Skip to content

docs(observability): Add tutorial for IP option tracing#43961

Merged
joestringer merged 1 commit intocilium:mainfrom
Bigdelle:ip-trace-injection
Jan 27, 2026
Merged

docs(observability): Add tutorial for IP option tracing#43961
joestringer merged 1 commit intocilium:mainfrom
Bigdelle:ip-trace-injection

Conversation

@Bigdelle
Copy link
Copy Markdown
Contributor

@Bigdelle Bigdelle commented Jan 23, 2026
edited
Loading

Description:

This PR adds a tutorial for the IP Options packet tracing (#41306) feature landing in v1.19.

This guide provides a deterministic reproduction case to validate that Cilium is correctly extracting metadata from packet headers. It bridges the gap between feature implementation and user validation.

Key additions:

  • A kind based environment with the feature flag enabled.
  • A "Manual Verification" step using nping to inject IP options.
  • Locating the correct Cilium agent pod and running cilium monitor to view the flow messages with the IP trace ID.
  • Examples of filtering traffic by Trace ID in the Hubble CLI.

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jan 23, 2026
joestringer
joestringer requested changes Jan 23, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@joestringer joestringer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for putting this together! I reviewed the content but didn't get a chance to try it out. The guide makes sense to me though, so the feedback is mainly just about ensuring consistency with other docs and how we keep these docs maintainable into the future.

@joestringer joestringer added release-note/misc This PR makes changes that have no direct user impact. release-blocker/1.19 This issue will prevent the release of the next version of Cilium. needs-backport/1.19 This PR / issue needs backporting to the v1.19 branch labels Jan 23, 2026
@maintainer-s-little-helper maintainer-s-little-helper bot removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Jan 23, 2026
@github-project-automation github-project-automation bot moved this from Proposed to Active in Release blockers Jan 23, 2026
sypakine
sypakine approved these changes Jan 23, 2026
View reviewed changes
aanm
aanm previously requested changes Jan 26, 2026
View reviewed changes
@Bigdelle Bigdelle marked this pull request as ready for review January 26, 2026 17:43
@Bigdelle Bigdelle requested review from a team as code owners January 26, 2026 17:43
@Bigdelle Bigdelle requested review from devodev and qmonnet January 26, 2026 17:43
joestringer
joestringer requested changes Jan 26, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@joestringer joestringer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, a few more changes are necessary but this is getting simpler and easier for users - great sign.

joestringer
joestringer reviewed Jan 26, 2026
View reviewed changes
@Bigdelle Bigdelle force-pushed the ip-trace-injection branch 2 times, most recently from 0533df5 to 2284999 Compare January 26, 2026 22:48
@Bigdelle
docs(observability): Add tutorial for generic IP option tracing
08b6aad 
This commit adds a new tutorial documenting how to configure
and use the Generic IP Options packet tracing feature.

The tutorial covers:

- Configuring `bpf.monitorTraceIPOption` via Helm in a Kind
environment.
- Manually verifying the feature using `nping` to inject valid
2-byte Trace IDs.
- Observing extracted Trace IDs using `cilium monitor`
- Filtering flows by Trace ID using the
`hubble observe --ip-trace-id` command.
- Documentation of current BPF limitations regarding strict
payload lengths (2, 4, or 8 bytes).

Signed-off-by: Ben Bigdelle <bigdelle@google.com>
joestringer
joestringer approved these changes Jan 27, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@joestringer joestringer left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, LGTM from a docs perspective and I was also able to try out the feature locally. Nice work, cool feature ❤️

For testing I had to substitute the install command from the version previewed from Netlify, but that's to be expected with how the cilium-helm-install Sphinx helper works today on main.

helm install cilium/cilium --version v1.19.0-rc.0 ...

Documentation/observability/hubble/ip-packet-tracing.rst
Comment on lines +125 to +137
.. code-block:: shell-session

cd hubble
make hubble
cilium hubble port-forward &

#. Filter by Trace ID

Filter specifically for the injected ID ``13345`` (hex ``0x3421``):

.. code-block:: shell-session

./hubble observe -f --ip-trace-id 13345
Copy link
Copy Markdown
Member

@joestringer joestringer Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably once we get the v1.19.0 release out and get a new Hubble v1.19.0 binary released, it'll make sense to come back to these instructions to update them to use the official binary. IIRC we wait until after the Cilium v1.19 release to create the Hubble CLI so maybe let's coordinate on that front with @cilium/sig-hubble .

@joestringer joestringer dismissed aanm’s stale review January 27, 2026 00:06

Feedback addressed

@joestringer
Copy link
Copy Markdown
Member

joestringer commented Jan 27, 2026

/test

@joestringer joestringer merged commit 462b18e into cilium:main Jan 27, 2026
59 of 76 checks passed
@github-project-automation github-project-automation bot moved this from Active to Done in Release blockers Jan 27, 2026
@joestringer joestringer mentioned this pull request Jan 27, 2026
Merged
10 tasks
@joestringer joestringer added backport-pending/1.19 The backport for Cilium 1.19.x for this PR is in progress. and removed needs-backport/1.19 This PR / issue needs backporting to the v1.19 branch labels Jan 27, 2026
@github-actions github-actions bot added backport-done/1.19 The backport for Cilium 1.19.x for this PR is done. and removed backport-pending/1.19 The backport for Cilium 1.19.x for this PR is in progress. labels Jan 27, 2026
@cilium-release-bot cilium-release-bot bot moved this to Released in cilium v1.19.0 Feb 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joestringer joestringer joestringer approved these changes

@aanm aanm aanm left review comments

@qmonnet qmonnet Awaiting requested review from qmonnet qmonnet is a code owner automatically assigned from cilium/docs-structure

@devodev devodev Awaiting requested review from devodev devodev is a code owner automatically assigned from cilium/sig-hubble

+1 more reviewer

@sypakine sypakine sypakine approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport-done/1.19 The backport for Cilium 1.19.x for this PR is done. release-blocker/1.19 This issue will prevent the release of the next version of Cilium. release-note/misc This PR makes changes that have no direct user impact.

Projects

Release blockers
Archived in project
cilium v1.19.0
Status: Released

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Bigdelle @joestringer @aanm @sypakine