calico networking with ebpf
play

Calico Networking with eBPF Shaun Crampton, Core Developer for - PowerPoint PPT Presentation

Sep 21, 2023 •102 likes •312 views

Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico What prompted the team to add another dataplane to Calico? Calicos Pluggable Dataplane What is eBPF?

  1. Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico

  2. What prompted the team to add another dataplane to Calico?

  3. Calico’s Pluggable Dataplane

  4. What is eBPF?

  5. (extended) Berkeley Packet Filter An in-kernel virtual machine that “gives super-powers to ● Linux” Allows you to attach mini-programs to low-level hooks in ● the kernel Programs verified to ensure they are “safe” ● e.g. can’t crash the system, access invalid memory addresses, will ○ terminate Programs can only interact with the rest of the kernel ● through helper functions (there’s a limit to super powers!) The clang compiler can be used to build eBPF programs ● or you can write them directly in byte-code

  6. What sort of things can you do with eBPF?

  7. eBPF Features and Uses Security! ● A seccomp filter mode allows users to write a program to determine ○ if a system call is allowed. Logging and Tracing! ● Gather information directly from the kernel about what calls are ○ being run and how much time is being spent in them. Network Routing and Packet Filtering! ● It’s right there in the name. There are many different networking ○ hooks - with varying performance and richness in capabilities.

  8. How did you figure out what to build? What was your design and development process?

  9. How is this different from the current implementation?

  10. What improvements does eBPF bring to Calico?

  11. Pod-to-pod throughput and CPU 40 Gbps network, running qperf in single pod

  12. Native handling of Services: First packet latency

  13. Native handling of Services: More efficient updates

  14. Native handling of Services: Direct Server Return Kube-proxy packet path Calico eBPF

  15. Native handling of Services: Direct Server Return 40 Gbps network, 1k services

  16. How can I try it out?

  17. How to try it out! This is a tech preview, which means it’s not ready for ● production… yet! https://docs.projectcalico.org/getting-started/kubernetes/trying-ebpf ●

  18. What’s next?

  19. Thank you! Questions? https:/ /projectcalico.org @projectcalico https:/ /github.com/projectcalico/community https:/ /slack.projectcalico.org https:/ /discuss.projectcalico.org

  20. References Introducing the Calico eBPF Dataplane (projectcalico) ● A Thorough Introduction to eBPF (lwn) ● A seccomp overview (lwn) ● eBPF Tracing Tools ●

Recommend

Mesos Networking with Project Calico Ed Harrison and Neil Jerram Christos Kozyrakis, Spike

Mesos Networking with Project Calico Ed Harrison and Neil Jerram Christos Kozyrakis, Spike

Mesos Networking with Project Calico Ed Harrison and Neil Jerram Christos Kozyrakis, Spike Curtis, Kapil Arya, Dan Osborne, Connor Doyle, Niklas Nielsen, Tarak Parekh, Alex Pollitt The State of Mesos Networking Containers share the slave

285 views • 25 slides
Kubernetes networking with Calico Hemanth Nakkina, Solution Architect, Ericsson Abhijeet Singh,

Kubernetes networking with Calico Hemanth Nakkina, Solution Architect, Ericsson Abhijeet Singh,

Kubernetes networking with Calico Hemanth Nakkina, Solution Architect, Ericsson Abhijeet Singh, Director, AT&T Uday T Kumar, Solution Architect, Ericsson There is no such thing as Container Networking Kelsey Hightower,

928 views • 9 slides
eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium

eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium

eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium project fosdem17, February 4, 2017 Daniel Borkmann eBPF in tcs cls bpf and XDP February 4, 2017 1 / 11 Big Picture: eBPF and Networking eBPF:

476 views • 11 slides
Up Cloud Native Networking with eBPF Next Technical Track Presentation Raymond Maika

Up Cloud Native Networking with eBPF Next Technical Track Presentation Raymond Maika

Up Cloud Native Networking with eBPF Next Technical Track Presentation Raymond Maika Engineering Team Lead Agenda Cloud Native networking CNI Plugin landscape Cilium Overview Policy Overview Policy Enforcement in Cilium

532 views • 12 slides
eBPF Based Container Networking A Network Performance Comparison Nick de Bruijn July 4, 2017

eBPF Based Container Networking A Network Performance Comparison Nick de Bruijn July 4, 2017

eBPF Based Container Networking A Network Performance Comparison Nick de Bruijn July 4, 2017 University of Amsterdam Introduction Figure 1: Microservices and Containers 1 1

309 views • 30 slides
eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why eBPF? Target architecture (NFP based NIC) RX Path Flow of eBPF Packet The Flow Processing Core (Fully Programmable) Mapping eBPF -> NFP

668 views • 24 slides
Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q.

Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q.

FOSDEM20 Brussels, 2020-02-01 Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q. Monnet eBPF Update 2/18 eBPF Basics New Features eBPF Universe eBPF Basics Q. Monnet

531 views • 18 slides
Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall

Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall

Linux Plumbers Conference 2019 eBPF conf Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall mathieu.desnoyers@efcios.com Restartable Sequences (RSEQ) in a nutshell System call registering

457 views • 9 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

612 views • 45 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

429 views • 39 slides
Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal

Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal

Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal Rostecki Swaminathan Vasudevan Software Engineer Software Engineer mrostecki@suse.com svasudevan@suse.com mrostecki@opensuse.org Whats

2.06k views • 52 slides
Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT,

Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT,

Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT, PERFORMANCE The Brief. Extended Berkley Packet Filter (eBPF) is a new Linux feature which allows safe and efficient monitoring of kernel functions.

593 views • 27 slides
New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux

New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux

<Insert Picture Here> New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux Engineering, Oracle America Linuxcon Japan 2015 Overview BPF eBPF eBPF main concepts and elements eBPF

601 views • 42 slides
Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018 Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF You don't need to know how to operate

632 views • 26 slides
eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 |

eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 |

# biolatency.bt Attaching 3 probes... Tracing block device I/O... Hit Ctrl-C to end. eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 | | [512, 1K) 10 |@

933 views • 39 slides
CALICO 2015 Places and Spaces: Redefining Language Learning University of Colorado, Boulder May

CALICO 2015 Places and Spaces: Redefining Language Learning University of Colorado, Boulder May

CALICO 2015 Places and Spaces: Redefining Language Learning University of Colorado, Boulder May 26-30 Luba Iskold Muhlenberg College Presentation Outline Redefining Language Learning: The SMAR Model What is VoiceThread & Why use it

381 views • 19 slides
Th The Ne e Next L Linux S x Super erpower er: eBPF eBPF Prime mer Sasha Goldshtein CTO,

Th The Ne e Next L Linux S x Super erpower er: eBPF eBPF Prime mer Sasha Goldshtein CTO,

Europe 2016 @goldshtn h7ps://s.sashag.n Th The Ne e Next L Linux S x Super erpower er: eBPF eBPF Prime mer Sasha Goldshtein CTO, Sela Group @goldshtn Europe 2016 @goldshtn h7ps://s.sashag.n Europe 2016 @goldshtn h7ps://s.sashag.n

248 views • 24 slides
Using Your Network 10-07-16 Networking & You What is networking? Benefits of

Using Your Network 10-07-16 Networking & You What is networking? Benefits of

Jordan Borrell Networking & Bioengineering Program Using Your Network 10-07-16 Networking & You What is networking? Benefits of networking. Who do I network with? Family/Friends/Neighbors School Connections

395 views • 14 slides
Linux tc and eBPF. Daniel Borkmann <daniel@iogearbox.net> Noiro Networks / Cisco Systems

Linux tc and eBPF. Daniel Borkmann <daniel@iogearbox.net> Noiro Networks / Cisco Systems

Linux tc and eBPF. Daniel Borkmann <daniel@iogearbox.net> Noiro Networks / Cisco Systems fosdem16, January 31, 2016 Daniel Borkmann tc and cls bpf with eBPF January 31, 2016 1 / 16 Background, history. BPF origins as a generic, fast

326 views • 16 slides
Stateful packet processing with eBPF: An implementation of OpenState interface Quentin Monnet

Stateful packet processing with eBPF: An implementation of OpenState interface Quentin Monnet

FOSDEM17 Brussels, 2017-02-04 Stateful packet processing with eBPF: An implementation of OpenState interface Quentin Monnet < quentin.monnet@6wind.com > @qeole Quentin Monnet (6WIND) | BEBA OpenState and eBPF Agenda 2/34 Ill

558 views • 34 slides
Networking Don Porter CSE 506 Networking (2 parts) Goals: Review networking basics

Networking Don Porter CSE 506 Networking (2 parts) Goals: Review networking basics

Networking Don Porter CSE 506 Networking (2 parts) Goals: Review networking basics Discuss APIs Trace how a packet gets from the network device to the application (and back) Understand Receive livelock and NAPI 4

761 views • 48 slides
NAMED DATA NETWORKING (NDN) Named Data Networking NDN BRIEF HISTORY When the Networking was

NAMED DATA NETWORKING (NDN) Named Data Networking NDN BRIEF HISTORY When the Networking was

NAMED DATA NETWORKING (NDN) Named Data Networking NDN BRIEF HISTORY When the Networking was developed in the 60s and 70s Networking was mainly used for resource sharing. IP was the effective communication protocol in place.

484 views • 29 slides
The adventures of a Suricate in eBPF land . Leblond Stamus Networks Oct. 6, 2016 . Leblond

The adventures of a Suricate in eBPF land . Leblond Stamus Networks Oct. 6, 2016 . Leblond

The adventures of a Suricate in eBPF land . Leblond Stamus Networks Oct. 6, 2016 . Leblond (Stamus Networks) The adventures of a Suricate in eBPF land Oct. 6, 2016 1 / 41 Introduction to Suricata 1 Whats this ? A few words on

848 views • 56 slides
NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

CMPS122: COMPUTER SECURITY NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3 due tonight NETWORKING ATTACKS LAST TIME TCP/IP networking stack Physical layer Data link layer Network

1.1k views • 61 slides

More recommend