Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core...

20
Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico

Transcript of Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core...

Page 1: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

Calico Networking with eBPF

Shaun Crampton, Core Developer for Project Calico

Chris Hoge, Developer Advocate for Project Calico

Page 2: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

What prompted the team to add another dataplane to Calico?

Page 3: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

Calico’s Pluggable Dataplane

Page 4: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

What is eBPF?

Page 5: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

(extended) Berkeley Packet Filter● An in-kernel virtual machine that “gives super-powers to

Linux”

● Allows you to attach mini-programs to low-level hooks in the kernel

● Programs verified to ensure they are “safe” ○ e.g. can’t crash the system, access invalid memory addresses, will

terminate

● Programs can only interact with the rest of the kernel through helper functions (there’s a limit to super powers!)

● The clang compiler can be used to build eBPF programs or you can write them directly in byte-code

Page 6: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

What sort of things can you do with eBPF?

Page 7: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

eBPF Features and Uses

● Security! ○ A seccomp filter mode allows users to write a program to determine

if a system call is allowed.

● Logging and Tracing!○ Gather information directly from the kernel about what calls are

being run and how much time is being spent in them.

● Network Routing and Packet Filtering!○ It’s right there in the name. There are many different networking

hooks - with varying performance and richness in capabilities.

Page 8: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

How did you figure out what to build?

What was your design and development process?

Page 9: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

How is this different from the current implementation?

Page 10: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

What improvements does eBPF bring to Calico?

Page 11: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

Pod-to-pod throughput and CPU40 Gbps network, running qperf in single pod

Page 12: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

Native handling of Services: First packet latency

Page 13: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

Native handling of Services: More efficient updates

Page 14: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

Native handling of Services: Direct Server Return

Kube-proxy packet path Calico eBPF

Page 15: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

Native handling of Services: Direct Server Return40 Gbps network, 1k services

Page 16: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

How can I try it out?

Page 17: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

How to try it out!

● This is a tech preview, which means it’s not ready for production… yet!

● https://docs.projectcalico.org/getting-started/kubernetes/trying-ebpf

Page 18: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

What’s next?

Page 19: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

Thank you!Questions? https://projectcalico.org

https://slack.projectcalico.org

@projectcalico

https://github.com/projectcalico/community

https://discuss.projectcalico.org

Page 20: Calico Networking with eBPF · 2020-03-17 · Calico Networking with eBPF Shaun Crampton, Core Developer for Project Calico Chris Hoge, Developer Advocate for Project Calico. What

References

● Introducing the Calico eBPF Dataplane (projectcalico)● A Thorough Introduction to eBPF (lwn)● A seccomp overview (lwn)● eBPF Tracing Tools


Metaswitch Project Calico

Metaswitch Project Calico

Calico using rkt

Calico using rkt

Calico Bag

Calico Bag

Calico Skies

Calico Skies

A.I.S.E. & EBPF SURVEY BPR IMPACT ON BIOCIDAL PRODUCTS …€¦ · A.I.S.E./ EBPF BPR survey 2015 Page 7 of 28 1. Introduction In 2011, A.I.S.E. and Cefic/EBPF ran an enquiry amongst

A.I.S.E. & EBPF SURVEY BPR IMPACT ON BIOCIDAL PRODUCTS …€¦ · A.I.S.E./ EBPF BPR survey 2015 Page 7 of 28 1. Introduction In 2011, A.I.S.E. and Cefic/EBPF ran an enquiry amongst

eBPF Offload Getting Started Guide - Netronome

eBPF Offload Getting Started Guide - Netronome

Calico Computer Consulting

Calico Computer Consulting

Demystify eBPF JIT Compiler - Open-NFP · 2019-02-27 · What is an eBPF JIT Compiler? eBPF representation Ø Designed to be set of instructions and are close to x86-64, AArch64 etc.

Demystify eBPF JIT Compiler - Open-NFP · 2019-02-27 · What is an eBPF JIT Compiler? eBPF representation Ø Designed to be set of instructions and are close to x86-64, AArch64 etc.

Security Monitoring with eBPF - Brendan Gregg · Security Monitoring with eBPF. The Brief. Extended Berkley Packet Filter (eBPF) is a new Linux feature which allows safe and ... This

Security Monitoring with eBPF - Brendan Gregg · Security Monitoring with eBPF. The Brief. Extended Berkley Packet Filter (eBPF) is a new Linux feature which allows safe and ... This

Security Monitoring with eBPF - Brendan Gregg

Security Monitoring with eBPF - Brendan Gregg

CALICO 2015 ODOWD

CALICO 2015 ODOWD

Bringing the Power of eBPF to Open vSwitch - Linux kernelvger.kernel.org/lpc_net2018_talks/ovs-ebpf-lpc18-presentation.pdf · What is eBPF? •An in-kernel virtual machine •Users

Bringing the Power of eBPF to Open vSwitch - Linux kernelvger.kernel.org/lpc_net2018_talks/ovs-ebpf-lpc18-presentation.pdf · What is eBPF? •An in-kernel virtual machine •Users

Meet cute-between-ebpf-and-tracing

Meet cute-between-ebpf-and-tracing

eBPF Trace from Kernel to Userspace

eBPF Trace from Kernel to Userspace

Calico and ubuntu

Calico and ubuntu

Wiki CALICO

Wiki CALICO

Kuster Calico Mercerization

Kuster Calico Mercerization

Trace Aggregation and Collection with eBPF - STEPstep.polymtl.ca/~suchakra/eBPF-5May2017.pdf · Trace Aggregation and Collection with eBPF Suchakrapani Sharma 5th May 2017 Polytechnique

Trace Aggregation and Collection with eBPF - STEPstep.polymtl.ca/~suchakra/eBPF-5May2017.pdf · Trace Aggregation and Collection with eBPF Suchakrapani Sharma 5th May 2017 Polytechnique

Calico house

Calico house

Staring into the eBPF Abyss

Staring into the eBPF Abyss