未加星标

Fast Linux Packet Forwarding with Thomas Graf on Software Gone Wild

字体大小 | |
[系统(linux) 所属分类 系统(linux) | 发布者 店小二03 | 时间 2016 | 作者 红领巾 ] 0人收藏点击收藏

We did several podcasts describing how one could get stellar packet forwarding performance on x86 servers reimplementing the whole forwarding stack outside of kernel (Snabb Switch) or bypassing the linux kernel and moving the packet processing into userspace (PF_Ring).

Now let’s see if it’s possible to improve the Linux kernel forwarding performance. Thomas Graf , one of the authors of Cilium claims it can be done and explained the intricate details inEpisode 64 ofSoftware Gone Wild.

We started with the basics:

Are the Linux packet forwarding performance numbers tossed around realistic or biased? What can one reasonably expect from a Linux kernel? Why Linux kernel suboptimal when it comes to packet forwarding performance?

Just a few minutes into our talk we slid down a rabbit hole into the wonderland of BPF . We started with “ what is BPF ” which turned into a minute of acronyms and tried to step back and do a one-step-at-a-time controlled descent:

What is bytecode? Why would you use byte code (and BPF) instead of writing a kernel module? Why is BPF better (or not) than userspace packet forwarding? What are the BPF limitations? How would you write programs that would generate BPF code that would then be used to process packets? What is P4 and who would use it?

BPF sounds like fun, but where would you use it? Thomas is working on an interesting use case ( project Cilium ) - using BPF to implement container networking - and obviously we had to explore its details:

How would you use BPF to implement container networking? Upgrading networking behavior while the containers are running How do you glue namespaces together with BPF?

Next on our acronym list was XDP (eXpress Data Plane), a project started within CloudFlare to improve packet dropping performance when defending against DDoS attack. XDP is a packet processing mechanism implemented within the device drivers with BPF, and we went through the details like:

Why would you prefer XDP in software instead of programming TCAM available on Intel NICs? Why would you batch packet processing and why would you do it in a driver instead of Linux kernel? How would you bypass the kernel packet forwarding with XDP? What hardware could I use with XDP and when can I expect to have support for more hardware? Where can I get XDP and how do I get it running? How easy would it be to get communication between userspace control plane (or telemetry) and a BPF program?

Finally we turned to down-to-earth aspects:

Who is using these technologies? What is Cilium project and where could I get it? How is Cilium enforcing security between containers across multiple hosts? Is Cilium ready for production? Is anyone using it today?

本文系统(linux)相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统

主题: Linux
分页:12
转载请注明
本文标题:Fast Linux Packet Forwarding with Thomas Graf on Software Gone Wild
本站链接:http://www.codesec.net/view/482881.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(linux) | 评论(0) | 阅读(30)