bri bring nging ng the the power r of eb ebpf to to open
play

Bri Bring nging ng the the Power r of eB eBPF to to Open - PowerPoint PPT Presentation

Jun 28, 2023 •39 likes •429 views

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

  1. Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1

  2. Outline • Introduction and Motivation • OVS-eBPF Project • OVS-AF_XDP Project • Conclusion 2

  3. What is OVS? SDN Controller OpenFlow ovs-vswitchd Slow Path Fast Path Datapath 3

  4. OVS Linux Kernel Datapath ovs-vswitchd Slow path socket in userspace Fast Path IP/routing OVS Kernel in Kernel module Device RX Hook driver Hardware 4

  5. OV OVS-eB eBPF 5

  6. OVS-eBPF Motivation • Maintenance cost when adding a new datapath feature: • Time to upstream and time to backport • Maintain ABI compatibility between different kernel and OVS versions. • Different backported kernel, ex: RHEL, grsecurity patch • Bugs in compat code are often non-obvious to fix • Implement datapath functionalities in eBPF • More stable ABI and guarantee to run in newer kernel • More opportunities for experiments / innovations 6

  7. What is eBPF? • An in-kernel virtual machine • Users can load its program and attach to a specific hook point in kernel • Safety guaranteed by BPF verifier • Attach points: network, trace point, driver, … etc • Maps • Efficient key/value store resides in kernel space • Can be shared between eBPF prorgam and user space applications • Helper Functions • A core kernel defined set of functions for eBPF program to retrieve/push data from/to the kernel 7

  8. OVS-eBPF Project Goal ovs-vswitchd Slow path • Re-write OVS kernel datapath in userspace entirely with eBPF eBPF maps • ovs-vswitchd controls and Fast Path IP/routing manages the eBPF program in Kernel eBPF Program • eBPF map as channels in TC hook between Parse Lookup Actions • eBPF DP will be specific to ovs-vswitchd driver Hardware 9

  9. Headers/Metadata Parsing • Define a flow key similar to struct sw_flow_key in kernel • Parse protocols on packet data • Parse metadata on struct __sk_buff • Save flow key in per-cpu eBPF map Difficulties • Stack is heavily used (max: 512-byte, sw_flow_key: 464-byte) • Program is very branchy 10

  10. Review: Flow Lookup in Kernel Datapath Slow Path • Ingress: lookup miss and upcall ovs-vswitchd • ovs-vswitchd receives, does flow translation, and programs flow entry into flow table in OVS kernel module 2. miss upcall 3. flow installation (netlink) (netlink) • OVS kernel DP installs the flow entry • OVS kernel DP receives and executes Flow Table Parser actions on the packet (EMC + Megaflow) 4. actions 1. Ingress Fast Path • Subsequent packets hit the flow cache EMC: Exact Match Cache 11

  11. Flow Lookup in eBPF Datapath Slow Path • Ingress: lookup miss and upcall ovs-vswitchd • Perf ring buffer carries packet and its metadata to ovs-vswitchd 3. flow installation 2. miss upcall • ovs-vswitchd receives, does flow (netlink TLV -> (perf ring buf -> translation, and programs flow entry fixed array -> eBPF map) netlink) into eBPF map Flow Table • ovs-vswitchd sends the packet down to Parser trigger lookup again (eBPF hash map) 4. actions 1. Ingress Fast Path • Subsequent packets hit flow in eBPF Limitation on flow installation: map TLV format currently not supported in BPF verifier Solution: Convert TLV into fixed length array 12

  12. Review: OVS Kernel Datapath Actions A list of actions to execute on the packet FlowTable Act1 Act2 Act3 … Example cases of DP actions • Flooding: • Datapath actions= output:9,output:5,output:10,… • Mirror and push vlan: • Datapath actions= output:3,push_vlan(vid=17,pcp=0),output:2 • Tunnel: • Datapath actions: set(tunnel(tun_id=0x5,src=2.2.2.2,dst=1.1.1.1,ttl=64,flags(df|key))),output:1 13

  13. eBPF Datapath Actions A list of actions to execute on the packet eBPF eBPF Map Map Tail Tail FlowTable … lookup Call Act1 Call lookup Act2 Challenges • Limited eBPF program size (maximum 4K instructions) • Variable number of actions: BPF disallows loops to ensure program termination Solution: • Make each action type an eBPF program, and tail call the next action • Side effects: tail call has limited context and does not return • Solution: keep action metadata and action list in a map 14

  14. Performance Evaluation 14.88Mpps br0 sender BPF 16-core Intel Xeon eth0 eth1 E5 2650 2.4GHz Intel X3540-AT2 32GB memory Dual port 10G NIC + eBPF Datapath Ingress DPDK packet generator Egress • Sender sends 64Byte, 14.88Mpps to one port, measure the receiving packet rate at the other port • OVS receives packets from one port, forwards to the other port • Compare OVS kernel datapath and eBPF datapath • Measure single flow, single core performance with Linux kernel 4.9-rc3 on OVS server 15

  15. OVS Kernel and eBPF Datapath Performance OVS Kernel DP Mpps eBPF DP Actions Mpps Actions Redirect (no parser, lookup, actions) 1.90 Output 1.34 Output 1.12 Set dst_mac + Output 1.23 Set dst_mac + Output 1.14 Set GRE tunnel + Output 0.57 Set GRE tunnel + Output 0.48 All measurements are based on single flow, single core. 16

  16. Conclusion and Future Work Features • Megaflow support and basic conntrack in progress • Packet (de)fragmentation and ALG under discussion Lesson Learned • Taking existing features and converting to eBPF is hard • OVS datapath logic is difficult 17

  17. OV OVS-AF AF_XDP DP 18

  18. OVS-AF_XDP Motivation • Pushing all OVS datapath features into eBPF is not easy • A large flow key on stack • Variety of protocols and actions • Dynamic number of actions applied for each flow • Ideas • Retrieve packets from kernel as fast as possible • Do the rest of the processing in userspace • Difficulties 1. Reimplement all features in userspace 2. Performance 19

  19. OVS Userspace Datapath (dpif-netdev) SDN Controller ovs-vswitchd Both slow and fast path in userspace Userspace Another datapath implementation in userspace Datapath DPDK library Hardware 20

  20. XDP and AF_XDP • XDP: eXpress Data path • An eBPF hook point at the network device driver level • AF_XDP: • A new socket type that receives/sends raw frames with high speed • Use XDP program to trigger receive • Userspace program manages Rx/Tx ring and Fill/Completion ring. • Zero Copy from DMA buffer to user space memory, achieving line rate (14Mpps)! From “DPDK PMD for AF_XDP” 21

  21. OVS-AF_XDP Project ovs-vswitchd Goal User space • Use AF_XDP socket as a fast Userspace channel to usersapce OVS Datapath datapath AF_XDP socket • Flow processing happens in userspace Network Stacks Kernel Driver + XDP Hardware 22

  22. AF_XDP umem and rings Introduction umem memory region: multiple 2KB chunk elements 2KB Descriptors pointing to umem Users receives packets For kernel to receive packets elements Rx Ring Fill Ring desc For kernel to signal send complete Users sends packets Completion Ring Tx Ring One Rx/Tx pair per AF_XDP socket One Fill/Comp. pair per umem region 24

  23. AF_XDP umem and rings Introduction umem memory region: multiple 2KB chunk elements 2KB Descriptors Receive pointing to umem Users receives packets For kernel to receive packets elements Rx Ring Fill Ring desc For kernel to signal send complete Users sends packets Completion Ring Tx Ring Transmit One Rx/Tx pair per AF_XDP socket One Fill/Comp. pair per umem region 25

  24. OVS-AF_XDP: Packet Reception (0) umem consisting of 8 elements Umem mempool = {1, 2, 3, 4, 5, 6, 7, 8} addr: 1 2 3 4 5 6 7 8 Fill Ring … … Rx Ring … … 26

  25. OVS-AF_XDP: Packet Reception (1) umem consisting of 8 elements Umem mempool = X X X X {5, 6, 7, 8} addr: 1 2 3 4 5 6 7 8 X: elem in use GET four elements, program to Fill ring Fill Ring … 1 2 3 4 … Rx Ring … … 27

  26. OVS-AFXDP: Packet Reception (2) umem consisting of 8 elements Umem mempool = X X X X {5, 6, 7, 8} addr: 1 2 3 4 5 6 7 8 X: elem in use Kernel receives four packets Put them into the four umem chunks Transition to Rx ring for users Fill Ring … … Rx Ring … 1 2 3 4 … 28

  27. OVS-AFXDP: Packet Reception (3) umem consisting of 8 elements Umem mempool = X X X X X X X X {} addr: 1 2 3 4 5 6 7 8 X: elem in use GET four elements Program Fill ring Fill Ring … 5 6 7 8 … (so kernel can keeps receiving packets) Rx Ring … 1 2 3 4 … 29

  28. OVS-AFXDP: Packet Reception (4) umem consisting of 8 elements Umem mempool = X X X X X X X X {} addr: 1 2 3 4 5 6 7 8 X: elem in use OVS userspace processes packets on Rx ring Fill Ring … 5 6 7 8 … Rx Ring … 1 2 3 4 … 30

  29. OVS-AFXDP: Packet Reception (5) umem consisting of 8 elements Umem mempool = X X X X {1, 2, 3, 4} addr: 1 2 3 4 5 6 7 8 X: elem in use OVS userspace finishes packet processing and recycle to umempool Back to state (1) Fill Ring … 5 6 7 8 … Rx Ring … … 31

Recommend

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

612 views • 45 slides
eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why eBPF? Target architecture (NFP based NIC) RX Path Flow of eBPF Packet The Flow Processing Core (Fully Programmable) Mapping eBPF -> NFP

668 views • 24 slides
Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q.

Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q.

FOSDEM20 Brussels, 2020-02-01 Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q. Monnet eBPF Update 2/18 eBPF Basics New Features eBPF Universe eBPF Basics Q. Monnet

531 views • 18 slides
eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium

eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium

eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium project fosdem17, February 4, 2017 Daniel Borkmann eBPF in tcs cls bpf and XDP February 4, 2017 1 / 11 Big Picture: eBPF and Networking eBPF:

476 views • 11 slides
Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall

Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall

Linux Plumbers Conference 2019 eBPF conf Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall mathieu.desnoyers@efcios.com Restartable Sequences (RSEQ) in a nutshell System call registering

457 views • 9 slides
Ba Barossa First ssa First The he Bel Belongi nging BAROSSA FIRST: THE BELONGING

Ba Barossa First ssa First The he Bel Belongi nging BAROSSA FIRST: THE BELONGING

BARO BA ROSS SSA 2 0 1 9 T h i n k T a n k Ba Barossa First ssa First The he Bel Belongi nging BAROSSA FIRST: THE BELONGING Investm Inv stment o of $ $800k 00k + to to gr grow ow wine wine ex expor ports by by showc

396 views • 22 slides
Open Design Fosdem 2017 @l_myle_l My L What does Open Design consist of? What can it bring

Open Design Fosdem 2017 @l_myle_l My L What does Open Design consist of? What can it bring

Open Design Fosdem 2017 @l_myle_l My L What does Open Design consist of? What can it bring to us? How to go further? 1 Graphic Design 2 Typography 3 Sharing Identity Rebranding 4 Tips to share Design Practice Graphic Design

610 views • 25 slides
Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal

Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal

Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal Rostecki Swaminathan Vasudevan Software Engineer Software Engineer mrostecki@suse.com svasudevan@suse.com mrostecki@opensuse.org Whats

2.06k views • 52 slides
Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT,

Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT,

Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT, PERFORMANCE The Brief. Extended Berkley Packet Filter (eBPF) is a new Linux feature which allows safe and efficient monitoring of kernel functions.

593 views • 27 slides
Give people the power to build community and bring the world closer together 1 ESTEVO DE

Give people the power to build community and bring the world closer together 1 ESTEVO DE

M I S S I O N Give people the power to build community and bring the world closer together 1 ESTEVO DE MARCO GERENTE DE CONTAS No. 1 Mobile Revolution Source: Placeholder text. 3 Devices, channels and platforms are growing at an

729 views • 41 slides
IBM project Objective Bring IBM Power Systems back into the Top5 list Push

IBM project Objective Bring IBM Power Systems back into the Top5 list Push

MareNostrum Building and running the system Sergi Girona Lisbon, August 29th, 2005 Operations Head History: Three Rivers Project IBM project Objective Bring IBM Power Systems back into the Top5 list Push forward Linux

489 views • 24 slides
New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux

New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux

<Insert Picture Here> New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux Engineering, Oracle America Linuxcon Japan 2015 Overview BPF eBPF eBPF main concepts and elements eBPF

601 views • 42 slides
WABBA INTERNATIONAL MISSION STATEMENT To bring together the most experienced, highly motivated and

WABBA INTERNATIONAL MISSION STATEMENT To bring together the most experienced, highly motivated and

WABBA INTERNATIONAL MISSION STATEMENT To bring together the most experienced, highly motivated and like minded fitness professionals who will bring bodybuilding back to its glory and create an exciting and impartial competitive arena open to all

706 views • 57 slides
Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018 Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF You don't need to know how to operate

632 views • 26 slides
eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 |

eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 |

# biolatency.bt Attaching 3 probes... Tracing block device I/O... Hit Ctrl-C to end. eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 | | [512, 1K) 10 |@

933 views • 39 slides
How to Speak A, B and C A is for Audience B is for Body Language Power Power Power C

How to Speak A, B and C A is for Audience B is for Body Language Power Power Power C

How to Speak A, B and C A is for Audience B is for Body Language Power Power Power C is for Connection S-O-F-T-E-N S: is for Smile O: Is for Open Posture F is for Facial Expression T: is for Tone E: is for Eye Contact N: is for Nodding

449 views • 16 slides
Th The Ne e Next L Linux S x Super erpower er: eBPF eBPF Prime mer Sasha Goldshtein CTO,

Th The Ne e Next L Linux S x Super erpower er: eBPF eBPF Prime mer Sasha Goldshtein CTO,

Europe 2016 @goldshtn h7ps://s.sashag.n Th The Ne e Next L Linux S x Super erpower er: eBPF eBPF Prime mer Sasha Goldshtein CTO, Sela Group @goldshtn Europe 2016 @goldshtn h7ps://s.sashag.n Europe 2016 @goldshtn h7ps://s.sashag.n

248 views • 24 slides
Linux tc and eBPF. Daniel Borkmann <daniel@iogearbox.net> Noiro Networks / Cisco Systems

Linux tc and eBPF. Daniel Borkmann <daniel@iogearbox.net> Noiro Networks / Cisco Systems

Linux tc and eBPF. Daniel Borkmann <daniel@iogearbox.net> Noiro Networks / Cisco Systems fosdem16, January 31, 2016 Daniel Borkmann tc and cls bpf with eBPF January 31, 2016 1 / 16 Background, history. BPF origins as a generic, fast

326 views • 16 slides
Stateful packet processing with eBPF: An implementation of OpenState interface Quentin Monnet

Stateful packet processing with eBPF: An implementation of OpenState interface Quentin Monnet

FOSDEM17 Brussels, 2017-02-04 Stateful packet processing with eBPF: An implementation of OpenState interface Quentin Monnet < quentin.monnet@6wind.com > @qeole Quentin Monnet (6WIND) | BEBA OpenState and eBPF Agenda 2/34 Ill

558 views • 34 slides
Whats the Most Important Thing How to w to Bring Bring Out th t the Best Best in You

Whats the Most Important Thing How to w to Bring Bring Out th t the Best Best in You

Whats the Most Important Thing How to w to Bring Bring Out th t the Best Best in You Your r Mil Millennials 1. Your manager does that allows and/or supports this kind of passion at work? 7 7 Pr Pract actices ices for for Great

412 views • 19 slides
OWL Simplified English* Richard Power Open University, UK * A finite-state language for ontology

OWL Simplified English* Richard Power Open University, UK * A finite-state language for ontology

OWL Simplified English* Richard Power Open University, UK * A finite-state language for ontology editing Semantic Web Authoring Tool (EPSRC 2009-2012) Open University (Department of Computing) Richard Power Sandra Williams Allan Third Tu

706 views • 54 slides
The pool next to the ocean How to bring open source skills to more people Johannes Tigges

The pool next to the ocean How to bring open source skills to more people Johannes Tigges

The pool next to the ocean How to bring open source skills to more people Johannes Tigges @lenucksi The pool next to to the ocean Johannes Tigges FOSDEM 2020 Bondi Icebergs swimming pool. Corvevette CC Attribution-Share Alike 3.0

270 views • 23 slides
Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge,

Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge,

Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico What prompted the team to add another dataplane to Calico? Calicos Pluggable Dataplane What is eBPF?

312 views • 20 slides
Thank you for your interest in S olar Power Why Solar Power? Empowering Mountaineers are always

Thank you for your interest in S olar Power Why Solar Power? Empowering Mountaineers are always

Solar Open House Hickory Ridge October 3, 2015 Why go with Solar Power? & How to make it happen for you. Thank you for your interest in S olar Power Why Solar Power? Empowering Mountaineers are always free Becoming an power

656 views • 31 slides

More recommend