At the recent Linux Storage, Filesystem, MM, and BPF Summit, Daniel Borkmann from Isovalent, who also serves on the eBPF Steering Committee, presented an insightful session titled “Revamping Global Socket Iterator, Netkit & Next Steps” (video follows below). Here’s a summary of the key points discussed during the session:
TCX and Netkit Integration: Advancing Network Performance
TCX Implementation:
- Introduction to TCX: TCX was merged into the 6.6 kernel, marking a significant milestone in modernizing the TC BPF data path. This new implementation not only enhances performance but also introduces BPF link support, enabling a unified attach interface for multiple programs.
- Benefits and Library Support: The integration of TCX brings performance improvements and library support for eBPF, allowing usage from languages like Go through Cilium integration.
Netkit Development:
- Merging and Objectives: Netkit was merged into the 6.7 kernel, replacing the weave device with a focus on boosting performance. The goal is to ensure Cilium achieves the same performance metrics as applications running within the host namespace.
- Performance Mechanism: Netkit achieves superior performance by attaching BPF programs directly within the device of the network namespace. This bypasses the per-CPU backlog queue used by weave, resulting in reduced latency and increased throughput.
Collaborative Efforts and Contributions
- Community Contributions: Several contributors played pivotal roles in enhancing Netkit. Lawrence added eBPF library support, ByteDance contributed to the Go netlink library, and DataDog assisted in integrating these changes into the eBPF Go library.
- Kernel Fixes and Optimizations: The team fixed issues related to traffic accounting for weave and Netkit, and removed indirect calls in the redirect path. Future plans include adding peer points directly into the device for further optimizations.
Achieving Robust Attachments with BPF Links
- Milestone Achievements: The session highlighted the transition to BPF link-based attachments, making the system more robust and enabling third-party applications to utilize these links effectively. Programs like XDP, TCX, and SEC programs for load balancing now benefit from this advancement.
Challenges and Solutions: Addressing Edge Cases
- L3 and L2 Modes: While implementing Netkit L3 mode, challenges related to MAC address handling within the CNI side led to crashes. These issues are being debugged, and small patches have resolved several test failures.
- E-type Trans Functionality: Adjustments to the E-type trans functionality were discussed to ensure packets are processed correctly when redirected to the host stack.
Future Directions: Enhancing Tunneling and VM Integration
- Tunneling Improvements: Upcoming work includes adjusting headroom and tail room settings for wireguard tunneling to gain performance improvements. This will involve extending user capabilities to manually set these parameters.
- VM Integration with AFXDP Support: Long-term plans include adding AFXDP support, enabling lightweight VMs within containers. This would allow end-users to run BPF tools with their own kernel, aligning with the broader industry trend towards lightweight virtual machines.
Revamping Global Socket Iterator
- Socket Iterator Enhancements: The session revisited the concept of a global socket iterator to handle issues like terminating connections for reused IPs and improving UDP handling. The idea is to have an iterator for all sockets, possibly using a global flag or a simple iterator around network namespaces.
Conclusion
Daniel Borkmann’s session provided a comprehensive update on the integration and advancements in TCX and Netkit, showcasing significant performance improvements and collaborative efforts. The discussion on future enhancements and the revamping of the global socket iterator indicates a continued focus on optimizing network performance and functionality. The contributions from the community and the roadmap for future developments reflect a dynamic and collaborative ecosystem driving these innovations forward.