Calico Networking with eBPF Shaun Crampton, Core Developer for - - PowerPoint PPT Presentation

calico networking with ebpf
SMART_READER_LITE
LIVE PREVIEW

Calico Networking with eBPF Shaun Crampton, Core Developer for - - PowerPoint PPT Presentation

Sep 21, 2023 102 likes •313 views

Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico What prompted the team to add another dataplane to Calico? Calicos Pluggable Dataplane What is eBPF?

slide-1
SLIDE 1

Calico Networking with eBPF

Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico

slide-2
SLIDE 2

What prompted the team to add another dataplane to Calico?

slide-3
SLIDE 3

Calico’s Pluggable Dataplane

slide-4
SLIDE 4

What is eBPF?

slide-5
SLIDE 5

(extended) Berkeley Packet Filter

  • An in-kernel virtual machine that “gives super-powers to

Linux”

  • Allows you to attach mini-programs to low-level hooks in

the kernel

  • Programs verified to ensure they are “safe”

○ e.g. can’t crash the system, access invalid memory addresses, will terminate

  • Programs can only interact with the rest of the kernel

through helper functions (there’s a limit to super powers!)

  • The clang compiler can be used to build eBPF programs
  • r you can write them directly in byte-code
slide-6
SLIDE 6

What sort of things can you do with eBPF?

slide-7
SLIDE 7

eBPF Features and Uses

  • Security!

○ A seccomp filter mode allows users to write a program to determine if a system call is allowed.

  • Logging and Tracing!

○ Gather information directly from the kernel about what calls are being run and how much time is being spent in them.

  • Network Routing and Packet Filtering!

○ It’s right there in the name. There are many different networking hooks - with varying performance and richness in capabilities.

slide-8
SLIDE 8

How did you figure out what to build? What was your design and development process?

slide-9
SLIDE 9

How is this different from the current implementation?

slide-10
SLIDE 10

What improvements does eBPF bring to Calico?

slide-11
SLIDE 11

Pod-to-pod throughput and CPU

40 Gbps network, running qperf in single pod

slide-12
SLIDE 12

Native handling of Services: First packet latency

slide-13
SLIDE 13

Native handling of Services: More efficient updates

slide-14
SLIDE 14

Native handling of Services: Direct Server Return

Kube-proxy packet path Calico eBPF

slide-15
SLIDE 15

Native handling of Services: Direct Server Return

40 Gbps network, 1k services

slide-16
SLIDE 16

How can I try it out?

slide-17
SLIDE 17

How to try it out!

  • This is a tech preview, which means it’s not ready for

production… yet!

  • https://docs.projectcalico.org/getting-started/kubernetes/trying-ebpf
slide-18
SLIDE 18

What’s next?

slide-19
SLIDE 19

Thank you!

Questions?

https:/ /projectcalico.org

https:/ /slack.projectcalico.org

@projectcalico

https:/ /github.com/projectcalico/community https:/ /discuss.projectcalico.org

slide-20
SLIDE 20

References

  • Introducing the Calico eBPF Dataplane (projectcalico)
  • A Thorough Introduction to eBPF (lwn)
  • A seccomp overview (lwn)
  • eBPF Tracing Tools