tutorial

Fast Packet Processing with eBPF and XDP: Concepts, Code, Challenges, and Applications

Authors:
Marcos A. M. Vieira

Universidade Federal de Minas Gerais, Belo Horizonte, MG, Brazil

Universidade Federal de Minas Gerais, Belo Horizonte, MG, Brazil

0000-0001-9152-4114
View Profile

,
Matheus S. Castanho

Universidade Federal de Minas Gerais, Belo Horizonte, MG, Brazil

Universidade Federal de Minas Gerais, Belo Horizonte, MG, Brazil
View Profile

,
Racyus D. G. Pacífico

Universidade Federal de Minas Gerais, Belo Horizonte, MG, Brazil

Universidade Federal de Minas Gerais, Belo Horizonte, MG, Brazil
View Profile

,
Elerson R. S. Santos

Universidade Federal de Minas Gerais, Belo Horizonte, MG, Brazil

Universidade Federal de Minas Gerais, Belo Horizonte, MG, Brazil
View Profile

,
Eduardo P. M. Câmara Júnior

Universidade Federal de Minas Gerais, Belo Horizonte, MG, Brazil

Universidade Federal de Minas Gerais, Belo Horizonte, MG, Brazil
View Profile

,
Luiz F. M. Vieira

Universidade Federal de Minas Gerais, Belo Horizonte, MG, Brazil

Universidade Federal de Minas Gerais, Belo Horizonte, MG, Brazil

0000-0002-9050-3001
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 53 Issue 1Article No.: 16pp 1–36https://doi.org/10.1145/3371038

Published:06 February 2020Publication History

ACM Computing Surveys

Abstract

Extended Berkeley Packet Filter (eBPF) is an instruction set and an execution environment inside the Linux kernel. It enables modification, interaction, and kernel programmability at runtime. eBPF can be used to program the eXpress Data Path (XDP), a kernel network layer that processes packets closer to the NIC for fast packet processing. Developers can write programs in C or P4 languages and then compile to eBPF instructions, which can be processed by the kernel or by programmable devices (e.g., SmartNICs). Since its introduction in 2014, eBPF has been rapidly adopted by major companies such as Facebook, Cloudflare, and Netronome. Use cases include network monitoring, network traffic manipulation, load balancing, and system profiling. This work aims to present eBPF to an inexpert audience, covering the main theoretical and fundamental aspects of eBPF and XDP, as well as introducing the reader to simple examples to give insight into the general operation and use of both technologies.

References

2019. bpf: Increase Complexity Limit and Maximum Program Size. Retrieved from https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c04Google Scholar
2019. libbpf Unification and Golang Bindings. Discussion Summary, Linux Kernel Developers’ bpfconf 2019. Retrieved from http://vger.kernel.org/bpfconf2019.html#session-4.Google Scholar
2019. XDP Project Repository. Retrieved from https://github.com/xdp-project/xdp-project.Google Scholar
Ahmed Abdelsalam, Francois Clad, Clarence Filsfils, Stefano Salsano, Giuseppe Siracusano, and Luca Veltri. 2017. Implementation of virtual network function chaining through segment routing in a linux-based NFV infrastructure. In Proceedings of the 2017 IEEE Conference on Network Softwarization: Softwarization Sustaining a Hyper-Connected World: en Route to 5G (NetSoft’17). IEEE, Los Alamitos, CA, 1--5. DOI:https://doi.org/10.1109/NETSOFT.2017.8004208 arXiv:1702.05157Google ScholarCross Ref
Zaafar Ahmed, Muhammad Hamad Alizai, and Affan A. Syed. 2018. InKeV: In-kernel distributed network virtualization for DCN. SIGCOMM Comput. Commun. Rev. 46, 3, Article 4 (Jul. 2018), 6 pages. DOI:https://doi.org/10.1145/3243157.3243161Google ScholarDigital Library
S. Baidya, Y. Chen, and M. Levorato. 2018. eBPF-based content and computation-aware communication for real-time edge computing. In Proceedings of the INFOCOM IEEE Conference on Computer Communications Workshops (INFOCOM WORKSHOPS’18). IEEE, Los Alamitos, CA, 865--870. DOI:https://doi.org/10.1109/INFCOMW.2018.8407006Google Scholar
BCC. 2019. BPF Compiler Collection. Retrieved from https://github.com/iovisor/bcc.Google Scholar
BCC. 2019. BPF Program Types. Retrieved from https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md#program-types.Google Scholar
BCC. 2019. XDP Compatible Drivers. Retrieved from https://github.com/iovisor/bcc/blob/master/docs/kernel-versions.md#xdp.Google Scholar
David Beckett, Jaco Joubert, and Simon Horman. 2018. Host dataplane acceleration (HDA). In ACM SIGCOMM 2018 Tutorials (SIGCOMM'18). ACM, New York, NY.Google Scholar
Gilberto Bertin. 2017. XDP in practice: Integrating XDP into our DDoS mitigation pipeline. In Proceedings of the Netdev 2.1 Technical Conference on Linux Networking. 1--5.Google Scholar
Matteo Bertrone, Sebastiano Miano, Fulvio Risso, and Massimo Tumolo. 2018. Accelerating linux security with eBPF iptables. In Proceedings of the ACM SIGCOMM 2018 Conference on Posters and Demos (SIGCOMM’18). ACM, New York, NY, 108--110. DOI:https://doi.org/10.1145/3234200.3234228Google ScholarDigital Library
Daniel Borkmann. 2019. bpf, Libbpf: Support Global Data/bss/rodata Sections. Retrieved from https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d859900c4c56.Google Scholar
Pat Bosshart, Dan Daly, Glen Gibb, Martin Izzard, Nick McKeown, Jennifer Rexford, Cole Schlesinger, Dan Talayco, Amin Vahdat, George Varghese, and David Walker. 2014. P4: Programming protocol-independent packet processors. SIGCOMM Comput. Commun. Rev. 44, 3 (Jul. 2014), 87--95. DOI:https://doi.org/10.1145/2656877.2656890Google ScholarDigital Library
Autores bpftool. 2018. Manual Bpftool. Retrieved from https://elixir.bootlin.com/linux/v4.18-rc1/ source/tools/bpf/bpftool/Documentation/bpftool.rst.Google Scholar
bpftrace. 2019. High-level Tracing Language for Linux eBPF. Retrieved from https://github.com/iovisor/bpftrace.Google Scholar
Mihai Budiu. 2015. Compiling p4 to ebpf. Retrieved from https://github.com/iovisor/bcc/tree/master/src/cc/frontends/p4.Google Scholar
Cilium. 2018. Cilium 1.0: Bringing the BPF Revolution to Kubernetes Networking and Security. Retrieved from https://cilium.io/blog/2018/04/24/cilium-10/.Google Scholar
Cilium. 2019. BPF and XDP Reference Guide. Retrieved September 9, 2019 from https://cilium.readthedocs.io/en/latest/bpf/.Google Scholar
Cilium. 2019. Cilium: API-aware Networking and Security. Retrieved September 9, 2019 from https://cilium.io/.Google Scholar
Jonathan Corbet. 2014. BPF: The Universal In-kernel Virtual Machine. Retrieved from https://lwn.net/Articles/599755/.Google Scholar
DPDK. 2019. AF_XDP Poll Mode Driver. Retrieved from https://doc.dpdk.org/guides/nics/af_xdp.html.Google Scholar
DPDK. 2019. Berkeley Packet Filter Library. Retrieved from https://doc.dpdk.org/guides/prog_guide/bpf_lib.html.Google Scholar
Fabien Duchene, Mathieu Jadin, and Olivier Bonaventure. 2018. Exploring various use cases for IPv6 segment routing. In Proceedings of the ACM SIGCOMM 2018 Conference on Posters and Demos (SIGCOMM’18). ACM, New York, NY, 129--131. DOI:https://doi.org/10.1145/3234200.3234213Google ScholarDigital Library
Eric Dumazet. 2011. A JIT for Packet Filters. Retrieved from https://lwn.net/Articles/437981/.Google Scholar
Facebook. 2018. Katran Source Code Repository. Retrieved from https://github.com/facebookincubator/katran.Google Scholar
John Fastabend. 2018. [RFC PATCH 00/16] bpf, Bounded Loop Support Work in Progress. Retrieved from https://lwn.net/ml/netdev/20180601092646.15353.28269.stgit@john-Precision-Tower-5810/.Google Scholar
Nick Feamster, Jennifer Rexford, and Ellen Zegura. 2014. The road to SDN: An intellectual history of programmable networks. ACM SIGCOMM Comput. Commun. Rev. 44, 2 (2014), 87--98.Google ScholarDigital Library
C. Filsfils, S. Previdi, L. Ginsberg, B. Decraene, S. Litkowski, and R. Shakir. 2018. Segment Routing Architecture. RFC 8402. RFC Editor.Google Scholar
gobpf. 2019. Go Bindings for Creating BPF Programs. Retrieved from https://github.com/iovisor/gobpf.Google Scholar
Toke Høiland-Jørgensen, Jesper Dangaard Brouer, Daniel Borkmann, John Fastabend, Tom Herbert, David Ahern, and David Miller. 2018. The eXpress data path: Fast programmable packet processing in the operating system kernel. In Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies (CoNEXT’18). ACM, New York, NY, 54--66. DOI:https://doi.org/10.1145/3281411.3281443Google ScholarDigital Library
IOvisor. 2019. Iovisor Project. Retrieved March 29, 2019 from www.iovisor.org.Google Scholar
S. Jouet, R. Cziva, and D. P. Pezaros. 2015. Arbitrary packet matching in OpenFlow. In Proceedings of the 16th International Conference on High Performance Switching and Routing (HPSR’15). IEEE, Los Alamitos, CA, 1--6. DOI:https://doi.org/10.1109/HPSR.2015.7483106Google ScholarCross Ref
Simon Jouet and Dimitrios P. Pezaros. 2017. BPFabric: Data plane programmability for software defined networks. In Proceedings of the Symposium on Architectures for Networking and Communications Systems (ANCS’17). IEEE Press, Piscataway, NJ, 38--48. DOI:https://doi.org/10.1109/ANCS.2017.14Google Scholar
Michael Kerrisk. 2013. BFPC 8 Linux Manual Page. Retrieved June 8, 2019 from http://man7.org/linux/man-pages/man8/bpfc.8.html.Google Scholar
Jason Koch, Martin Spier, Brendan Gregg, and Ed Hunter. 2019. Extending Vector with eBPF to Inspect Host and Container Performance. Retrieved from https://medium.com/netflix-techblog/extending-vector-with-ebpf-to-inspect-host-and-container-performance-5da3af4c584b.Google Scholar
Eddie Kohler, Robert Morris, Benjie Chen, John Jannotti, and M. Frans Kaashoek. 2000. The click modular router. ACM Trans. Comput. Syst. 18, 3 (2000), 263--297.Google ScholarDigital Library
Bojie Li, Kun Tan, Layong (Larry) Luo, Yanqing Peng, Renqian Luo, Ningyi Xu, Yongqiang Xiong, Peng Cheng, and Enhong Chen. 2016. ClickNP: Highly flexible and high performance network processing with reconfigurable hardware. In Proceedings of the 2016 ACM SIGCOMM Conference (SIGCOMM’16). ACM, New York, NY, 1--14. DOI:https://doi.org/10.1145/2934872.2934897Google ScholarDigital Library
libbpf. 2018. Libbpf Source Code. Retrieved from https://elixir.bootlin.com/linux/v4. 18-rc1/source/tools/lib/bpf.Google Scholar
libbpf. 2019. Stand-alone Libbpf. Retrieved from https://github.com/libbpf/libbpf.Google Scholar
Linux. 2017. Net: Xdp: Support Xdp Generic on Virtual Devices. Retrieved from https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d445516966dcb2924741b13b27738b54df2af01a.Google Scholar
Linux Foundation. 2015. Data Plane Development Kit (DPDK). Retrieved from http://www.dpdk.org.Google Scholar
D. F. Macedo, D. Guedes, L. F. M. Vieira, M. A. M. Vieira, and M. Nogueira. 2015. Programmable networks: From software-defined radio to software-defined networking. IEEE Commun. Surv. Tutor. 17, 2 (2015), 1102--1125. DOI:https://doi.org/10.1109/COMST.2015.2402617Google ScholarDigital Library
Alan Maguire. 2019. Notes on BPF (1)—A Tour of Program Types. Retrieved from https://blogs.oracle.com/linux/notes-on-bpf-1.Google Scholar
Marek Majkowski. 2019. Cloudflare Architecture and How BPF Eats the World. Retrieved from https://blog.cloudflare.com/cloudflare-architecture-and-how-bpf-eats-the-world/.Google Scholar
Steven McCanne and Van Jacobson. 1993. The BSD packet filter: A new architecture for user-level packet capture. In Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings (USENIX’93). USENIX Association, Berkeley, CA, 1--11.Google ScholarDigital Library
Sebastiano Miano, Matteo Bertrone, Fulvio Risso, Massimo Tumolo, and Mauricio Vásquez Bernal. 2018. Creating complex network service with ebpf: Experience and lessons learned. In Proceedings of the High Performance Switching and Routing (HPSR’18). IEEE, Los Alamitos, CA, 1--8.Google ScholarCross Ref
Rashid Mijumbi, Joan Serrat, Juan Luis Gorricho, Niels Bouten, Filip De Turck, and Raouf Boutaba. 2016. Network function virtualization: State-of-the-art and research challenges. IEEE Communi. Surv. Tutor. 18, 1 (2016), 236--262.Google ScholarDigital Library
David Miller. 2017. BPF Verifier Overview. Retrieved April 9, 2019 from https://lwn.net/Articles/794934/.Google Scholar
J. Mogul, R. Rashid, and M. Accetta. 1987. The packer filter: An efficient mechanism for user-level network code. In Proceedings of the 11th ACM Symposium on Operating Systems Principles (SOSP’87). ACM, New York, NY, 39--51. DOI:https://doi.org/10.1145/41457.37505Google Scholar
Quentin Monnet. 2019. All-Out Programmability in Linux: An Introduction to BPF as a Monitoring Tool. Retrieved April 9, 2019 from https://qmo.fr/docs/talk_20190516_allout_programmability_bpf.pdf.Google Scholar
Quentin Monnet. 2019. Rust Virtual Machine and JIT Compiler for eBPF Programs. Retrieved from https://github.com/qmonnet/rbpf.Google Scholar
Netronome. 2019. Sample BPF Offload Apps. Retrieved from https://github.com/Netronome/bpf-samples.Google Scholar
PLUMgrid. 2016. Linux Kernel Source Code. Retrieved June 7, 2019 from https://github.com/torvalds/linux/blob/v5.3/samples/bpf/xdp1_kern.c.Google Scholar
PLUMgrid. 2016. Linux Kernel Source Code. Retrieved June 7, 2019 from https://github.com/torvalds/linux/blob/v5.3/samples/bpf/xdp1_user.c.Google Scholar
ply. 2019. Dynamic Tracing in Linux. Retrieved from https://github.com/iovisor/ply.Google Scholar
Alex Pollitt. 2019. Tigera adds eBPF Support to Calico. Retrieved September 9, 2019 from https://www.projectcalico.org/tigera-adds-ebpf-support-to-calico/.Google Scholar
Luigi Rizzo. 2012. netmap: A novel framework for fast packet I/O. In Proceedings of the 2012 USENIX Annual Technical Conference (USENIX ATC’12). USENIX Association, Berkeley, CA, 101--112. https://www.usenix.org/conference/atc12/technical-sessions/presentation/rizzoGoogle Scholar
Marta Rybczyńska. 2019. Bounded Loops in BPF for the 5.3 Kernel. Retrieved April 9, 2019 from https://www.spinics.net/lists/xdp-newbies/msg00185.html.Google Scholar
Jay Schulist, Daniel Borkmann, and Alexei Starovoitov. 2019. Linux Socket Filtering aka Berkeley Packet Filter (BPF). Retrieved March 17, 2019 from www.kernel.org/doc/Documentation/networking/filter.txt.Google Scholar
Haoyu Song. 2013. Protocol-oblivious forwarding: Unleash the power of SDN through a future-proof forwarding plane. In Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (HotSDN’13). ACM, New York, NY, 127--132. DOI:https://doi.org/10.1145/2491185.2491190Google ScholarDigital Library
Alexei Starovoitov. 2015. bpf: Introduce bpf_tail_call() Helper. Retrieved from https://lwn.net/Articles/645169/.Google Scholar
Alexei Starovoitov. 2018. Lifetime of BPF Objects. Retrieved from https://facebookmicrosites.github.io/bpf/blog/2018/08/31/object-lifetime.html.Google Scholar
Cheng-Chun Tu, Joe Stringer, and Justin Pettit. 2017. Building an extensible open vSwitch datapath. SIGOPS Oper. Syst. Rev. 51, 1 (Sep. 2017), 72--77. DOI:https://doi.org/10.1145/3139645.3139657Google ScholarDigital Library
uBPF. 2019. Userspace eBPF VM. Retrieved from https://github.com/iovisor/ubpf.Google Scholar
Marcos A. M. Vieira, Matheus S. Castanho, Racyus D. G. Pacífico, Elerson R. S. Santos, Eduardo P. M. Câmara Júnior, and Luiz F. M. Vieira. 2019. Zenodo—eBPF Tutorial. Retrieved from https://zenodo.org/record/3519347#.XbMxR6zMNhE.Google Scholar
Marcos A. M. Vieira, Matheus S. Castanho, Racyus D. G. Pacífico, Elerson R. S. Santos, Eduardo P. M. Câmara Júnior, and Luiz F. M. Vieira. 2019. eBPF Tutorial. Retrieved from https://github.com/racyusdelanoo/bpf-tutorial.Google Scholar
VMWare. 2018. p4c-xdp. Retrieved from https://github.com/vmware/p4c-xdp.Google Scholar
WeaveWorks. 2017. Improving Performance and Reliability in Weave Scope with eBPF. Retrieved from https://www.weave.works/blog/improving-performance-reliability-weave-scope-ebpf/.Google Scholar
XDP-Project. 2019. AXDP Hands-On Tutorial. Retrieved August 20, 2019 from https://github.com/xdp-project/xdp-tutorial.Google Scholar

Index Terms

Fast Packet Processing with eBPF and XDP: Concepts, Code, Challenges, and Applications
1. Networks
  1. Network architectures
    1. Programming interfaces
  2. Network components
    1. End nodes
    2. Middle boxes / network appliances

Recommendations

Fast In-kernel Traffic Sketching in eBPF

The extended Berkeley Packet Filter (eBPF) is an infrastructure that allows to dynamically load and run micro-programs directly in the Linux kernel without recompiling it.

In this work, we study how to develop high-performance network measurements in ...
Read More
Optimizing latency and CPU load in packet processing systems
Spects '15: Proceedings of the International Symposium on Performance Evaluation of Computer and Telecommunication Systems

High-speed network cards supporting 10 or 40GbE (Gigabit Ethernet) are available today. Software frameworks for high-speed packet reception and transmission were created to exhaust the performance of these cards. However, these frameworks are not ...
Read More
Low latency network traffic processing with commodity hardware
Spects '15: Proceedings of the International Symposium on Performance Evaluation of Computer and Telecommunication Systems

Packet processing on commodity hardware is a cost-efficient and flexible alternative to specialized networking hardware. In case of Linux, the classical QoS mechanisms (e.g DiffServ) assume that the outgoing link is the bottleneck. However, on commodity ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 53, Issue 1
January 2021
781 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3382040
Editor:
Albert Zomaya
University of Sydney, Australia
Issue’s Table of Contents
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 6 February 2020
- Revised: 1 October 2019
- Accepted: 1 October 2019
- Received: 1 June 2019
Published in csur Volume 53, Issue 1

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Computer networking
network functions
packet processing
Qualifiers
- tutorial
- Survey
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 93
  Total Citations
  View Citations
- 4,670
  Total Downloads
- Downloads (Last 12 months)1,049
- Downloads (Last 6 weeks)118
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Fast Packet Processing with eBPF and XDP: Concepts, Code, Challenges, and Applications

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Fast In-kernel Traffic Sketching in eBPF

Optimizing latency and CPU load in packet processing systems

Low latency network traffic processing with commodity hardware