Abstract
The extended Berkeley Packet Filter (eBPF) is an infrastructure that allows to dynamically load and run micro-programs directly in the Linux kernel without recompiling it.
In this work, we study how to develop high-performance network measurements in eBPF. We take sketches as case-study, given their ability to support a wide-range of tasks while providing low-memory footprint and accuracy guarantees. We implemented NitroSketch, the state-of-the-art sketch for user-space networking and show that best practices in user-space networking cannot be directly applied to eBPF, because of its different performance characteristics. By applying our lesson learned we improve its performance by 40% compared to a naive implementation.
- 2021. Intel Data Direct I/O Technology. https://www.intel.co.uk/content/www/uk/en/io/data-direct-i-o-technology.html. (Feb 2021). [Online; accessed 07-March-2023].Google Scholar
- Paarijaat Aditya, Istemi Ekin Akkus, Andre Beck, Ruichuan Chen, Volker Hilt, Ivica Rimac, Klaus Satzke, and Manuel Stein. 2019. Will serverless computing revolutionize NFV? Proc. IEEE 107, 4 (2019), 667--678.Google ScholarCross Ref
- Alexandru Agache, Marc Brooker, Alexandra Iordache, Anthony Liguori, Rolf Neugebauer, Phil Piwonka, and Diana-Maria Popa. 2020. Firecracker: Lightweight virtualization for serverless applications. In 17th USENIX symposium on networked systems design and implementation (NSDI 20). 419--434.Google Scholar
- Anup Agarwal, Zaoxing Liu, and Srinivasan Seshan. 2022. HeteroSketch: Coordinating Network-wide Monitoring in Heterogeneous and Dynamic Networks. In 19th USENIX Symposium on Networked Systems Design and Implementation (NSDI 22). USENIX Association, Renton, WA, 719--741. https://www.usenix.org/conference/nsdi22/presentation/agarwalGoogle Scholar
- Eran Assaf, Ran Ben Basat, Gil Einziger, and Roy Friedman. 2018. Pay for a sliding bloom filter and get counting, distinct elements, and entropy for free. In IEEE INFOCOM 2018-IEEE Conference on Computer Communications. IEEE, 2204--2212.Google ScholarDigital Library
- Siamak Azodolmolky, Philipp Wieder, and Ramin Yahyapour. 2013. SDN-based cloud computing networking. In 2013 15th International Conference on Transparent Optical Networks (ICTON). IEEE, 1--4.Google ScholarCross Ref
- Ziv Bar-Yossef, TS Jayram, Ravi Kumar, D Sivakumar, and Luca Trevisan. 2002. Counting distinct elements in a data stream. In International Workshop on Randomization and Approximation Techniques in Computer Science. Springer, 1--10.Google ScholarDigital Library
- David Barach, Leonardo Linguaglossa, Damjan Marion, Pierre Pfister, Salvatore Pontarelli, and Dario Rossi. 2018. High-speed software data plane via vectorized packet processing. IEEE Communications Magazine 56, 12 (2018), 97--103.Google ScholarDigital Library
- Ran Ben Basat, Gil Einziger, Roy Friedman, Marcelo C. Luizelli, and Erez Waisbard. 2017. Constant Time Updates in Hierarchical Heavy Hitters. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication (SIGCOMM '17). Association for Computing Machinery, New York, NY, USA, 127--140. Google ScholarDigital Library
- Theophilus Benson, Aditya Akella, and David A. Maltz. 2010. Network Traffic Characteristics of Data Centers in the Wild. In Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (IMC '10). Association for Computing Machinery, New York, NY, USA, 267--280. Google ScholarDigital Library
- Gilberto Bertin. 2017. XDP in practice: integrating XDP into our DDoS mitigation pipeline. In Technical Conference on Linux Networking, Netdev, Vol. 2.Google Scholar
- Qizhe Cai, Shubham Chaudhary, Midhul Vuppalapati, Jaehyun Hwang, and Rachit Agarwal. 2021. Understanding Host Network Stack Overheads. In Proceedings of the 2021 ACM SIGCOMM 2021 Conference (SIGCOMM '21). Association for Computing Machinery, New York, NY, USA, 65--77. Google ScholarDigital Library
- Moses Charikar, Kevin Chen, and Martin Farach-Colton. 2002. Finding Frequent Items in Data Streams. In Proceedings of the 29th International Colloquium on Automata, Languages and Programming (ICALP '02). Springer-Verlag, Berlin, Heidelberg, 693--703.Google ScholarDigital Library
- Moses Charikar, Kevin Chen, and Martin Farach-Colton. 2004. Finding frequent items in data streams. Theoretical Computer Science 312, 1 (2004), 3--15.Google ScholarDigital Library
- Kenjiro Cho. 2017. Recursive Lattice Search: Hierarchical Heavy Hitters Revisited. In Proceedings of the 2017 Internet Measurement Conference (IMC '17). Association for Computing Machinery, New York, NY, USA, 283--289. Google ScholarDigital Library
- Cilium. [n. d.]. eBPF-based Networking, Observability, and Security. https://cilium.io/. ([n. d.]).Google Scholar
- Graham Cormode and Shan Muthukrishnan. 2005. An improved data stream summary: the count-min sketch and its applications. Journal of Algorithms 55, 1 (2005), 58--75.Google ScholarDigital Library
- Cosmin Costache, Octavian Machidon, Adrian Mladin, Florin Sandu, and Razvan Bocu. 2014. Software-defined networking of linux containers. In 2014 RoEduNet Conference 13th Edition: Networking in Education and Research Joint Event RENAM 8th Conference. IEEE, 1--4.Google ScholarCross Ref
- DPDK. 2018. Pktgen Traffic Generator Using DPDK. (aug 2018). http://dpdk.org/git/apps/pktgen-dpdkGoogle Scholar
- DPDK. 2019. DPDK burst replay tool. (aug 2019). https://github.com/FraudBuster/dpdk-burst-replayGoogle Scholar
- RickDurrett. 2010. Probability: Theory and Examples (4 ed.). Cambridge University Press. Google ScholarCross Ref
- Daniel Firestone. 2017. {VFP }: A Virtual Switch Platform for Host {SDN} in the Public Cloud. In 14th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 17). 315--328.Google Scholar
- Daniel Firestone, Andrew Putnam, Sambhrama Mundkur, Derek Chiou, Alireza Dabagh, Mike Andrewartha, Hari Angepat, Vivek Bhanu, Adrian Caulfield, Eric Chung, et al. 2018. Azure accelerated networking: Smartnics in the public cloud. In 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 18). 51--66.Google ScholarDigital Library
- Brendan Gregg. 2017. Performance Superpowers with Enhanced BPF. USENIX Association, Santa Clara, CA.Google Scholar
- Sangjin Han. 2019. System Design for Software Packet Processing. Ph.D. Dissertation. University of California, Berkeley, Berkeley, CA.Google Scholar
- Oliver Hohlfeld, Johannes Krude, Jens Helge Reelfs, Jan Rüth, and Klaus Wehrle. 2019. Demystifying the Performance of XDP BPF. In 2019 IEEE Conference on Network Softwarization (NetSoft). IEEE, 208--212.Google Scholar
- Toke Høiland-Jørgensen, Jesper Dangaard Brouer, Daniel Borkmann, John Fastabend, Tom Herbert, David Ahern, and David Miller. 2018. The EXpress Data Path: Fast Programmable Packet Processing in the Operating System Kernel. In Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies. Association for Computing Machinery.Google ScholarDigital Library
- Qun Huang, Patrick PC Lee, and Yungang Bao. 2018. Sketchlearn: relieving user burdens in approximate measurement with automated statistical inference. In Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication. 576--590.Google ScholarDigital Library
- Nikita Ivkin, Ran Ben Basat, Zaoxing Liu, Gil Einziger, Roy Friedman, and Vladimir Braverman. 2020. I know what you did last summer: Network monitoring using interval queries. In Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems. 61--62.Google ScholarDigital Library
- Rishabh Iyer, Katerina Argyraki, and George Candea. 2022. Performance Interfaces for Network Functions. In 19th USENIX Symposium on Networked Systems Design and Implementation (NSDI 22). USENIX Association, Renton, WA, 567--584. https://www.usenix.org/conference/nsdi22/presentation/iyerGoogle Scholar
- Zachary H Jones. 2021. Performance Analysis of {XDP} Programs. Large Installation System Administration Conference (LISA'21) (2021).Google Scholar
- Snellman Juho. 2019. parallel-xxhash. https://github.com/jsnell/parallel-xxhash. (2019).Google Scholar
- Daniel Kelly, Frank Glavin, and Enda Barrett. 2020. Serverless Computing: Behind the Scenes of Major Platforms. In 2020 IEEE 13th International Conference on Cloud Computing (CLOUD). IEEE, 304--312.Google Scholar
- Maurice George Kendall, Alan Stuart, and Keith Ord. 2010. Kendall's Advanced Theory of Statistics (6 ed.). Vol. 3. Oxford University Press.Google Scholar
- Praveen Kumar, Nandita Dukkipati, Nathan Lewis, Yi Cui, Yaogong Wang, Chonggang Li, Valas Valancius, Jake Adriaens, Steve Gribble, Nate Foster, and Amin Vahdat. 2019. PicNIC: Predictable Virtualized NIC. In Proceedings of the ACM Special Interest Group on Data Communication. Association for Computing Machinery.Google ScholarDigital Library
- Joshua Levin and Theophilus A Benson. 2020. ViperProbe: Rethinking Microservice Observability with eBPF. In 2020 IEEE 9th International Conference on Cloud Networking (CloudNet). IEEE, 1--8.Google ScholarCross Ref
- Zaoxing Liu, Ran Ben-Basat, Gil Einziger, Yaron Kassner, Vladimir Braverman, Roy Friedman, and Vyas Sekar. 2019. Nitrosketch: Robust and general sketch-based monitoring in software switches. In Proceedings of the ACM Special Interest Group on Data Communication. 334--350.Google ScholarDigital Library
- Zaoxing Liu, Antonis Manousis, Gregory Vorsanger, Vyas Sekar, and Vladimir Braverman. 2016. One sketch to rule them all: Rethinking network flow monitoring with univmon. In Proceedings of the 2016 ACM SIGCOMM Conference. 101--114.Google ScholarDigital Library
- Sebastiano Miano, Xiaoqi Chen, Ran Ben Basat, and Gianni Antichi. 2023. Fast In-kernel Traffic Sketching in eBPF - Artifact for CCR'23. (March 2023). Google ScholarCross Ref
- Sebastiano Miano, Fulvio Risso, Mauricio Vásquez Bernal, Matteo Bertrone, and Yunsong Lu. 2021. A framework for eBPF-based network functions in an era of microservices. IEEE Transactions on Network and Service Management 18, 1 (2021), 133--151.Google ScholarDigital Library
- Sebastiano Miano, Alireza Sanaee, Fulvio Risso, Gábor Rétvári, and Gianni Antichi. 2022. Domain Specific Run Time Optimization for Software Data Planes. In Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2022). Association for Computing Machinery, New York, NY, USA, 1148--1164. Google ScholarDigital Library
- Chris Misa, Walt O'Connor, Ramakrishnan Durairajan, Reza Rejaie, and Walter Willinger. 2022. Dynamic Scheduling of Approximate Telemetry Queries. In 19th USENIX Symposium on Networked Systems Design and Implementation (NSDI 22). USENIX Association, Renton, WA, 701--717. https://www.usenix.org/conference/nsdi22/presentation/misaGoogle Scholar
- Quentin Monnet. 2018. Ever Deeper with BPF - An Update on Hardware Offload Support. https://www.netronome.com/blog/ever-deeper-bpf-update-hardware-offload-support/. (November 2018).Google Scholar
- Hun Namkung, Zaoxing Liu, Daehyeok Kim, Vyas Sekar, and Peter Steenkiste. 2022. SketchLib: Enabling Efficient Sketch-based Monitoring on Programmable Switches. In 19th USENIX Symposium on Networked Systems Design and Implementation (NSDI 22). USENIX Association, Renton, WA, 743--759. https://www.usenix.org/conference/nsdi22/presentation/namkungGoogle Scholar
- Jonas Otten and Lorenz Bauer. 2020. Multidimensional fair-share rate limiting in BPF. https://www.linuxplumbersconf.org/event/7/contributions/677/. Linux Plumbers Conference 2020 (September 2020).Google Scholar
- Ben Pfaff, Justin Pettit, Teemu Koponen, Ethan Jackson, Andy Zhou, Jarno Rajahalme, Jesse Gross, Alex Wang, Joe Stringer, Pravin Shelar, et al. 2015. The design and implementation of open vswitch. In 12th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 15). 117--130.Google Scholar
- Urban Reini. 2020. SMhasher: Hash function quality and speed test. https://github.com/rurban/smhasher. (2020).Google Scholar
- Gerald Rogers. 2014. Accelerating Network Intensive Workloads Using the DPDK netdev. http://openvswitch.org/support/ovscon2014/. (November 2014).Google Scholar
- Hugo Sadok, Zhipeng Zhao, Valerie Choung, Nirav Atre, Daniel S. Berger, James C. Hoe, Aurojit Panda, and Justine Sherry. 2021. We Need Kernel Interposition over the Network Dataplane. In Proceedings of the Workshop on Hot Topics in Operating Systems. Association for Computing Machinery.Google ScholarDigital Library
- Nikita Shirokov and Ranjeeth Dasineni. 2018. Open-sourcing Katran, a scalable network load balancer. https://engineering.fb.com/2018/05/22/open-source/open-sourcing-katran-a-scalable-network-load-balancer/. (May 2018).Google Scholar
- Vibhaalakshmi Sivaraman, Srinivas Narayana, Ori Rottenstreich, S. Muthukrishnan, and Jennifer Rexford. 2017. Heavy-Hitter Detection Entirely in the Data Plane (SOSR '17). Association for Computing Machinery, New York, NY, USA, 164--176. Google ScholarDigital Library
- Alok Tiagi, Hariharan Ananthakrishnan, Ivan Porto Carrero, and Keerti Lakshminarayan. 2021. How Netflix uses eBPF flow logs at scale for network insight. https://netflixtechblog.com/how-netflix-uses-ebpf-flow-logs-at-scale-for-network-insight-e3ea997dca96. (June 2021).Google Scholar
- Linus Torvalds. 2003. Kernel floating-point. (March 2003). Retrieved June 6, 2022 from https://yarchive.net/comp/linux/kernel_fp.htmlGoogle Scholar
- William Tu, Joe Stringer, Yifeng Sun, and Yi-Hung Wei. 2018. Bringing the Power of eBPF to Open vSwitch. In Linux Plumber Conference.Google Scholar
- Juan Camilo Vega, Marco Antonio Merlini, and Paul Chow. 2020. FF-Shark: a 100G FPGA implementation of BPF filtering for Wireshark. In 2020 IEEE 28th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM). IEEE, 47--55.Google Scholar
- VMware. 2020. VMware's per-CPU Pricing Model. https://www.vmware.com/company/news/updates/cpu-pricing-model-update-feb-2020.html. (March 2020).Google Scholar
- Siyao Zhao, Haoyu Gu, and Ali José Mashtizadeh. 2021. SKQ: Event Scheduling for Optimizing Tail Latency in a Traditional OS Kernel. In Annual Technical Conference (ATC). USENIX Association.Google Scholar
Index Terms
- Fast In-kernel Traffic Sketching in eBPF
Recommendations
Accelerating Linux Security with eBPF iptables
SIGCOMM '18: Proceedings of the ACM SIGCOMM 2018 Conference on Posters and DemosOn Integrating eBPF into Pluginized Protocols
eBPF is a popular technology originating from the Linux kernel that enables safely running user-provided programs in a kernel-context. This technology opened the door for efficient programming in the operating system, especially in its network stack. ...
Verifying the Verifier: eBPF Range Analysis Verification
Computer Aided VerificationAbstractThis paper proposes an automated method to check the correctness of range analysis used in the Linux kernel ’s eBPF verifier. We provide the specification of soundness for range analysis performed by the eBPF verifier. We automatically generate ...
Comments