randybias
commented
5 months ago Is there any relationship to the work in https://github.com/OpenSDN-io/community/issues/1 ? XDP and eBPF are different, but related. I just want to make sure that work isn't overlapping.
In general I would like to see some kind of proof of concept. The vrouter kernel module and eBPF would be co-resident in the kernel and I'm unclear how they interact in general. Having vrouter being able to leverage eBPF programs would be extremely powerful. We need to make sure that there is some kind of general purpose reusable mechanism for this rather than a one-off solution.
frct1
I had a little conversation with @mkraposhin about eBPF. This could be a nice feature to implement something in a simple way instead of hard-coded into cpp vrouter's code. Seems like Kubernetes dudes are using it for a long time in a lot different ways. Most simple case that could be solved is QoS (bandwidth limit). Following original Juniper docs that operator have to configure nova flavor is leading to use linux HTB by default that will cause whole network degradation at some moment (i've observed that it could happen when interfaces with QoS counts more than 200) due to monstrous spin_lock locks (more details you can find here. eBPF could help to limit flows bandwidth for example but actual use case is a lot bigger. It is possible to hook into vrouter packet processing pipeline to do something on a kernel-level and it is documented behavior.
eBPF programs are event-driven and are run when the kernel or an application passes a certain hook point. Pre-defined hooks include system calls, function entry/exit, kernel tracepoints, network events, and several others.If a predefined hook does not exist for a particular need, it is possible to create a kernel probe (kprobe) or user probe (uprobe) to attach eBPF programs almost anywhere in kernel or user applications.Seems like there is no big overhead using eBPF because it is being executed on a kernel-level.
refs: