the express data path
play

The eXpress Data Path Fast Programmable Packet Processing in the - PowerPoint PPT Presentation

Jan 31, 2024 •539 likes •738 views

The eXpress Data Path Fast Programmable Packet Processing in the Operating System Kernel Toke Hiland-Jrgensen (Karlstad University) Jesper Dangaard Brouer (Red Hat) Daniel Borkmann (Cilium.io) John Fastabend (Cilium.io) Tom Herbert

  1. The eXpress Data Path Fast Programmable Packet Processing in the Operating System Kernel Toke Høiland-Jørgensen (Karlstad University) Jesper Dangaard Brouer (Red Hat) Daniel Borkmann (Cilium.io) John Fastabend (Cilium.io) Tom Herbert (Quantonium Inc) David Ahern (Cumulus Networks) David Miller (Red Hat) CoNEXT '18 Heraklion, Greece, Dec 2018 - Toke Høiland-Jørgensen <toke@toke.dk>    1

  2. Outline Challenges with high-speed packet processing XDP design Performance evaluation Example applications Conclusion - Toke Høiland-Jørgensen <toke@toke.dk>    2

  3. High-Speed Packet Processing is Hard Millions of packets per second 10 Gbps: 14.8Mpps / 67.5 ns per packet 100 Gbps: 148Mpps / 6.75 ns per packet Operating system stacks are too slow to keep up - Toke Høiland-Jørgensen <toke@toke.dk>    3

  4. Previous solutions Kernel bypass - move hardware to userspace High performance, but hard to integrate with the system Fast-path frame-to-userspace solutions (Netmap etc) Kernel in control, but lower performance Custom in-kernel modules (e.g., Open vSwitch) Avoids context switching, but is a maintenance burden XDP: Move processing into the kernel instead - Toke Høiland-Jørgensen <toke@toke.dk>    4

  5. XDP: Benefits Integrated with the kernel; driver retains control of hardware Can selectively use kernel stack features Stable API No packet re-injection needed Transparent to the host Dynamically re-programmable Doesn’t need a full CPU core - Toke Høiland-Jørgensen <toke@toke.dk>    5

  6. XDP: Overall design Userspace VMs and containers Applications Control plane The XDP driver hook The eBPF virtual machine Linux kernel Network stack BPF maps AF_INET Virtual devices AF_RAW The eBPF verifier TCP/UDP BPF maps IP layer AF_XDP Queueing TC BPF and forwarding Device driver XDP Build sk_buff Drop Network hardware Packet data flow Control data flow - Toke Høiland-Jørgensen <toke@toke.dk>    6

  7. XDP program flow Program execution phase transitions Communication w/rest of system Communication with rest of system Other BPF Userspace Kernel Packet flow programs programs networking stack in kernel Read/write metadata Packet verdict Context object Kernel helpers Maps Return code - RX metadata (queue no, ...) Use kernel functions, e.g.: - Key/value stores - Pointer to packet data - Checksumming - Hash, array, trie, etc. - Space for custom metadata - Routing table lookups - Defined by program Pass to stack Xmit out Redirect Drop Parse packet Rewrite packet Userspace Interface CPU - Direct memory access to packet data - Write any packet header / payload - Tail calls to split processing - Grow/shrink packet headroom - Toke Høiland-Jørgensen <toke@toke.dk>    7

  8. Example XDP program SEC("xdp1") /* marks main eBPF program entry point */ int xdp_prog1(struct xdp_md *ctx) { void *data_end = (void *)(long)ctx->data_end; void *data = (void *)(long)ctx->data; /* map used to count packets; key is IP protocol, struct ethhdr *eth = data; int rc = XDP_DROP; value is pkt count */ long *value; u16 h_proto; u64 nh_off; u32 ipproto; struct bpf_map_def SEC("maps") rxcnt = { .type = BPF_MAP_TYPE_PERCPU_ARRAY, nh_off = sizeof(*eth); .key_size = sizeof(u32), if (data + nh_off > data_end) .value_size = sizeof(long), return rc; .max_entries = 256, }; h_proto = eth->h_proto; /* swaps MAC addresses using direct packet data access */ /* check VLAN tag; could be repeated to support double-tagged VLAN */ static void swap_src_dst_mac(void *data) if (h_proto == htons(ETH_P_8021Q) || h_proto == htons(ETH_P_8021AD)) { { struct vlan_hdr *vhdr; unsigned short *p = data; unsigned short dst[3]; vhdr = data + nh_off; dst[0] = p[0]; nh_off += sizeof(struct vlan_hdr); dst[1] = p[1]; if (data + nh_off > data_end) dst[2] = p[2]; return rc; p[0] = p[3]; h_proto = vhdr->h_vlan_encapsulated_proto; p[1] = p[4]; } p[2] = p[5]; p[3] = dst[0]; if (h_proto == htons(ETH_P_IP)) p[4] = dst[1]; ipproto = parse_ipv4(data, nh_off, data_end); p[5] = dst[2]; else if (h_proto == htons(ETH_P_IPV6)) } ipproto = parse_ipv6(data, nh_off, data_end); else static int parse_ipv4(void *data, u64 nh_off, void *data_end) ipproto = 0; { struct iphdr *iph = data + nh_off; /* lookup map element for ip protocol, used for packet counter */ if (iph + 1 > data_end) value = bpf_map_lookup_elem(&rxcnt, &ipproto); return 0; if (value) return iph->protocol; *value += 1; } /* swap MAC addrs for UDP packets, transmit out this interface */ if (ipproto == IPPROTO_UDP) { swap_src_dst_mac(data); rc = XDP_TX; } return rc; } - Toke Høiland-Jørgensen <toke@toke.dk>    8

  9. Performance benchmarks Benchmark against DPDK Establishes baseline performance Simple tests Packet drop performance CPU usage Packet forwarding performance All tests are with 64 byte packets - measuring Packets Per Second (PPS). - Toke Høiland-Jørgensen <toke@toke.dk>    9

  10. Packet drop performance DPDK 120 XDP 100 Linux (raw) Linux (conntrack) 80 Mpps 60 40 20 0 1 2 3 4 5 6 Number of cores - Toke Høiland-Jørgensen <toke@toke.dk>    10

  11. CPU usage in drop test 100 80 CPU usage (%) 60 40 DPDK 20 XDP Linux 0 0 5 10 15 20 25 Offered load (Mpps) - Toke Høiland-Jørgensen <toke@toke.dk>    11

  12. Packet forwarding throughput 80 70 60 50 Mpps 40 30 DPDK (different NIC) 20 XDP (same NIC) 10 XDP (different NIC) 0 1 2 3 4 5 6 Number of cores - Toke Høiland-Jørgensen <toke@toke.dk>    12

  13. Packet forwarding latency Average Maximum < 10 μs 100 pps 1 Mpps 100 pps 1 Mpps 100 pps 1 Mpps XDP 82 μs 7 μs 272 μs 202 μs 0% 98.1% DPDK 2 μs 3 μs 161 μs 189 μs 99.5% 99.0% - Toke Høiland-Jørgensen <toke@toke.dk>    13

  14. Application proof-of-concept Shows feasibility of three applications: Software router DDoS protection system Layer-4 load balancer Not a benchmark against state-of-the-art implementations - Toke Høiland-Jørgensen <toke@toke.dk>    14

  15. Software routing performance XDP (single route) XDP (full table) Linux (single route) Linux (full table) 0 1 2 3 4 5 Mpps (single core) - Toke Høiland-Jørgensen <toke@toke.dk>    15

  16. DDoS protection 35 XDP No XDP 30 25 TCP Ktrans/s 20 15 10 5 0 0 5 10 15 20 25 Mpps DOS traffic - Toke Høiland-Jørgensen <toke@toke.dk>    16

  17. Load balancer performance CPU Cores 1 2 3 4 5 6 XDP (Katran) 5.2 10.1 14.6 19.5 23.4 29.3 Linux (IPVS) 1.2 2.4 3.7 4.8 6.0 7.3 Based on the Katran load balancer (open sourced by Facebook). - Toke Høiland-Jørgensen <toke@toke.dk>    17

  18. Summary XDP: Integrates programmable packet processing into the kernel Combines speed with flexibility Is supported by the Linux kernel community Is already used in high-profile production use cases See https://github.com/tohojo/xdp-paper for details - Toke Høiland-Jørgensen <toke@toke.dk>    18

  19. Acknowledgements XDP has been developed over a number of years by the Linux networking community. Thanks to everyone involved; in particular, to: Alexei Starovoitov for his work on the eBPF VM and verifier Björn Töpel and Magnus Karlsson for their work on AF_XDP Also thanks to our anonymous reviewers, and to our shepherd Srinivas Narayana for their helpful comments on the paper - Toke Høiland-Jørgensen <toke@toke.dk>    19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OSPF Traffic Engineering (TE) Express Path draft-giacalone-ospf-te-express-path-00.txt

OSPF Traffic Engineering (TE) Express Path draft-giacalone-ospf-te-express-path-00.txt

OSPF Traffic Engineering (TE) Express Path draft-giacalone-ospf-te-express-path-00.txt Spencer Giacalone, Alia Atlas, John Drake, Dave Ward Agenda Introduction to OSPF TE Express Path Background Problem Protocol overview

382 views • 14 slides
XDP (eXpress Data Path) as a building block for other FOSS projects Jesper Dangaard Brouer (Red

XDP (eXpress Data Path) as a building block for other FOSS projects Jesper Dangaard Brouer (Red

XDP (eXpress Data Path) as a building block for other FOSS projects Jesper Dangaard Brouer (Red Hat) Magnus Karlsson (Intel) FOSDEM 2019 Brussels, Feb 2019 1 Framing XDP XDP: new in-kernel programmable (eBPF) layer before netstack Similar

689 views • 34 slides
The Microarchitecture of the LC-3 LC-3 Data Path Revisited Now Registers and Memory 5-2

The Microarchitecture of the LC-3 LC-3 Data Path Revisited Now Registers and Memory 5-2

The Microarchitecture of the LC-3 LC-3 Data Path Revisited Now Registers and Memory 5-2 From Logic to Data Path The data path of a computer is all the logic used to process information. See the data path of the LC-3 on next slide.

148 views • 10 slides
Martha Brumfield, President and CEO C-Path Mission C-Path The Critical Path Institute is a

Martha Brumfield, President and CEO C-Path Mission C-Path The Critical Path Institute is a

The C-Path Vision: Sharing Data and Expertise to Accelerate the Development of Safe and Effective Therapies for Neonates Martha Brumfield, President and CEO C-Path Mission C-Path The Critical Path Institute is a catalyst in the development of

410 views • 20 slides
NPD Express Todays Agenda 9:10 - 9:50: Introduction &amp; overview of NPD Express

NPD Express Todays Agenda 9:10 - 9:50: Introduction &amp; overview of NPD Express

THE SCIENCE OF PRODUCT DEVELOPMENT MADE EASY NPD Express Todays Agenda 9:10 - 9:50: Introduction &amp; overview of NPD Express Introduction &amp; context - Pete Cooke, Head of Digital Overview of NPD Express - Debbie Senior,

666 views • 35 slides
IV. The 395 Express Lanes About out the 395 5 Express ess Lanes es Delivered via

IV. The 395 Express Lanes About out the 395 5 Express ess Lanes es Delivered via

IV. The 395 Express Lanes About out the 395 5 Express ess Lanes es Delivered via public-private partnership with the Virginia Department of Transportation and Delivery communications Transurban (public affairs -- McKenzie)

310 views • 10 slides
SCION: Data Plane Overview Adrian Perrig Network Security Group, ETH Zrich SCION Data Plane

SCION: Data Plane Overview Adrian Perrig Network Security Group, ETH Zrich SCION Data Plane

SCION: Data Plane Overview Adrian Perrig Network Security Group, ETH Zrich SCION Data Plane Overview Data plane: How to send packets [Chapter 2.2, Chapter 8] Path lookup Path combination Path encoding in packet 2 Path

387 views • 18 slides
Path Switching in Content Centric and Named Data Networks Ilya Moiseenko Dave Oran Network

Path Switching in Content Centric and Named Data Networks Ilya Moiseenko Dave Oran Network

Path Switching in Content Centric and Named Data Networks Ilya Moiseenko Dave Oran Network Systems Cisco Systems Research and Design Outline I. Introduction II. Design Path Discovery &amp; Steering in regular ICN data plane Path

567 views • 27 slides
WEBINAR Harnessing the Power of Data for Smallholders Data and the Path to Food Security

WEBINAR Harnessing the Power of Data for Smallholders Data and the Path to Food Security

WEBINAR Harnessing the Power of Data for Smallholders Data and the Path to Food Security Date: Thursday 27 August 2020 Time: 14:00 -16:00 CAT / 12:00 14:00 GMT WEBINAR Harnessing the Power of Data for Smallholders Data and the Path

543 views • 21 slides
Project Overview Construction of: Tolled Express Lanes Westbound 2: Express Lanes from

Project Overview Construction of: Tolled Express Lanes Westbound 2: Express Lanes from

Project Overview Construction of: Tolled Express Lanes Westbound 2: Express Lanes from I-25 to Colorado Blvd; 1 Express Lane to Wadsworth Blvd. Eastbound 1: Express Lane from Platte Canyon to I-25 Safety and operational

640 views • 7 slides
Using Off-Path and On-Path Signaling for Internet Security Saikat Guha, Paul Francis Cornell

Using Off-Path and On-Path Signaling for Internet Security Saikat Guha, Paul Francis Cornell

Using Off-Path and On-Path Signaling for Internet Security Saikat Guha, Paul Francis Cornell University IETF 66 Off-path BoF Guha and Francis Using Off-path and On-Path Signaling for Internet Security Architecture Default-Off Data-Path

651 views • 15 slides
Social Determinants and EHR Data: Analytic Decision Support Harold P. Lehmann MD PhD The PaTH

Social Determinants and EHR Data: Analytic Decision Support Harold P. Lehmann MD PhD The PaTH

Social Determinants and EHR Data: Analytic Decision Support Harold P. Lehmann MD PhD The PaTH Clinical Data Research Network PCORnet Common Data Model Database Patrick Ryan, Observational Health Data Sciences and Informatics (OHDSI)

557 views • 18 slides
Using NVM Express SSDs and CAPI to Accelerate Data Center Applications in OpenPOWER Systems

Using NVM Express SSDs and CAPI to Accelerate Data Center Applications in OpenPOWER Systems

Using NVM Express SSDs and CAPI to Accelerate Data Center Applications in OpenPOWER Systems Stephen Bates PhD, Technical Director PMC #OpenPOWERSummit Join the conversation at #OpenPOWERSummit 1 Teaser Process your data at 3GB/s with minimal

372 views • 12 slides
Lecture 2 Review Path Intergrals over Complex Plane Let : ( *

Lecture 2 Review Path Intergrals over Complex Plane Let : ( *

Lecture 2 Review Path Intergrals over Complex Plane Let : ( * = ? ( ) Lecture 2 Review Question #1: Express XOR using only NAND and NOT gates A A B B Y Y A A B B rgans&amp;theorem!&amp;

775 views • 16 slides
ECE 242 Data Structures Lecture 31 Shortest Path Algorithms November 30, 2009 ECE242 L31:

ECE 242 Data Structures Lecture 31 Shortest Path Algorithms November 30, 2009 ECE242 L31:

ECE 242 Data Structures Lecture 31 Shortest Path Algorithms November 30, 2009 ECE242 L31: Shortest Path Algorithms Single Source Shortest Path Problem Single source shortest path problem Find the shortest path to all other nodes from a

216 views • 11 slides
lecture 14 MIPS data path and control 2 - merging data paths (for add, lw, sw, bne) -

lecture 14 MIPS data path and control 2 - merging data paths (for add, lw, sw, bne) -

lecture 14 MIPS data path and control 2 - merging data paths (for add, lw, sw, bne) - controls - more data paths February 24, 2016 Let's look at the controls on the previous slide. For more details on the combinational circuit used

620 views • 34 slides
Routing without Flow Control Costas Busch Rensselaer Polytechnic Institute Maurice Herlihy

Routing without Flow Control Costas Busch Rensselaer Polytechnic Institute Maurice Herlihy

Routing without Flow Control Costas Busch Rensselaer Polytechnic Institute Maurice Herlihy Brown University Roger Wattenhofer Microsoft Research 1 The network: n mesh n n n Discrete time Bi-directional links At most one

765 views • 49 slides
In Inno nova vativ tive e Fi Fina nance nce for or SM SMEs Es in C n Chi hina na

In Inno nova vativ tive e Fi Fina nance nce for or SM SMEs Es in C n Chi hina na

In Inno nova vativ tive e Fi Fina nance nce for or SM SMEs Es in C n Chi hina na Xiaochen Zhang Founding Partner, New Development Ventures; Board of Director, American Crowdfunding Professional Association September 21-22, 2016;

239 views • 7 slides
peer Electricity Trading Markets: Security and Privacy Analysis Mehdi Montakhabi 1 , Akash

peer Electricity Trading Markets: Security and Privacy Analysis Mehdi Montakhabi 1 , Akash

Sharing Economy in Future Peer-to- peer Electricity Trading Markets: Security and Privacy Analysis Mehdi Montakhabi 1 , Akash Madhusudan 2 , Shenja van der Graaf 1 , Aysajan Abidin 2 and Mustafa A. Mustafa 2,3 1 imec-SMIT, Vrije Universiteit

365 views • 24 slides
Performance Evaluation of P2P and Cloud Computing Applications - A Module for SimGRID Bogdan

Performance Evaluation of P2P and Cloud Computing Applications - A Module for SimGRID Bogdan

Performance Evaluation of P2P and Cloud Computing Applications - A Module for SimGRID Bogdan Cornea, Julien Bourgeois, Vaidy Sunderam 14 June 2012, Valpr, Ecully Origins Performance prediction dPerf dPerf and P2P apps.

288 views • 25 slides
Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge,

Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge,

Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico What prompted the team to add another dataplane to Calico? Calicos Pluggable Dataplane What is eBPF?

312 views • 20 slides
Suricata and XDP , Performance with a S like Security . Leblond OISF Nov. 29, 2018 .

Suricata and XDP , Performance with a S like Security . Leblond OISF Nov. 29, 2018 .

Suricata and XDP , Performance with a S like Security . Leblond OISF Nov. 29, 2018 . Leblond (OISF) Suricata and XDP Nov. 29, 2018 1 / 43 Introduction 1 Suricata 101 Suricata on live traffic Problem 2 Reconstruction work Packet

786 views • 59 slides
Selective Packet Capture at High Speed Rates Reservoir Labs Peter Cullen, James Ezick, Kelly Fox,

Selective Packet Capture at High Speed Rates Reservoir Labs Peter Cullen, James Ezick, Kelly Fox,

Selective Packet Capture at High Speed Rates Reservoir Labs Peter Cullen, James Ezick, Kelly Fox, Troy Hanson, Richard Lethin, Erik Mogus, Jordi Ros-Giralt, Alison Ryan, {cullen, ezick, fox, hanson, lethin, mogus, giralt, ryan}@reservoir.com

710 views • 31 slides
QoS in 5G: Enhancements for Connected Cars 5G V2X Communications Summer School Kings College

QoS in 5G: Enhancements for Connected Cars 5G V2X Communications Summer School Kings College

QoS in 5G: Enhancements for Connected Cars 5G V2X Communications Summer School Kings College London, UK Massimo Condoluci Ericsson Research 2018-06-12 Ericsson Internal | 2018-02-21 Agenda Background on QoS What is QoS? 5G QoS

342 views • 22 slides

More recommend