From 005156e089a5f5ef9210a94945b2782d627611cf Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Sun, 31 Mar 2024 21:56:50 +0900
Subject: [PATCH] Accelerate networking with bypass4netns

Depends on:
- rootless-containers/bypass4netns PR 68
- containerd/nerdctl PR 2916

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 Makefile            | 11 +++++++++++
 README.md           | 11 +++++++++++
 docker-compose.yaml |  5 +++++
 3 files changed, 27 insertions(+)

diff --git a/Makefile b/Makefile
index 62339a6..c6c53ce 100644
--- a/Makefile
+++ b/Makefile
@@ -36,6 +36,13 @@ NODE_SHELL := $(COMPOSE) exec \
 	-e U7S_NODE_IP=$(U7S_NODE_IP) \
 	$(NODE_SERVICE_NAME)
 
+ifeq ($(CONTAINER_ENGINE),nerdctl)
+ifneq (,$(wildcard $(XDG_RUNTIME_DIR)/bypass4netnsd.sock))
+	export U7S_B4NN := true
+	export U7S_B4NN_IGNORE_SUBNETS := ["10.96.0.0/16", "10.244.0.0/16", "$(U7S_NODE_SUBNET)"]
+endif
+endif
+
 .PHONY: help
 help:
 	@echo '# Bootstrap a cluster'
@@ -64,6 +71,10 @@ help:
 check-preflight:
 	./Makefile.d/check-preflight.sh
 
+.PHONY: render
+render: check-preflight
+	$(COMPOSE) config
+
 .PHONY: up
 up: check-preflight
 	$(COMPOSE) up --build -d
diff --git a/README.md b/README.md
index cd585a2..404a675 100644
--- a/README.md
+++ b/README.md
@@ -119,5 +119,16 @@ To change the container engine, set `export CONTAINER_ENGINE=podman` or `export
 - Some [volume drivers](https://kubernetes.io/docs/concepts/storage/volumes/) such as `nfs` do not work.
 
 ## Advanced topics
+### Network
+When `CONTAINER_ENGINE` is set to `nerdctl`, [bypass4netns](https://github.com/rootless-containers/bypass4netns) can be enabled for accelerating `connect(2)` syscalls.
+The acceleration currently does not apply to VXLAN packets.
+
+```bash
+containerd-rootless-setuptool.sh install-bypass4netnsd
+export CONTAINER_ENGINE=nerdctl
+make up
+```
+
+### Misc
 - Although Usernetes (Gen2) is designed to be used with Rootless Docker, it should work with the regular "rootful" Docker too.
   This might be useful for some people who are looking for "multi-host" version of [`kind`](https://kind.sigs.k8s.io/) and [minikube](https://minikube.sigs.k8s.io/).
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 2ae7291..15d8e9f 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -39,6 +39,11 @@ services:
       # In addition, `net.ipv4.conf.default.rp_filter`
       # has to be set to 0 (disabled) or 2 (loose)
       # in the daemon's network namespace.
+    annotations:
+      # Accelerate network for nerdctl >= 2.0.0-beta.4 with bypass4netns >= 0.4.1
+      "nerdctl/bypass4netns": "${U7S_B4NN:-false}"
+      "nerdctl/bypass4netns-ignore-bind": "true"
+      "nerdctl/bypass4netns-ignore-subnets": "${U7S_B4NN_IGNORE_SUBNETS:-}"
 networks:
   default:
     ipam: