Proposal: vrouter eBPF features #36
Comments
|
Is there any relationship to the work in #1 ? XDP and eBPF are different, but related. I just want to make sure that work isn't overlapping. In general I would like to see some kind of proof of concept. The vrouter kernel module and eBPF would be co-resident in the kernel and I'm unclear how they interact in general. Having vrouter being able to leverage eBPF programs would be extremely powerful. We need to make sure that there is some kind of general purpose reusable mechanism for this rather than a one-off solution. |
There is relationship to mentioned issue. As far as we researched XDP is another one tool to leverage packet processing to offloaded NIC (eBPF is also could be used here). eBPF could be enabled at any stage of packet processing with hooks. I heard about eBPF many times in performance related articles and tools that eBPF could be used to implement new features easily. Not researched how to pass context about received packet (like VNI uuid and so on). |
I had a little conversation with @mkraposhin about eBPF. This could be a nice feature to implement something in a simple way instead of hard-coded into cpp vrouter's code. Seems like Kubernetes dudes are using it for a long time in a lot different ways.
Most simple case that could be solved is QoS (bandwidth limit).
Following original Juniper docs that operator have to configure nova flavor is leading to use linux HTB by default that will cause whole network degradation at some moment (i've observed that it could happen when interfaces with QoS counts more than 200) due to monstrous spin_lock locks (more details you can find here. eBPF could help to limit flows bandwidth for example but actual use case is a lot bigger.
It is possible to hook into vrouter packet processing pipeline to do something on a kernel-level and it is documented behavior.
eBPF programs are event-driven and are run when the kernel or an application passes a certain hook point. Pre-defined hooks include system calls, function entry/exit, kernel tracepoints, network events, and several others.If a predefined hook does not exist for a particular need, it is possible to create a kernel probe (kprobe) or user probe (uprobe) to attach eBPF programs almost anywhere in kernel or user applications.Seems like there is no big overhead using eBPF because it is being executed on a kernel-level.
refs:
The text was updated successfully, but these errors were encountered: