BPF Map Operation Latency Spike

warning

latencyUpdated Aug 15, 2025

Elevated BPF map operation times indicate kernel datapath contention or CPU pressure affecting packet processing. This manifests as increased connection establishment latency and reduced throughput, particularly impacting high-connection-rate workloads.

Sources

Tuning Guide — Cilium 1.19.1 documentationdocs.cilium.io

Tuning Guide — Cilium 1.18.1 documentationdocs.cilium.io

CNI Performance Benchmark — Cilium 1.18.1 documentationdocs.cilium.io

Technologies:

CiliumSymptoms of this issue are visible in Cilium metrics and logs

How to detect:

Monitor cilium_bpf_map_operation_datadog metric for latency increases. Correlate with cilium_process_cpu_seconds to determine if CPU saturation is causing BPF map lookup/update delays. High TCP_CRR connection rates will amplify this issue.

Recommended action:

Enable distributed LRU mode with bpf.distributedLRU.enabled=true to reduce lock contention. Increase mapDynamicSizeRatio to reduce map pressure. Verify conntrack GC is not blocking map operations by checking cilium_datapath_conntrack_gc_time_seconds. Consider CPU pinning for Cilium agents on high-throughput nodes.