Toward Flexible and Efficient In-Kernel Network Function Chaining with IOVisor
The eBPF Linux module, which represents the main component of the IOVisor technology, became part of the Linux kernel in 2013. This module enables arbitrary code to be dynamically injected and executed in the Linux kernel while at the same time providing hard safety guarantees in order to preserve the integrity of the system.
While, so far, this component has been used mainly for tracing, monitoring and statistics (in fact, several tools exist that extract information from network traffic and other kernel events such as page faults, system calls, and more), recent projects proposed its usage also for the creation of complex network functions.
This tutorial focuses on the high performance network processing capabilities of IOVisor and it presents the state of the art of the above technology, including XDP (eXpress Data Path), which enables a vanilla Linux kernel to sustain a 10Gbps wire-rate throughput. In addition, it presents the recent extensions of the Iovisor technology that allow the creation of complex network functions (switch, router, NAT, load balancer, firewall, etc.), including both data and control plane. This enables the creation of arbitrary modules, dynamically injectable at run-time, which can be used to create complex service chains and datacenter-wide services (such as the Cilium project).
Finally, this tutorial will summarize the possible interactions of IOVisor with other emerging technologies, such as OpenFlow/OpenState, P4, and SmartNICs.
Fulvio Risso (Ph.D. in Computer Engineering) is Associate Professor at the Department of Control and Computer Engineering of Politecnico di Torino, Italy. His research interests focus on high-speed and flexible network processing, software-defined networks, and network functions virtualization. He started and led several open-source software projects including WinPcap, the de-facto library for capturing and analyzing traffic on Windows. Fulvio is author of 100+ scientific papers, mostly focused on high-speed and flexible network processing.