up
play

Up Cloud Native Networking with eBPF Next Technical Track - PowerPoint PPT Presentation

Nov 07, 2023 •408 likes •532 views

Up Cloud Native Networking with eBPF Next Technical Track Presentation Raymond Maika Engineering Team Lead Agenda Cloud Native networking CNI Plugin landscape Cilium Overview Policy Overview Policy Enforcement in Cilium

  1. Up Cloud Native Networking with eBPF Next Technical Track Presentation Raymond Maika Engineering Team Lead

  2. Agenda • Cloud Native networking • CNI Plugin landscape • Cilium Overview • Policy Overview • Policy Enforcement in Cilium • Demo

  3. Cloud Native Networking • Primarily based on standards set by Container Network Interface (CNI) • CNI spec is lightweight; only describes the following • Action and arguments to add container to a network • Action and arguments to remove container from network • A project that implements the spec is a CNI plugin

  4. CNI Plugin Landscape Routed networks VXLAN overlays Advanced features

  5. Cilium Overview • Cilium implements CNI spec using eBPF and XDP • eBPF = extended Berkeley Packet Filter • XDP = eXpress Data Path • XDP enables Cilium to connect to a physical interface as close as possible • BPF programs allow highly efficient packet processing with kernel-layer programs • Cilium loads endpoint/IP maps into BPF maps for fast access in the kernel by BPF programs Reference: http://docs.cilium.io/en/stable/bpf/

  6. eBPF Overview • eBPF is an enhancement to the original BPF implementation • Relevant features from original BPF • BPF virtual machine that leverages RISC instructions • Buffer model that is used to capture and filter packets from an interface • eBPF takes the filtering features from BPF, and adds: • x86/arm instruction sets • JIT kernel compiler for Linux • LLVM to compile BPF bytecode Sources: http://docs.cilium.io/en/stable/bpf/ https://www.kernel.org/doc/Documentation/networking/filter.txt

  7. XDP with eBPF Source: https://www.iovisor.org/technology/xdp

  8. Kubernetes (K8s) Network Policy • K8s NetworkPolicy objects support both Ingress and Egress policies • Policies can use any combination of the following to select which traffic can access an endpoint • Pod/Namespace selectors (k8s label-based) • IPBlocks (CIDR notation) • Destination ports at endpoint Reference:

  9. Cilium Policy Enforcement Reference: https://github.com/cilium/cilium

  10. Demo

  11. Additional Cilium Policy (L7 features) • HTTP policy matching based on: • Path • Method (GET, POST, PUT, PATCH, DELETE,etc) • Host • Headers • Kafka • Role • APIKey/APIVersion • ClientID • Topic Source: https://cilium.io/

  12. Additional Cilium Policy (L7 features) Source: https://cilium.io/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dataplane Networking journey in Containers Gary Loughnane gary.loughnane@intel.com

Dataplane Networking journey in Containers Gary Loughnane gary.loughnane@intel.com

Dataplane Networking journey in Containers Gary Loughnane gary.loughnane@intel.com Kuralamudhan Ramakrishnan kuralamudhan.ramakrishnan@intel.com DPDK Summit Userspace - Dublin- 2017 Discussion topics Container Deployment Models

539 views • 16 slides
What queries can the Domain mediator answer for me? Developer CLIDE Schema Schema

What queries can the Domain mediator answer for me? Developer CLIDE Schema Schema

Large-Scale Data Integration Systems Exporting and Interactively Querying Application Domain CNET Computer Developer Web Service-Accessed Sources: PCWorld Portals Application Application The CLIDE System

320 views • 9 slides
Drupal, NetFlix, & Chill: Adaptive Bitrate Video Streaming Stephen Barker, Digital Frontiers

Drupal, NetFlix, & Chill: Adaptive Bitrate Video Streaming Stephen Barker, Digital Frontiers

Drupal, NetFlix, & Chill: Adaptive Bitrate Video Streaming Stephen Barker, Digital Frontiers Media, Inc. Dave Kopecek, Aisle 8, Inc. 1 The Problem Existing Site 400 HD videos Slow video loading/buffering/playback latency (10-11 seconds

838 views • 25 slides
enteprise enteprise 2FA to your ownCloud 2FA to your ownCloud in 15 minutes in 15 minutes

enteprise enteprise 2FA to your ownCloud 2FA to your ownCloud in 15 minutes in 15 minutes

Add Add enteprise enteprise 2FA to your ownCloud 2FA to your ownCloud in 15 minutes in 15 minutes FOSDEM 2019, February 3rd Cornelius Klbel about me about me Cornelius Klbel 2FA since 2005 2014: privacyIDEA

918 views • 28 slides
Next Generation Tools for container technology Dan Walsh @rhatdan Please Stand Please read out

Next Generation Tools for container technology Dan Walsh @rhatdan Please Stand Please read out

Next Generation Tools for container technology Dan Walsh @rhatdan Please Stand Please read out loud all text in RED I Promise To say Container Registries Rather than Docker registries I Promise To say Container Images Rather than

1.36k views • 86 slides
Real-Time System Modeling slide credits: H. Kopetz, P. Puschner Overview Model Construction

Real-Time System Modeling slide credits: H. Kopetz, P. Puschner Overview Model Construction

Real-Time System Modeling slide credits: H. Kopetz, P. Puschner Overview Model Construction Real-time clusters & components Interfaces Real-time interfaces and observations Real-time images and temporal accuracy

1.24k views • 88 slides
ConnectHome Nation Webinar Leveraging Stakeholder Volunteer Programs 1 Agenda Leveraging

ConnectHome Nation Webinar Leveraging Stakeholder Volunteer Programs 1 Agenda Leveraging

ConnectHome Nation Webinar Leveraging Stakeholder Volunteer Programs 1 Agenda Leveraging Topic 1 Stakeholder Volunteers Topic 2 1. WebEx Instructions Nashville Topic 3 Public 2. Introductions Topic 4 Library 3. Nashville Public

435 views • 25 slides
New Bern Choice Neighborhoods January 15, 2015 Existing Conditions Survey Highlights

New Bern Choice Neighborhoods January 15, 2015 Existing Conditions Survey Highlights

Stakeholder Meeting New Bern Choice Neighborhoods January 15, 2015 Existing Conditions Survey Highlights Next Steps Existing Conditions Data collection sources Census and American Community Survey GIS data from county and

745 views • 38 slides
EMPHATIC A new hadron production experiment for improved neutrino flux predictions Jonathan

EMPHATIC A new hadron production experiment for improved neutrino flux predictions Jonathan

EMPHATIC A new hadron production experiment for improved neutrino flux predictions Jonathan Paley On Behalf of the EMPHATIC Collaboration Fermilab Physics Advisory Committee Meeting January 17, 2019 Jonathan M. Paley DUNE Flux

847 views • 19 slides
The 7 Ds: Shaping the Future of Work Dr. Nicola J. Millard Head of Customer Insights &

The 7 Ds: Shaping the Future of Work Dr. Nicola J. Millard Head of Customer Insights &

The 7 Ds: Shaping the Future of Work Dr. Nicola J. Millard Head of Customer Insights & Futures BT Global Services Innovation Team Online Reputation for HR Practitioners Linzi Conway Managing Partner Key to Success Consultants HR

689 views • 42 slides
Numbers 234 attendees in line with recent years c. 140 from .au, .nz and Asia We

Numbers 234 attendees in line with recent years c. 140 from .au, .nz and Asia We

Numbers 234 attendees in line with recent years c. 140 from .au, .nz and Asia We hope weve grown an existing collaborative community IDCC a mixture of what we think you should hear about, and what you think we should all

675 views • 9 slides
CNI - Preparatory Phase of the Large Hadron Collider Upgrade Date of preparation : 2 May 2007

CNI - Preparatory Phase of the Large Hadron Collider Upgrade Date of preparation : 2 May 2007

CNI - Preparatory Phase of the Large Hadron Collider Upgrade Date of preparation : 2 May 2007 Project starting date: 1 April 2008 Duration: 36 months Coordinating person : Lyn Evans (CERN) Participant

601 views • 20 slides
Industry Responses to the European Directive on Security of Network and Information Systems

Industry Responses to the European Directive on Security of Network and Information Systems

Industry Responses to the European Directive on Security of Network and Information Systems (NIS) Dr Ola Michalec, Dr Sveta Milyaeva, Dr Dirk van der Linden, Prof Awais Rashid Image credit: Terrence J Sullivan. CC Licensed.

750 views • 9 slides
Polarization analysis of antiprotons produced in pA collisions D. GRZONKA, FORSCHUNGSZENTRUM

Polarization analysis of antiprotons produced in pA collisions D. GRZONKA, FORSCHUNGSZENTRUM

Polarization analysis of antiprotons produced in pA collisions D. GRZONKA, FORSCHUNGSZENTRUM JLICH CERN/PS P349 D. Alfs , D. Grzonka, F. Hauenstein*, K. Kilian, IKP, Forschungszentrum Jlich, 52425 Jlich, Germany D. Lersch, J. Ritman, T.

570 views • 20 slides
Ontology and Cyber Security May 18 th 2013 Bill Mandrick, PhD Senior Ontologist 2 2/12/2013

Ontology and Cyber Security May 18 th 2013 Bill Mandrick, PhD Senior Ontologist 2 2/12/2013

Ontology and Cyber Security May 18 th 2013 Bill Mandrick, PhD Senior Ontologist 2 2/12/2013 AGENDA Ontology of Computer Network Operations DoD and USG Efforts Cyber Fast Track Computer Network Operations (CNO) Computer

646 views • 27 slides
CCN-CERT Setting up a Governmental CERT: The CCN-CERT Case Study Sevilla, June 2007

CCN-CERT Setting up a Governmental CERT: The CCN-CERT Case Study Sevilla, June 2007

CCN-CERT Setting up a Governmental CERT: The CCN-CERT Case Study Sevilla, June 2007 Presentation FORUM: 19th Annual FIRST Conference SESSION: CCN Initiative of a Governmental CERT OBJECTIVE: Set the scope and goals of CCN

648 views • 28 slides
Networking on the ground, in the cloud, and in containers What is in the box? Router A computer

Networking on the ground, in the cloud, and in containers What is in the box? Router A computer

Networking on the ground, in the cloud, and in containers What is in the box? Router A computer optimized for routing and forwarding Operating system to manage resources Routing protocol implementations (e.g., BGP, OSPF) Lots of

200 views • 18 slides
Equilibrium in Continuous-Time Financial Markets: Endogenously Complete Markets (with Roberto

Equilibrium in Continuous-Time Financial Markets: Endogenously Complete Markets (with Roberto

Equilibrium in Continuous-Time Financial Markets: Endogenously Complete Markets (with Roberto Raimondo, University of Melbourne) Dedicated to the Memory of Gerard Debreu and Shizuo Kakutani 1 General Equilibrium Theory : Theory of

236 views • 13 slides
The CNI Open Source Satellite Simulator based on OMNeT++ Brian Niehfer, Sebastian Subik and

The CNI Open Source Satellite Simulator based on OMNeT++ Brian Niehfer, Sebastian Subik and

University of Technology Dortmund 6th International OMNeT++ Workshop The CNI Open Source Satellite Simulator based on OMNeT++ Brian Niehfer, Sebastian Subik and Christian Wietfeld 05.03.2013 Faculty of Electrical Engineering and IT

510 views • 19 slides
Dependability Analysis Using SAM Tianjun Shi, Xudong He School of Computer Science Florida

Dependability Analysis Using SAM Tianjun Shi, Xudong He School of Computer Science Florida

Dependability Analysis Using SAM Tianjun Shi, Xudong He School of Computer Science Florida International University {tshi01, hex}@cs.fiu.edu Goal & Method Goal Enable the Software Architecture Model (SAM) to model and analyze both

297 views • 13 slides
Climate Research Activities on Garuda-NKN Platform S. K. Dash S. K. Dash

Climate Research Activities on Garuda-NKN Platform S. K. Dash S. K. Dash

Climate Research Activities on Garuda-NKN Platform S. K. Dash S. K. Dash

1.11k views • 32 slides
New Hardness Results for Rou1ng on Disjoint Paths Rachit Nimavat David Kim Julia Chuzhoy TTIC

New Hardness Results for Rou1ng on Disjoint Paths Rachit Nimavat David Kim Julia Chuzhoy TTIC

New Hardness Results for Rou1ng on Disjoint Paths Rachit Nimavat David Kim Julia Chuzhoy TTIC U. of Chicago TTIC Node-Disjoint Paths (NDP) Input: Graph G, demand pairs (s 1 ,t 1 ),,(s k ,t k ). Goal: Route as many pairs as possible via

1.9k views • 138 slides
Demand Induced Fluctuations Zhen Huo Jos-Vctor Ros-Rull Yale Penn, UCL, CAERP 25th

Demand Induced Fluctuations Zhen Huo Jos-Vctor Ros-Rull Yale Penn, UCL, CAERP 25th

Demand Induced Fluctuations Zhen Huo Jos-Vctor Ros-Rull Yale Penn, UCL, CAERP 25th Years: PIER & Frontiers of Business Cycle Research Conference May 5, 2019 Crisis in Southern Europe 0.1 0.15 0.1 0.05 0.05 0 0 0.05

577 views • 47 slides
Taking Boys Seriously Addressing Underachievement Conference Wednesday 17 October 2018

Taking Boys Seriously Addressing Underachievement Conference Wednesday 17 October 2018

Taking Boys Seriously Addressing Underachievement Conference Wednesday 17 October 2018 Jordanstown Campus Ulster University WiFi V number Password 17-OCT-2018 #TBS2UU Welcome to Ulster University Professor Raffaella Folli Provost of the

524 views • 24 slides

More recommend