Recent years have witnessed a widespread adoption of containers. While containers simplify and accelerate application development, existing container network technologies either incur significant overhead, which hurts performance for distributed applications, or lose flexibility or compatibility, which hinders the widespread deployment in production. We carefully analyze the kernel data path of an overlay network, quantifying the time consumed by each segment of the data path and identifying the \emph{extra overhead} in an overlay network compared to bare metal. We observe that this extra overhead generates repetitive results among packets, which inspires us to introduce caches within an overlay network. We design and implement ONCache (\textbf{O}verlay \textbf{N}etwork \textbf{Cache}), a cache-based container overlay network, to eliminate the extra overhead while maintaining flexibility and compatibility. We implement ONCache using the extended Berkeley Packet Filter (eBPF) with only 524 lines of code, and integrate it as a plugin of Antrea. With ONCache, containers attain networking performance akin to that of bare metal. Compared to the standard overlay networks, ONCache improves throughput and request-response transaction rate by 12\% and 36\% for TCP (20\% and 34\% for UDP), respectively, while significantly reducing per-packet CPU overhead. Popular distributed applications also benefit from ONCache.

翻译：近年来，容器技术得到了广泛采用。尽管容器简化并加速了应用开发，但现有的容器网络技术要么引入显著开销，从而损害分布式应用的性能；要么丧失灵活性或兼容性，阻碍其在生产环境中的广泛部署。我们仔细分析了覆盖网络的内核数据路径，量化了数据路径各段所消耗的时间，并识别出覆盖网络相较于裸金属网络的额外开销。我们观察到，这种额外开销在数据包之间产生了重复的计算结果，这启发我们在覆盖网络中引入缓存机制。我们设计并实现了ONCache（覆盖网络缓存），一种基于缓存的容器覆盖网络，旨在消除额外开销，同时保持灵活性与兼容性。我们使用扩展伯克利数据包过滤器（eBPF）以仅524行代码实现了ONCache，并将其集成为Antrea的插件。借助ONCache，容器可获得近似裸金属网络的网络性能。与标准覆盖网络相比，ONCache将TCP的吞吐量和请求-响应事务率分别提升了12%和36%（UDP为20%和34%），同时显著降低了每数据包的CPU开销。流行的分布式应用同样受益于ONCache。