From a72509be6b5586aeac8c7863c6c5191dd3e4d662 Mon Sep 17 00:00:00 2001 From: Nikolay Sivko Date: Wed, 13 Nov 2024 16:27:07 +0300 Subject: [PATCH 1/3] skip connections to link-local IPs --- common/net.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/common/net.go b/common/net.go index ccce550..01b8737 100644 --- a/common/net.go +++ b/common/net.go @@ -86,6 +86,9 @@ func (f connectionFilter) WhitelistPrefix(p netaddr.IPPrefix) { } func (f connectionFilter) ShouldBeSkipped(dst, actualDst netaddr.IP) bool { + if dst.IsLinkLocalUnicast() { + return true + } if IsIpPrivate(dst) || dst.IsLoopback() { return false } From 4785312eb323b91d3d7753ac073aabdcdcfbe52f Mon Sep 17 00:00:00 2001 From: Nikolay Sivko Date: Wed, 13 Nov 2024 17:08:01 +0300 Subject: [PATCH 2/3] group HTTP statuses (e.g., 2xx, 4xx) to reduce the number of metrics collected --- ebpftracer/l7/l7.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/ebpftracer/l7/l7.go b/ebpftracer/l7/l7.go index d522fa1..f2250db 100644 --- a/ebpftracer/l7/l7.go +++ b/ebpftracer/l7/l7.go @@ -108,7 +108,19 @@ func (s Status) String() string { } func (s Status) Http() string { - return strconv.Itoa(int(s)) + switch { + case s >= 100 && s < 200: + return "1xx" + case s >= 200 && s < 300: + return "2xx" + case s >= 300 && s < 400: + return "3xx" + case s >= 400 && s < 500: + return "4xx" + case s >= 500 && s < 600: + return "5xx" + } + return "unknown" } func (s Status) DNS() string { From c7356a029d775dc66fd29de0f4616a65e80a7868 Mon Sep 17 00:00:00 2001 From: Nikolay Sivko Date: Thu, 14 Nov 2024 12:27:54 +0300 Subject: [PATCH 3/3] DNS metric optimization --- common/net.go | 12 ++++++++++++ common/net_test.go | 15 +++++++++++++++ containers/container.go | 9 +++++++++ 3 files changed, 36 insertions(+) diff --git a/common/net.go b/common/net.go index 01b8737..993c4c4 100644 --- a/common/net.go +++ b/common/net.go @@ -209,3 +209,15 @@ func NewDestinationKey(dst, actualDst netaddr.IPPort, fqdn string) DestinationKe actualDestination: HostPortFromIPPort(actualDst), } } + +var ec2NodeRegex = regexp.MustCompile(`ip-\d+-\d+-\d+-\d+\.ec2`) +var externalDomainWithSuffix = regexp.MustCompile(`(.+\.(com|net|org|io))\..+`) + +func NormalizeFQDN(fqdn string, requestType string) string { + if requestType == "TypePTR" { + return "IP.in-addr.arpa" + } + fqdn = ec2NodeRegex.ReplaceAllLiteralString(fqdn, "IP.ec2") + fqdn = externalDomainWithSuffix.ReplaceAllString(fqdn, "$1.search_path_suffix") + return fqdn +} diff --git a/common/net_test.go b/common/net_test.go index 0774a09..38ee77e 100644 --- a/common/net_test.go +++ b/common/net_test.go @@ -57,3 +57,18 @@ func TestDestinationKey(t *testing.T) { NewDestinationKey(d, ad, "bucket.s3.amazonaws.com.default.svc.cluster.local").String(), ) } + +func TestNormalizeFQDN(t *testing.T) { + assert.Equal(t, "IP.in-addr.arpa", NormalizeFQDN("4.3.2.1.in-addr.arpa", "TypePTR")) + assert.Equal(t, "coroot.com", NormalizeFQDN("coroot.com", "TypeA")) + assert.Equal(t, "IP.ec2.internal", NormalizeFQDN("ip-172-1-2-3.ec2.internal", "TypeA")) + + assert.Equal(t, "example.com", NormalizeFQDN("example.com", "TypeA")) + assert.Equal(t, "example.com.search_path_suffix", NormalizeFQDN("example.com.cluster.local", "TypeA")) + assert.Equal(t, "example.com.search_path_suffix", NormalizeFQDN("example.com.svc.cluster.local", "TypeA")) + assert.Equal(t, "example.com.search_path_suffix", NormalizeFQDN("example.com.svc.default.cluster.local", "TypeA")) + + assert.Equal(t, "example.net.search_path_suffix", NormalizeFQDN("example.net.svc.default.cluster.local", "TypeA")) + assert.Equal(t, "example.org.search_path_suffix", NormalizeFQDN("example.org.svc.default.cluster.local", "TypeA")) + assert.Equal(t, "example.io.search_path_suffix", NormalizeFQDN("example.io.svc.default.cluster.local", "TypeA")) +} diff --git a/containers/container.go b/containers/container.go index 1cadd63..01200e9 100644 --- a/containers/container.go +++ b/containers/container.go @@ -654,6 +654,15 @@ func (c *Container) onDNSRequest(r *l7.RequestData) map[netaddr.IP]string { if t == "" { return nil } + fqdn = common.NormalizeFQDN(fqdn, t) + + // To reduce the number of metrics, we ignore AAAA requests with empty results, + // as they are typically performed simultaneously with A requests and do not add + // any additional latency to the application. + if t == "TypeAAAA" && r.Status == 0 && len(ips) == 0 { + return nil + } + if c.dnsStats.Requests == nil { dnsReq := L7Requests[l7.ProtocolDNS] c.dnsStats.Requests = prometheus.NewCounterVec(