SlideShare une entreprise Scribd logo

ebpf and IO Visor: The What, how, and what next!

Affan Syed
Affan Syed

An overview of eBPF and IO Visor technology.

Technologie
1  sur  38
Télécharger pour lire hors ligne
eBPF and IO Visor: The what, how, and what next! Affan A. Syed Director Engineering, PLUMgrid Inc.
Talk outline
◦ Berkeley Packet Filter (BPF) and bytec ◦ Extended BPF (eBPF): Motivation and features ◦ BCC and IO Visor ◦ Basic demos ◦ Research Directions Outline
Packet Filters and cBPF 6
Objective: To observe all traffic but capture only a subset Problem: Packet traversal through normal stack is slow Solution: Setup filters in kernel where packet dropped if not match Packet Filters ….but these filters need to be secure! Interfaces User space TAP/Raw (RO) driver netif_receive_skb() TC / traffic control Bridge hook / prerouting IP / routing Kernelspace Socket (TCP/UDP)
Lets do: sudo tcpdump -p -ni eth0 "ip and udp“ Now lets do: $ sudo tcpdump -p -ni eth0 -d "ip and udp" 8 Tcpdump our friend (000) ldh [12] (001) jeq #0x800 jt 2 jf 5 (002) ldb [23] (003) jeq #0x11 jt 4 jf 5 (004) ret #65535 (005) ret #0 This code runs for every packet that arrives on eth0
Think Java --- but don’t think VM ! Virtualize a machine instruction set Write byte code for this “fictional” machine verify this code is loop free and optimized Interpret, in-kernel, for *any* real processor 9 The concept of pseudo-machine
10 BPF Overview (insertion and usage) KernelUserSpace bpf bytecode Verifier Bytecode tcpdump libpcap Bytecode (interpreted) tcpdump If match eth0 Raw socket (eth0)
Slowly evolving cBPF seccomp support for sandboxing tc filter for traffic shaping JIT compiler 11 Other uses and extension
Extending BPF … while building a programmable Data Plane
Data Plane Controller Closed Network Functions South Bound API, but no extensibility Closed North Bound API Management API DP DP DP CP CP CP Network Function CP-DP APIs Management API SDK operators IO Visor Controller Traditional SDN architecture With a programmable DP and controller on the side A new SDN architecture developers operators developers
Enable packet parsing, lookup, modification, and updates Guarantee safety of code run on a production system Native performance Goals for a programmable Data Plane = eBPF
Introduced as a separate syscall (user space access) int bpf(int cmd, union bpf_attr *attr, unsigned int size); Linux 3.18 and above Moved out of the networking subsystem 15 eBPF as a syscall interface Streamlined use, extensibility through single API
16 Enhanced architecture classic BPF extended BPF 2 registers + stack 32-bit registers 4-byte load/store to stack 1-4 byte load from packet Conditional jump forward +, -, *, … instructions 10 registers + stack 64-bit registers with 32-bit sub-registers 1-8 byte load/store to stack, maps, context Same + store to packet Conditional jump forward and backward Same + signed_shift + endian Call instruction tail_call map lookup/update/delete helpers packet rewrite, csum, clone_redirect sk_buff read/write • Can build more complicated program • Faster interpretation and JIT • Support for calls to approved helper functions
Maps = <key, value> storage Save state across invocation of programs in kernel = state machines! Example: fd bpf_table_lookup(table_id, key) Userspace can create/access/delete these maps (using bpf syscall) loosely coupled communication between user and kernel space Maps can be shared between eBPF programs HASH, ARRAY … and growing 17 Maps Stateful programmability and async interaction with user space
Invoke sanitized functions from within the eBPF program like a library – but … of course .. In-kernel e.g u64 bpf_ktime_get_ns(void), int bpf_trace_printk(const char *fmt, int fmt_size, ...), u32 prandom_u32(void) Tail call feature a combo of two components bpf_tail_call(ctx, prog_array_map,index) and PROG_ARRAY_MAP 18 Helper functions and tail calls increased capabilities, and sanitized access
19 Summary (for later reference)
eBPF new architecture more complex required a brand new verifier Provably confirms inserted program does not: create loops, delays execution interminably, illegally dereference pointers Done statically, one-time, with an exhaustive search some heuristics to improve verification time 20 Verifier and kernel safety
Restricted “C” code that compiles to bpf bytecode LLVM backend for this purpose with clang frontend Once inserted, the code is “hooked” to a kernel event no sense hooking to userspace events! On event firing the appropriate code is run in either native or interpreted mode 21 LLVM compiler, Interpreter, and JIT
traffic control (TC): queues (classification or action time) sockets: STREAM (L4/UDP), DATAGRAM (L4/TCP) or RAW others: kprobes, syscalls, tracepoints ... 22 Example Hooks: The networking stack Interfaces User space TAP/Raw (RO) driver netif_receive_skb() TC / traffic control Bridge hook / prerouting IP / routing Kernelspace Socket (TCP/UDP)
Visual Flow of code insertion and use Kernel LLVM UserSpace bpf bytecode Verifier Machine code Bytecode (interpreted) Helper Functions Maps bpf(load) eBPF prog in C (optional) ❶ ❷ ❸ Setup scripts Filedescriptor ❺ ❹ bpf(map_create) Code insertion Filedescriptor KernelUserSpace ❶ Machine code Bytecode (interpreted) Helper Functions Maps ❸ ❷Kernel hook event bpf(lookup, update, delete) ❹ Setup scripts Control logic (optional) Event Execution
eBPF, IO Visor and BCC
Writing eBPF programs was “brutal” Even with compiler, the map/code sharing Enter BPF compiler collection (BCC) Complexity of making eBPF code Src: Brenden Gregg Src: Brenden Gregg
26 BCC (https://github.com/iovisor/bcc) Make using features of eBPF easier to use Python front-end and scripts to create/access/delete maps load programs from a restricted “C” format attach to different locations with a simple API
27 BCC and a few screen-shots!
Linux Foundation Collaborative Project IO Visor Engine is an abstraction of an IO execution engine A set of development tools, IO Visor Dev and Management A set of use cases & applications like Networking, Security, Tracing & others 28 IO Visor Project In- progress Compiler for P4
29 Founding Members www.iovisor.org
30 IO Visor Modules IO Visor Manager Kernel attachment points Kernel space User space Open repo of “IOV_Modules” Kernel code Kernel code APIs to Controllers Metadata SDK developers
Lots of interesting projects there right now bpf-based file system (FUSE) Join and contribute! 31 https://github.com/iovisor/
 https://github.com/iovisor/bcc  https://github.com/iovisor/bpf-docs  http://lwn.net/Articles/603984/  http://lwn.net/Articles/603983/  https://lwn.net/Articles/625224/  https://www.kernel.org/doc/Documentation/networking/filter.txt  http://man7.org/linux/man-pages/man2/bpf.2.html  https://linuxplumbersconf.org/2015/ocw//system/presentations/3249/original/bpf_llvm_2015aug19.pdf  https://videos.cdn.redhat.com/summit2015/presentations/13737_an-overview-of-linux-networking- subsystem-extended-bpf.pdf  https://github.com/torvalds/linux/tree/master/samples/bpf  http://events.linuxfoundation.org/sites/events/files/slides/tracing-linux-ezannoni-  https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt  http://lxr.free-electrons.com/source/net/sched/cls_bpf.c Useful links
Live Demo 33 … and prayers!
Hello world attach to clone event, print hello every time Hello world and state sum the number of events Networking example more complicated but fun  Things we demo
Research Threads 35 … for the adventurous amongst you!
Increasing application response time frequent /cached responses in kernel Container Networking custom encapsulation protocols and metadata State-full QoS Networking and packet manipulations
37 Fast, flexible and state-full Firewalls System call trapping and dynamic taint analysis Faster and less resource hungry analysis Security
Disk latency heat-maps https://github.com/torvalds/linux/tree/master/samples/bpf/ 38 System Tracing One map for time- stamp, other for latency
Event-based, packet-based micro-kernel abstraction Saving energy with operation in-kernel, user-space tools for config/mgmt/debug think tinyOS-inside-Linux Software defining an API for heterogenous and opportunistic low-power coms wifi, zigbee, Z-wave 39 Embedded Systems and Internet-of-Things
Thank you! Questions? We are hiring hr.isb@plumgrid.com

Recommandé

Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCKernel TLV
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machineAlexei Starovoitov
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1
 
Staring into the eBPF Abyss
Staring into the eBPF AbyssStaring into the eBPF Abyss
Staring into the eBPF AbyssSasha Goldshtein
 
Understanding DPDK algorithmics
Understanding DPDK algorithmicsUnderstanding DPDK algorithmics
Understanding DPDK algorithmicsDenys Haryachyy
 
Security Monitoring with eBPF
Security Monitoring with eBPFSecurity Monitoring with eBPF
Security Monitoring with eBPFAlex Maestretti
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
 
eBPF Trace from Kernel to Userspace
eBPF Trace from Kernel to UserspaceeBPF Trace from Kernel to Userspace
eBPF Trace from Kernel to UserspaceSUSE Labs Taipei
 

Recommandé

Building Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCBuilding Network Functions with eBPF & BCC
Building Network Functions with eBPF & BCCKernel TLV
 
BPF - in-kernel virtual machine
BPF - in-kernel virtual machineBPF - in-kernel virtual machine
BPF - in-kernel virtual machineAlexei Starovoitov
 
Introduction to eBPF and XDP
Introduction to eBPF and XDPIntroduction to eBPF and XDP
Introduction to eBPF and XDPlcplcp1
 
Staring into the eBPF Abyss
Staring into the eBPF AbyssStaring into the eBPF Abyss
Staring into the eBPF AbyssSasha Goldshtein
 
Understanding DPDK algorithmics
Understanding DPDK algorithmicsUnderstanding DPDK algorithmics
Understanding DPDK algorithmicsDenys Haryachyy
 
Security Monitoring with eBPF
Security Monitoring with eBPFSecurity Monitoring with eBPF
Security Monitoring with eBPFAlex Maestretti
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
 
eBPF Trace from Kernel to Userspace
eBPF Trace from Kernel to UserspaceeBPF Trace from Kernel to Userspace
eBPF Trace from Kernel to UserspaceSUSE Labs Taipei
 
eBPF Basics
eBPF BasicseBPF Basics
eBPF BasicsMichael Kehoe
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and moreBrendan Gregg
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KernelThomas Graf
 
Introduction to eBPF
Introduction to eBPFIntroduction to eBPF
Introduction to eBPFRogerColl2
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingViller Hsiao
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Ray Jenkins
 
Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDKDenys Haryachyy
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101SUSE Labs Taipei
 
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021Valeriy Kravchuk
 
Fast Userspace OVS with AF_XDP, OVS CONF 2018
Fast Userspace OVS with AF_XDP, OVS CONF 2018Fast Userspace OVS with AF_XDP, OVS CONF 2018
Fast Userspace OVS with AF_XDP, OVS CONF 2018Cheng-Chun William Tu
 
Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Brendan Gregg
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containersDocker, Inc.
 
DPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingDPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingMichelle Holley
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
Replacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumReplacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumMichal Rostecki
 
Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDKKernel TLV
 
BPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabBPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabTaeung Song
 
The Next Linux Superpower: eBPF Primer
The Next Linux Superpower: eBPF PrimerThe Next Linux Superpower: eBPF Primer
The Next Linux Superpower: eBPF PrimerSasha Goldshtein
 
Linux BPF Superpowers
Linux BPF SuperpowersLinux BPF Superpowers
Linux BPF SuperpowersBrendan Gregg
 

Contenu connexe

Tendances

BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and moreBrendan Gregg
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KernelThomas Graf
 
Introduction to eBPF
Introduction to eBPFIntroduction to eBPF
Introduction to eBPFRogerColl2
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingViller Hsiao
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux NetworkingPLUMgrid
 
Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Ray Jenkins
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021Valeriy Kravchuk
 
Fast Userspace OVS with AF_XDP, OVS CONF 2018
Fast Userspace OVS with AF_XDP, OVS CONF 2018Fast Userspace OVS with AF_XDP, OVS CONF 2018
Fast Userspace OVS with AF_XDP, OVS CONF 2018Cheng-Chun William Tu
 
Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Brendan Gregg
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containersDocker, Inc.
 
DPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingDPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingMichelle Holley
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network InterfacesKernel TLV
 
Replacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumReplacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumMichal Rostecki
 
Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDKKernel TLV
 
BPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabBPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabTaeung Song
 

Tendances (20)

eBPF Basics
eBPF BasicseBPF Basics
eBPF Basics
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and more
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
 
Introduction to eBPF
Introduction to eBPFIntroduction to eBPF
Introduction to eBPF
 
Meet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracingMeet cute-between-ebpf-and-tracing
Meet cute-between-ebpf-and-tracing
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 
Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!Understanding eBPF in a Hurry!
Understanding eBPF in a Hurry!
 
Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDK
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet Processing
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101
 
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021
 
Fast Userspace OVS with AF_XDP, OVS CONF 2018
Fast Userspace OVS with AF_XDP, OVS CONF 2018Fast Userspace OVS with AF_XDP, OVS CONF 2018
Fast Userspace OVS with AF_XDP, OVS CONF 2018
 
Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPDockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
 
DPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet ProcessingDPDK: Multi Architecture High Performance Packet Processing
DPDK: Multi Architecture High Performance Packet Processing
 
Fun with Network Interfaces
Fun with Network InterfacesFun with Network Interfaces
Fun with Network Interfaces
 
Replacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with CiliumReplacing iptables with eBPF in Kubernetes with Cilium
Replacing iptables with eBPF in Kubernetes with Cilium
 
Introduction to DPDK
Introduction to DPDKIntroduction to DPDK
Introduction to DPDK
 
BPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLabBPF / XDP 8월 세미나 KossLab
BPF / XDP 8월 세미나 KossLab
 

En vedette

The Next Linux Superpower: eBPF Primer
The Next Linux Superpower: eBPF PrimerThe Next Linux Superpower: eBPF Primer
The Next Linux Superpower: eBPF PrimerSasha Goldshtein
 
Linux BPF Superpowers
Linux BPF SuperpowersLinux BPF Superpowers
Linux BPF SuperpowersBrendan Gregg
 
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]IO Visor Project
 
Linux Profiling at Netflix
Linux Profiling at NetflixLinux Profiling at Netflix
Linux Profiling at NetflixBrendan Gregg
 
Evolving Virtual Networking with IO Visor
Evolving Virtual Networking with IO VisorEvolving Virtual Networking with IO Visor
Evolving Virtual Networking with IO VisorLarry Lang
 
CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] IO Visor Project
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
 
Velocity 2015 linux perf tools
Velocity 2015 linux perf toolsVelocity 2015 linux perf tools
Velocity 2015 linux perf toolsBrendan Gregg
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Samsung Open Source Group
 
From DTrace to Linux
From DTrace to LinuxFrom DTrace to Linux
From DTrace to LinuxBrendan Gregg
 
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsIn-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsPLUMgrid
 
Optimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMUOptimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMUOpenStack Foundation
 
Netronome Corporate Brochure
Netronome Corporate BrochureNetronome Corporate Brochure
Netronome Corporate BrochureNetronome
 
Mastering kvm virtualization- A complete guide of KVM virtualization
Mastering kvm virtualization- A complete guide of KVM virtualizationMastering kvm virtualization- A complete guide of KVM virtualization
Mastering kvm virtualization- A complete guide of KVM virtualizationHumble Chirammal
 
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureDPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureJim St. Leger
 
OpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgridOpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgridKamesh Pemmaraju
 
ACM Applicative System Methodology 2016
ACM Applicative System Methodology 2016ACM Applicative System Methodology 2016
ACM Applicative System Methodology 2016Brendan Gregg
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPThomas Graf
 
BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathThomas Graf
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorialmestery
 

En vedette (20)

The Next Linux Superpower: eBPF Primer
The Next Linux Superpower: eBPF PrimerThe Next Linux Superpower: eBPF Primer
The Next Linux Superpower: eBPF Primer
 
Linux BPF Superpowers
Linux BPF SuperpowersLinux BPF Superpowers
Linux BPF Superpowers
 
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
Evolving Virtual Networking with IO Visor [OpenStack Summit Austin | April 2016]
 
Linux Profiling at Netflix
Linux Profiling at NetflixLinux Profiling at Netflix
Linux Profiling at Netflix
 
Evolving Virtual Networking with IO Visor
Evolving Virtual Networking with IO VisorEvolving Virtual Networking with IO Visor
Evolving Virtual Networking with IO Visor
 
CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016] CETH for XDP [Linux Meetup Santa Clara | July 2016]
CETH for XDP [Linux Meetup Santa Clara | July 2016]
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
 
Velocity 2015 linux perf tools
Velocity 2015 linux perf toolsVelocity 2015 linux perf tools
Velocity 2015 linux perf tools
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?
 
From DTrace to Linux
From DTrace to LinuxFrom DTrace to Linux
From DTrace to Linux
 
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsIn-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
 
Optimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMUOptimizing VM images for OpenStack with KVM/QEMU
Optimizing VM images for OpenStack with KVM/QEMU
 
Netronome Corporate Brochure
Netronome Corporate BrochureNetronome Corporate Brochure
Netronome Corporate Brochure
 
Mastering kvm virtualization- A complete guide of KVM virtualization
Mastering kvm virtualization- A complete guide of KVM virtualizationMastering kvm virtualization- A complete guide of KVM virtualization
Mastering kvm virtualization- A complete guide of KVM virtualization
 
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel ArchitectureDPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
DPDK Summit - 08 Sept 2014 - Intel - Networking Workloads on Intel Architecture
 
OpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgridOpenStack networking - Neutron deep dive with PLUMgrid
OpenStack networking - Neutron deep dive with PLUMgrid
 
ACM Applicative System Methodology 2016
ACM Applicative System Methodology 2016ACM Applicative System Methodology 2016
ACM Applicative System Methodology 2016
 
Cilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDPCilium - Container Networking with BPF & XDP
Cilium - Container Networking with BPF & XDP
 
BPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable DatapathBPF: Next Generation of Programmable Datapath
BPF: Next Generation of Programmable Datapath
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorial
 

Similaire à ebpf and IO Visor: The What, how, and what next!

Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveMichal Rostecki
 
Efficient System Monitoring in Cloud Native Environments
Efficient System Monitoring in Cloud Native EnvironmentsEfficient System Monitoring in Cloud Native Environments
Efficient System Monitoring in Cloud Native EnvironmentsGergely Szabó
 
DCSF 19 eBPF Superpowers
DCSF 19 eBPF SuperpowersDCSF 19 eBPF Superpowers
DCSF 19 eBPF SuperpowersDocker, Inc.
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareBrendan Gregg
 
Not breaking userspace: the evolving Linux ABI
Not breaking userspace: the evolving Linux ABINot breaking userspace: the evolving Linux ABI
Not breaking userspace: the evolving Linux ABIAlison Chaiken
 
Dataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and toolsDataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and toolsStefano Salsano
 
Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology Jace Liang
 
Berkeley Packet Filters
Berkeley Packet FiltersBerkeley Packet Filters
Berkeley Packet FiltersKernel TLV
 
Kernel bug hunting
Kernel bug huntingKernel bug hunting
Kernel bug huntingAndrea Righi
 
eBPF Debugging Infrastructure - Current Techniques
eBPF Debugging Infrastructure - Current TechniqueseBPF Debugging Infrastructure - Current Techniques
eBPF Debugging Infrastructure - Current TechniquesNetronome
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemThomas Graf
 
eBPF Tooling and Debugging Infrastructure
eBPF Tooling and Debugging InfrastructureeBPF Tooling and Debugging Infrastructure
eBPF Tooling and Debugging InfrastructureNetronome
 
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...InfluxData
 
The Hitchhiker's Guide to Faster Builds. Viktor Kirilov. CoreHard Spring 2019
The Hitchhiker's Guide to Faster Builds. Viktor Kirilov. CoreHard Spring 2019The Hitchhiker's Guide to Faster Builds. Viktor Kirilov. CoreHard Spring 2019
The Hitchhiker's Guide to Faster Builds. Viktor Kirilov. CoreHard Spring 2019corehard_by
 
Digital design with Systemc
Digital design with SystemcDigital design with Systemc
Digital design with SystemcMarc Engels
 
BKK16-103 OpenCSD - Open for Business!
BKK16-103 OpenCSD - Open for Business!BKK16-103 OpenCSD - Open for Business!
BKK16-103 OpenCSD - Open for Business!Linaro
 
What’s Slowing Down Your Kafka Pipeline? With Ruizhe Cheng and Pete Stevenson...
What’s Slowing Down Your Kafka Pipeline? With Ruizhe Cheng and Pete Stevenson...What’s Slowing Down Your Kafka Pipeline? With Ruizhe Cheng and Pete Stevenson...
What’s Slowing Down Your Kafka Pipeline? With Ruizhe Cheng and Pete Stevenson...HostedbyConfluent
 
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ BuilderA Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ BuilderAndrey Karpov
 
Using eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster HealthUsing eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster HealthScyllaDB
 
Unifying Network Filtering Rules for the Linux Kernel with eBPF
Unifying Network Filtering Rules for the Linux Kernel with eBPFUnifying Network Filtering Rules for the Linux Kernel with eBPF
Unifying Network Filtering Rules for the Linux Kernel with eBPFNetronome
 

Similaire à ebpf and IO Visor: The What, how, and what next! (20)

Kubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep DiveKubernetes Networking with Cilium - Deep Dive
Kubernetes Networking with Cilium - Deep Dive
 
Efficient System Monitoring in Cloud Native Environments
Efficient System Monitoring in Cloud Native EnvironmentsEfficient System Monitoring in Cloud Native Environments
Efficient System Monitoring in Cloud Native Environments
 
DCSF 19 eBPF Superpowers
DCSF 19 eBPF SuperpowersDCSF 19 eBPF Superpowers
DCSF 19 eBPF Superpowers
 
UM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of SoftwareUM2019 Extended BPF: A New Type of Software
UM2019 Extended BPF: A New Type of Software
 
Not breaking userspace: the evolving Linux ABI
Not breaking userspace: the evolving Linux ABINot breaking userspace: the evolving Linux ABI
Not breaking userspace: the evolving Linux ABI
 
Dataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and toolsDataplane programming with eBPF: architecture and tools
Dataplane programming with eBPF: architecture and tools
 
Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology
 
Berkeley Packet Filters
Berkeley Packet FiltersBerkeley Packet Filters
Berkeley Packet Filters
 
Kernel bug hunting
Kernel bug huntingKernel bug hunting
Kernel bug hunting
 
eBPF Debugging Infrastructure - Current Techniques
eBPF Debugging Infrastructure - Current TechniqueseBPF Debugging Infrastructure - Current Techniques
eBPF Debugging Infrastructure - Current Techniques
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating SystemBPF & Cilium - Turning Linux into a Microservices-aware Operating System
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
 
eBPF Tooling and Debugging Infrastructure
eBPF Tooling and Debugging InfrastructureeBPF Tooling and Debugging Infrastructure
eBPF Tooling and Debugging Infrastructure
 
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
DISTRIBUTED PERFORMANCE ANALYSIS USING INFLUXDB AND THE LINUX EBPF VIRTUAL MA...
 
The Hitchhiker's Guide to Faster Builds. Viktor Kirilov. CoreHard Spring 2019
The Hitchhiker's Guide to Faster Builds. Viktor Kirilov. CoreHard Spring 2019The Hitchhiker's Guide to Faster Builds. Viktor Kirilov. CoreHard Spring 2019
The Hitchhiker's Guide to Faster Builds. Viktor Kirilov. CoreHard Spring 2019
 
Digital design with Systemc
Digital design with SystemcDigital design with Systemc
Digital design with Systemc
 
BKK16-103 OpenCSD - Open for Business!
BKK16-103 OpenCSD - Open for Business!BKK16-103 OpenCSD - Open for Business!
BKK16-103 OpenCSD - Open for Business!
 
What’s Slowing Down Your Kafka Pipeline? With Ruizhe Cheng and Pete Stevenson...
What’s Slowing Down Your Kafka Pipeline? With Ruizhe Cheng and Pete Stevenson...What’s Slowing Down Your Kafka Pipeline? With Ruizhe Cheng and Pete Stevenson...
What’s Slowing Down Your Kafka Pipeline? With Ruizhe Cheng and Pete Stevenson...
 
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ BuilderA Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
 
Using eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster HealthUsing eBPF to Measure the k8s Cluster Health
Using eBPF to Measure the k8s Cluster Health
 
Unifying Network Filtering Rules for the Linux Kernel with eBPF
Unifying Network Filtering Rules for the Linux Kernel with eBPFUnifying Network Filtering Rules for the Linux Kernel with eBPF
Unifying Network Filtering Rules for the Linux Kernel with eBPF
 

Plus de Affan Syed

A journey from underwater to cloud!
A journey from underwater to cloud!A journey from underwater to cloud!
A journey from underwater to cloud!Affan Syed
 
Industry perspective on Cloud and big data research
Industry perspective on Cloud and big data researchIndustry perspective on Cloud and big data research
Industry perspective on Cloud and big data researchAffan Syed
 
Emergent, choreographed, microservices … FTW
Emergent, choreographed, microservices … FTWEmergent, choreographed, microservices … FTW
Emergent, choreographed, microservices … FTWAffan Syed
 
WSN, IOT and the Future
WSN, IOT and the FutureWSN, IOT and the Future
WSN, IOT and the FutureAffan Syed
 
Understanding NFV and the MANO stack
Understanding NFV and the MANO stackUnderstanding NFV and the MANO stack
Understanding NFV and the MANO stackAffan Syed
 
Future of IoT: when thy scale shall tweet!
Future of IoT: when thy scale shall tweet! Future of IoT: when thy scale shall tweet!
Future of IoT: when thy scale shall tweet! Affan Syed
 
Cloud nfv intro at UoG
Cloud nfv intro at UoGCloud nfv intro at UoG
Cloud nfv intro at UoGAffan Syed
 
Openstack Pakistan Workshop (intro)
Openstack Pakistan Workshop (intro)Openstack Pakistan Workshop (intro)
Openstack Pakistan Workshop (intro)Affan Syed
 
Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Affan Syed
 
Openstack Workshop Pakistan (hands on session)
Openstack Workshop Pakistan (hands on session)Openstack Workshop Pakistan (hands on session)
Openstack Workshop Pakistan (hands on session)Affan Syed
 
IoT workshop PakSig
IoT workshop PakSigIoT workshop PakSig
IoT workshop PakSigAffan Syed
 
Msr summit 14_july2014
Msr summit 14_july2014Msr summit 14_july2014
Msr summit 14_july2014Affan Syed
 
Openstack Pakistan intro
Openstack Pakistan introOpenstack Pakistan intro
Openstack Pakistan introAffan Syed
 

Plus de Affan Syed (14)

A journey from underwater to cloud!
A journey from underwater to cloud!A journey from underwater to cloud!
A journey from underwater to cloud!
 
Industry perspective on Cloud and big data research
Industry perspective on Cloud and big data researchIndustry perspective on Cloud and big data research
Industry perspective on Cloud and big data research
 
Emergent, choreographed, microservices … FTW
Emergent, choreographed, microservices … FTWEmergent, choreographed, microservices … FTW
Emergent, choreographed, microservices … FTW
 
WSN, IOT and the Future
WSN, IOT and the FutureWSN, IOT and the Future
WSN, IOT and the Future
 
Understanding NFV and the MANO stack
Understanding NFV and the MANO stackUnderstanding NFV and the MANO stack
Understanding NFV and the MANO stack
 
NFV_vCPE
NFV_vCPENFV_vCPE
NFV_vCPE
 
Future of IoT: when thy scale shall tweet!
Future of IoT: when thy scale shall tweet! Future of IoT: when thy scale shall tweet!
Future of IoT: when thy scale shall tweet!
 
Cloud nfv intro at UoG
Cloud nfv intro at UoGCloud nfv intro at UoG
Cloud nfv intro at UoG
 
Openstack Pakistan Workshop (intro)
Openstack Pakistan Workshop (intro)Openstack Pakistan Workshop (intro)
Openstack Pakistan Workshop (intro)
 
Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)Openstack Workshop (Networking/Storage)
Openstack Workshop (Networking/Storage)
 
Openstack Workshop Pakistan (hands on session)
Openstack Workshop Pakistan (hands on session)Openstack Workshop Pakistan (hands on session)
Openstack Workshop Pakistan (hands on session)
 
IoT workshop PakSig
IoT workshop PakSigIoT workshop PakSig
IoT workshop PakSig
 
Msr summit 14_july2014
Msr summit 14_july2014Msr summit 14_july2014
Msr summit 14_july2014
 
Openstack Pakistan intro
Openstack Pakistan introOpenstack Pakistan intro
Openstack Pakistan intro
 

Dernier

Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 

Dernier (20)

Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 

ebpf and IO Visor: The What, how, and what next!

  • 1. eBPF and IO Visor: The what, how, and what next! Affan A. Syed Director Engineering, PLUMgrid Inc.
  • 3. ◦ Berkeley Packet Filter (BPF) and bytec ◦ Extended BPF (eBPF): Motivation and features ◦ BCC and IO Visor ◦ Basic demos ◦ Research Directions Outline
  • 5. Objective: To observe all traffic but capture only a subset Problem: Packet traversal through normal stack is slow Solution: Setup filters in kernel where packet dropped if not match Packet Filters ….but these filters need to be secure! Interfaces User space TAP/Raw (RO) driver netif_receive_skb() TC / traffic control Bridge hook / prerouting IP / routing Kernelspace Socket (TCP/UDP)
  • 6. Lets do: sudo tcpdump -p -ni eth0 "ip and udp“ Now lets do: $ sudo tcpdump -p -ni eth0 -d "ip and udp" 8 Tcpdump our friend (000) ldh [12] (001) jeq #0x800 jt 2 jf 5 (002) ldb [23] (003) jeq #0x11 jt 4 jf 5 (004) ret #65535 (005) ret #0 This code runs for every packet that arrives on eth0
  • 7. Think Java --- but don’t think VM ! Virtualize a machine instruction set Write byte code for this “fictional” machine verify this code is loop free and optimized Interpret, in-kernel, for *any* real processor 9 The concept of pseudo-machine
  • 8. 10 BPF Overview (insertion and usage) KernelUserSpace bpf bytecode Verifier Bytecode tcpdump libpcap Bytecode (interpreted) tcpdump If match eth0 Raw socket (eth0)
  • 9. Slowly evolving cBPF seccomp support for sandboxing tc filter for traffic shaping JIT compiler 11 Other uses and extension
  • 10. Extending BPF … while building a programmable Data Plane
  • 11. Data Plane Controller Closed Network Functions South Bound API, but no extensibility Closed North Bound API Management API DP DP DP CP CP CP Network Function CP-DP APIs Management API SDK operators IO Visor Controller Traditional SDN architecture With a programmable DP and controller on the side A new SDN architecture developers operators developers
  • 12. Enable packet parsing, lookup, modification, and updates Guarantee safety of code run on a production system Native performance Goals for a programmable Data Plane = eBPF
  • 13. Introduced as a separate syscall (user space access) int bpf(int cmd, union bpf_attr *attr, unsigned int size); Linux 3.18 and above Moved out of the networking subsystem 15 eBPF as a syscall interface Streamlined use, extensibility through single API
  • 14. 16 Enhanced architecture classic BPF extended BPF 2 registers + stack 32-bit registers 4-byte load/store to stack 1-4 byte load from packet Conditional jump forward +, -, *, … instructions 10 registers + stack 64-bit registers with 32-bit sub-registers 1-8 byte load/store to stack, maps, context Same + store to packet Conditional jump forward and backward Same + signed_shift + endian Call instruction tail_call map lookup/update/delete helpers packet rewrite, csum, clone_redirect sk_buff read/write • Can build more complicated program • Faster interpretation and JIT • Support for calls to approved helper functions
  • 15. Maps = <key, value> storage Save state across invocation of programs in kernel = state machines! Example: fd bpf_table_lookup(table_id, key) Userspace can create/access/delete these maps (using bpf syscall) loosely coupled communication between user and kernel space Maps can be shared between eBPF programs HASH, ARRAY … and growing 17 Maps Stateful programmability and async interaction with user space
  • 16. Invoke sanitized functions from within the eBPF program like a library – but … of course .. In-kernel e.g u64 bpf_ktime_get_ns(void), int bpf_trace_printk(const char *fmt, int fmt_size, ...), u32 prandom_u32(void) Tail call feature a combo of two components bpf_tail_call(ctx, prog_array_map,index) and PROG_ARRAY_MAP 18 Helper functions and tail calls increased capabilities, and sanitized access
  • 17. 19 Summary (for later reference)
  • 18. eBPF new architecture more complex required a brand new verifier Provably confirms inserted program does not: create loops, delays execution interminably, illegally dereference pointers Done statically, one-time, with an exhaustive search some heuristics to improve verification time 20 Verifier and kernel safety
  • 19. Restricted “C” code that compiles to bpf bytecode LLVM backend for this purpose with clang frontend Once inserted, the code is “hooked” to a kernel event no sense hooking to userspace events! On event firing the appropriate code is run in either native or interpreted mode 21 LLVM compiler, Interpreter, and JIT
  • 20. traffic control (TC): queues (classification or action time) sockets: STREAM (L4/UDP), DATAGRAM (L4/TCP) or RAW others: kprobes, syscalls, tracepoints ... 22 Example Hooks: The networking stack Interfaces User space TAP/Raw (RO) driver netif_receive_skb() TC / traffic control Bridge hook / prerouting IP / routing Kernelspace Socket (TCP/UDP)
  • 21. Visual Flow of code insertion and use Kernel LLVM UserSpace bpf bytecode Verifier Machine code Bytecode (interpreted) Helper Functions Maps bpf(load) eBPF prog in C (optional) ❶ ❷ ❸ Setup scripts Filedescriptor ❺ ❹ bpf(map_create) Code insertion Filedescriptor KernelUserSpace ❶ Machine code Bytecode (interpreted) Helper Functions Maps ❸ ❷Kernel hook event bpf(lookup, update, delete) ❹ Setup scripts Control logic (optional) Event Execution
  • 22. eBPF, IO Visor and BCC
  • 23. Writing eBPF programs was “brutal” Even with compiler, the map/code sharing Enter BPF compiler collection (BCC) Complexity of making eBPF code Src: Brenden Gregg Src: Brenden Gregg
  • 24. 26 BCC (https://github.com/iovisor/bcc) Make using features of eBPF easier to use Python front-end and scripts to create/access/delete maps load programs from a restricted “C” format attach to different locations with a simple API
  • 25. 27 BCC and a few screen-shots!
  • 26. Linux Foundation Collaborative Project IO Visor Engine is an abstraction of an IO execution engine A set of development tools, IO Visor Dev and Management A set of use cases & applications like Networking, Security, Tracing & others 28 IO Visor Project In- progress Compiler for P4
  • 28. 30 IO Visor Modules IO Visor Manager Kernel attachment points Kernel space User space Open repo of “IOV_Modules” Kernel code Kernel code APIs to Controllers Metadata SDK developers
  • 29. Lots of interesting projects there right now bpf-based file system (FUSE) Join and contribute! 31 https://github.com/iovisor/
  • 30.  https://github.com/iovisor/bcc  https://github.com/iovisor/bpf-docs  http://lwn.net/Articles/603984/  http://lwn.net/Articles/603983/  https://lwn.net/Articles/625224/  https://www.kernel.org/doc/Documentation/networking/filter.txt  http://man7.org/linux/man-pages/man2/bpf.2.html  https://linuxplumbersconf.org/2015/ocw//system/presentations/3249/original/bpf_llvm_2015aug19.pdf  https://videos.cdn.redhat.com/summit2015/presentations/13737_an-overview-of-linux-networking- subsystem-extended-bpf.pdf  https://github.com/torvalds/linux/tree/master/samples/bpf  http://events.linuxfoundation.org/sites/events/files/slides/tracing-linux-ezannoni-  https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt  http://lxr.free-electrons.com/source/net/sched/cls_bpf.c Useful links
  • 32. Hello world attach to clone event, print hello every time Hello world and state sum the number of events Networking example more complicated but fun  Things we demo
  • 33. Research Threads 35 … for the adventurous amongst you!
  • 34. Increasing application response time frequent /cached responses in kernel Container Networking custom encapsulation protocols and metadata State-full QoS Networking and packet manipulations
  • 35. 37 Fast, flexible and state-full Firewalls System call trapping and dynamic taint analysis Faster and less resource hungry analysis Security
  • 36. Disk latency heat-maps https://github.com/torvalds/linux/tree/master/samples/bpf/ 38 System Tracing One map for time- stamp, other for latency
  • 37. Event-based, packet-based micro-kernel abstraction Saving energy with operation in-kernel, user-space tools for config/mgmt/debug think tinyOS-inside-Linux Software defining an API for heterogenous and opportunistic low-power coms wifi, zigbee, Z-wave 39 Embedded Systems and Internet-of-Things
  • 38. Thank you! Questions? We are hiring hr.isb@plumgrid.com