calico networking with ebpf
play

Calico Networking with eBPF Shaun Crampton, Core Developer for - PowerPoint PPT Presentation

Sep 21, 2023 •102 likes •312 views

Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico What prompted the team to add another dataplane to Calico? Calicos Pluggable Dataplane What is eBPF?

  1. Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico

  2. What prompted the team to add another dataplane to Calico?

  3. Calico’s Pluggable Dataplane

  4. What is eBPF?

  5. (extended) Berkeley Packet Filter An in-kernel virtual machine that “gives super-powers to ● Linux” Allows you to attach mini-programs to low-level hooks in ● the kernel Programs verified to ensure they are “safe” ● e.g. can’t crash the system, access invalid memory addresses, will ○ terminate Programs can only interact with the rest of the kernel ● through helper functions (there’s a limit to super powers!) The clang compiler can be used to build eBPF programs ● or you can write them directly in byte-code

  6. What sort of things can you do with eBPF?

  7. eBPF Features and Uses Security! ● A seccomp filter mode allows users to write a program to determine ○ if a system call is allowed. Logging and Tracing! ● Gather information directly from the kernel about what calls are ○ being run and how much time is being spent in them. Network Routing and Packet Filtering! ● It’s right there in the name. There are many different networking ○ hooks - with varying performance and richness in capabilities.

  8. How did you figure out what to build? What was your design and development process?

  9. How is this different from the current implementation?

  10. What improvements does eBPF bring to Calico?

  11. Pod-to-pod throughput and CPU 40 Gbps network, running qperf in single pod

  12. Native handling of Services: First packet latency

  13. Native handling of Services: More efficient updates

  14. Native handling of Services: Direct Server Return Kube-proxy packet path Calico eBPF

  15. Native handling of Services: Direct Server Return 40 Gbps network, 1k services

  16. How can I try it out?

  17. How to try it out! This is a tech preview, which means it’s not ready for ● production… yet! https://docs.projectcalico.org/getting-started/kubernetes/trying-ebpf ●

  18. What’s next?

  19. Thank you! Questions? https:/ /projectcalico.org @projectcalico https:/ /github.com/projectcalico/community https:/ /slack.projectcalico.org https:/ /discuss.projectcalico.org

  20. References Introducing the Calico eBPF Dataplane (projectcalico) ● A Thorough Introduction to eBPF (lwn) ● A seccomp overview (lwn) ● eBPF Tracing Tools ●

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mesos Networking with Project Calico Ed Harrison and Neil Jerram Christos Kozyrakis, Spike

Mesos Networking with Project Calico Ed Harrison and Neil Jerram Christos Kozyrakis, Spike

Mesos Networking with Project Calico Ed Harrison and Neil Jerram Christos Kozyrakis, Spike Curtis, Kapil Arya, Dan Osborne, Connor Doyle, Niklas Nielsen, Tarak Parekh, Alex Pollitt The State of Mesos Networking Containers share the slave

285 views • 25 slides
Kubernetes networking with Calico Hemanth Nakkina, Solution Architect, Ericsson Abhijeet Singh,

Kubernetes networking with Calico Hemanth Nakkina, Solution Architect, Ericsson Abhijeet Singh,

Kubernetes networking with Calico Hemanth Nakkina, Solution Architect, Ericsson Abhijeet Singh, Director, AT&T Uday T Kumar, Solution Architect, Ericsson There is no such thing as Container Networking Kelsey Hightower,

928 views • 9 slides
eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium

eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium

eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium project fosdem17, February 4, 2017 Daniel Borkmann eBPF in tcs cls bpf and XDP February 4, 2017 1 / 11 Big Picture: eBPF and Networking eBPF:

476 views • 11 slides
Up Cloud Native Networking with eBPF Next Technical Track Presentation Raymond Maika

Up Cloud Native Networking with eBPF Next Technical Track Presentation Raymond Maika

Up Cloud Native Networking with eBPF Next Technical Track Presentation Raymond Maika Engineering Team Lead Agenda Cloud Native networking CNI Plugin landscape Cilium Overview Policy Overview Policy Enforcement in Cilium

532 views • 12 slides
eBPF Based Container Networking A Network Performance Comparison Nick de Bruijn July 4, 2017

eBPF Based Container Networking A Network Performance Comparison Nick de Bruijn July 4, 2017

eBPF Based Container Networking A Network Performance Comparison Nick de Bruijn July 4, 2017 University of Amsterdam Introduction Figure 1: Microservices and Containers 1 1

309 views • 30 slides
eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why eBPF? Target architecture (NFP based NIC) RX Path Flow of eBPF Packet The Flow Processing Core (Fully Programmable) Mapping eBPF -> NFP

668 views • 24 slides
Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q.

Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q.

FOSDEM20 Brussels, 2020-02-01 Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q. Monnet eBPF Update 2/18 eBPF Basics New Features eBPF Universe eBPF Basics Q. Monnet

531 views • 18 slides
Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall

Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall

Linux Plumbers Conference 2019 eBPF conf Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall mathieu.desnoyers@efcios.com Restartable Sequences (RSEQ) in a nutshell System call registering

457 views • 9 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

612 views • 45 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

429 views • 39 slides
Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal

Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal

Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal Rostecki Swaminathan Vasudevan Software Engineer Software Engineer mrostecki@suse.com svasudevan@suse.com mrostecki@opensuse.org Whats

2.06k views • 52 slides
Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT,

Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT,

Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT, PERFORMANCE The Brief. Extended Berkley Packet Filter (eBPF) is a new Linux feature which allows safe and efficient monitoring of kernel functions.

593 views • 27 slides
New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux

New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux

<Insert Picture Here> New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux Engineering, Oracle America Linuxcon Japan 2015 Overview BPF eBPF eBPF main concepts and elements eBPF

601 views • 42 slides
Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018 Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF You don't need to know how to operate

632 views • 26 slides
eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 |

eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 |

# biolatency.bt Attaching 3 probes... Tracing block device I/O... Hit Ctrl-C to end. eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 | | [512, 1K) 10 |@

933 views • 39 slides
CALICO 2015 Places and Spaces: Redefining Language Learning University of Colorado, Boulder May

CALICO 2015 Places and Spaces: Redefining Language Learning University of Colorado, Boulder May

CALICO 2015 Places and Spaces: Redefining Language Learning University of Colorado, Boulder May 26-30 Luba Iskold Muhlenberg College Presentation Outline Redefining Language Learning: The SMAR Model What is VoiceThread & Why use it

381 views • 19 slides
The eXpress Data Path Fast Programmable Packet Processing in the Operating System Kernel Toke

The eXpress Data Path Fast Programmable Packet Processing in the Operating System Kernel Toke

The eXpress Data Path Fast Programmable Packet Processing in the Operating System Kernel Toke Hiland-Jrgensen (Karlstad University) Jesper Dangaard Brouer (Red Hat) Daniel Borkmann (Cilium.io) John Fastabend (Cilium.io) Tom Herbert

738 views • 19 slides
Routing without Flow Control Costas Busch Rensselaer Polytechnic Institute Maurice Herlihy

Routing without Flow Control Costas Busch Rensselaer Polytechnic Institute Maurice Herlihy

Routing without Flow Control Costas Busch Rensselaer Polytechnic Institute Maurice Herlihy Brown University Roger Wattenhofer Microsoft Research 1 The network: n mesh n n n Discrete time Bi-directional links At most one

765 views • 49 slides
In Inno nova vativ tive e Fi Fina nance nce for or SM SMEs Es in C n Chi hina na

In Inno nova vativ tive e Fi Fina nance nce for or SM SMEs Es in C n Chi hina na

In Inno nova vativ tive e Fi Fina nance nce for or SM SMEs Es in C n Chi hina na Xiaochen Zhang Founding Partner, New Development Ventures; Board of Director, American Crowdfunding Professional Association September 21-22, 2016;

239 views • 7 slides
peer Electricity Trading Markets: Security and Privacy Analysis Mehdi Montakhabi 1 , Akash

peer Electricity Trading Markets: Security and Privacy Analysis Mehdi Montakhabi 1 , Akash

Sharing Economy in Future Peer-to- peer Electricity Trading Markets: Security and Privacy Analysis Mehdi Montakhabi 1 , Akash Madhusudan 2 , Shenja van der Graaf 1 , Aysajan Abidin 2 and Mustafa A. Mustafa 2,3 1 imec-SMIT, Vrije Universiteit

365 views • 24 slides
Suricata and XDP , Performance with a S like Security . Leblond OISF Nov. 29, 2018 .

Suricata and XDP , Performance with a S like Security . Leblond OISF Nov. 29, 2018 .

Suricata and XDP , Performance with a S like Security . Leblond OISF Nov. 29, 2018 . Leblond (OISF) Suricata and XDP Nov. 29, 2018 1 / 43 Introduction 1 Suricata 101 Suricata on live traffic Problem 2 Reconstruction work Packet

786 views • 59 slides
Selective Packet Capture at High Speed Rates Reservoir Labs Peter Cullen, James Ezick, Kelly Fox,

Selective Packet Capture at High Speed Rates Reservoir Labs Peter Cullen, James Ezick, Kelly Fox,

Selective Packet Capture at High Speed Rates Reservoir Labs Peter Cullen, James Ezick, Kelly Fox, Troy Hanson, Richard Lethin, Erik Mogus, Jordi Ros-Giralt, Alison Ryan, {cullen, ezick, fox, hanson, lethin, mogus, giralt, ryan}@reservoir.com

710 views • 31 slides
QoS in 5G: Enhancements for Connected Cars 5G V2X Communications Summer School Kings College

QoS in 5G: Enhancements for Connected Cars 5G V2X Communications Summer School Kings College

QoS in 5G: Enhancements for Connected Cars 5G V2X Communications Summer School Kings College London, UK Massimo Condoluci Ericsson Research 2018-06-12 Ericsson Internal | 2018-02-21 Agenda Background on QoS What is QoS? 5G QoS

342 views • 22 slides
Zorp and KZorp: Integrating Packet Filtering and Userspace proxying Balzs Scheidler

Zorp and KZorp: Integrating Packet Filtering and Userspace proxying Balzs Scheidler

Zorp and KZorp: Integrating Packet Filtering and Userspace proxying Balzs Scheidler <bazsi@balabit.com> www.balabit.com Zorp Has been established in 2000, as the fjrst BalaBit product Code was GPLd right from the start Initial set

590 views • 20 slides

More recommend