:35 empty:0 cached:35/35
2021-03-12T06:35:39.234854Z	info	ads	LDS: PUSH for node:app3-wlxbd-1-deployment-6746f89fff-x6h54.legacy1 resources:14
2021-03-12T06:35:39.558554Z	info	ads	RDS: PUSH for node:app3-wlxbd-1-deployment-6746f89fff-x6h54.legacy1 resources:7
2021-03-12T06:35:45.094803Z	info	ads	Push debounce stable[348] 1: 1.000219264s since last change, 1.000218957s since last push, full=false
2021-03-12T06:35:45.094916Z	info	ads	XDS: Incremental Pushing:2021-03-02T17:44:24Z/129 ConnectedEndpoints:11

howardjohn · March 12, 2021, 6:49pm

Looks like nothing? Istio completes the push at :39. Then 6 seconds later, a config changes (presumably created by knative) and we start another push

Topic		Replies	Views
Istio side car performance 1.2.3 impact : performance degrades over time Performance and Scalability	0	668	August 19, 2019
Istio performance and scalability Test and Release	0	698	August 13, 2019
Access internal service in namespace without sidecar injection Networking	0	262	January 24, 2023
Istio increases performance? Networking	1	453	July 6, 2020
Gradually warm java application in k8s with istio	6	755	December 21, 2022

xDS push performance

Related Topics