We write our applications in ebpf: A Tale From a Telekom Operator - Nick Zavaritsky

eBPF & Cilium Community
12 Sept 202408:27

Summary

TLDRNick from mnii explains the company's use of eBPF for efficient data packet processing in smart devices, such as smart mouse traps. They transitioned from using GPDK to eBPF, which aggregates GTP traffic into a single GRE tunnel, enhancing performance and handling complex scenarios. eBPF's ability to run multiple packet processing apps simultaneously is a game-changer, offering high throughput and flexibility. Challenges with state management and Kubernetes integration are addressed, showcasing eBPF's potential in modern network applications.

Takeaways

  • 🐭 Nick's company, mnii, uses smart mouse traps that send push notifications when a mouse is caught, highlighting the importance of always-online connectivity.
  • πŸ“‘ The smart traps are independent of Wi-Fi and use mui cement side technology for data shipping, emphasizing the shift from gpdk to ebpf for efficiency.
  • πŸš€ Easier data path is achieved by integrating AWS, allowing device traffic to enter the customer VPC directly without public internet exposure.
  • πŸ”„ Transitioning from GTP to GRE tunnels is simplified using TC programs with BPF SKB get tunnel key helper, showcasing the power of BPF for packet processing.
  • 🌐 The script discusses the complexity of handling multiple sessions and tunnels, where BPF's ability to aggregate traffic and manage state is crucial.
  • πŸ› οΈ BPF's flexibility is highlighted by its ability to run multiple packet processing applications side by side, a significant advantage over other methods.
  • πŸ“š The script acknowledges the complexity of signaling in cell networks but chooses to focus on the data path for simplicity.
  • πŸ”„ BPF maps are praised for their powerful API, complete type information, and the ability to build generic tools for state management.
  • πŸ’Ύ The script suggests that BPF can be used to populate maps from database tables, indicating its versatility in data handling.
  • πŸ”’ Security is implied through the use of AWS integration and the handling of traffic within VPCs, ensuring data is kept private and secure.
  • πŸ› οΈ The script concludes that while DPDK is faster, BPF's ability to run multiple applications concurrently and its integration with Kubernetes is a game-changer.

Q & A

  • What is the primary function of the smart mouse traps mentioned in the script?

    -The smart mouse traps are designed to trap mice, and once a mouse is trapped, they send a push notification.

  • Why does the smart mouse trap not depend on Wi-Fi for connectivity?

    -The smart mouse traps are always online and do not rely on Wi-Fi because they have built-in cellular connectivity.

  • What is the significance of using eBPF (Extended Berkeley Packet Filter) in the context of the script?

    -eBPF is seen as a game-changer because it allows for running multiple packet processing applications side by side, which is crucial for handling the complexity of the service described.

  • How does the data path work for the smart mouse traps once a device is online and authenticated?

    -The data path involves a GTP tunnel that is terminated on the right-hand side, with traffic entering the customer's VPC through AWS integration without traveling over the public internet.

  • What is the role of AWS Transit Gateway in the data path described?

    -AWS Transit Gateway understands GRE (Generic Routing Encapsulation) and can match the tunnel to the customer VPC, facilitating the transfer of traffic.

  • Why is there a need to convert between GTP tunnels and GRE tunnels?

    -The conversion is necessary because the system has over 1 million GTP tunnels but uses a single GRE tunnel in collect mode to aggregate all GTP traffic, which is more efficient.

  • How does the TC (Traffic Control) program use eBPF to process the tunnels?

    -The TC program uses eBPF to aggregate GTP traffic into a single tunnel, match a tunnel to the customer, and redirect packets into a GRE device, all while handling complex corner cases like packet reassembly and fragmentation.

  • What is the advantage of using XDP (eXpress Data Path) in the packet processing?

    -XDP allows for fast packet processing at the earliest point in the network stack, matching a tunnel to the customer and finding the target GRE tunnel using shared eBPF maps.

  • Why is eBPF considered more flexible than DPDK (Data Plane Development Kit) in the context of the script?

    -eBPF is more flexible because it allows running multiple packet processing applications side by side, whereas DPDK is limited to a single task per CPU core.

  • How does the script's author propose to handle the challenges of state management and software updates in the context of eBPF?

    -The author suggests that eBPF maps, with their powerful APIs, can be used to build generic tools for dumping and restoring state, allowing for state extraction from a running instance and injection into a new one.

  • What challenges does the author face when trying to run eBPF-based applications in Kubernetes?

    -The challenges include the incompatibility of eBPF with virtual interfaces and the need for a secondary interface with a custom CNI (Container Network Interface) to ensure packets are processed as needed by the multiple packet processing applications.

Outlines

00:00

🐭 Smart Mouse Trap Connectivity

Nick from mnii introduces a smart mouse trap as a metaphor for their IoT connectivity service. The trap, once triggered, sends a push notification without relying on Wi-Fi, using mui cement side technology. The company's transition from gpdk to ebpf is highlighted as a game-changer. The script explains the data path for IoT devices, emphasizing the simplicity of data passing through a GTP tunnel into the customer's VPC via AWS integration. The use of a TC program with BPF to aggregate GTP traffic into a single GRE tunnel is detailed, along with the handling of complex corner cases like packet reassembly and fragmentation. The script also touches on the broader challenges of managing multiple GTP tunnels and the benefits of using ebpf for stateful operations and high-performance packet processing.

05:01

πŸš€ High-Performance Packet Processing with eBPF and DPDK

The script contrasts eBPF with DPDK, highlighting eBPF's ability to run multiple packet processing applications side by side, which is a significant advantage over DPDK's single-task focus. While acknowledging DPDK's speed and flexibility, the script points out its limitations with polling and scalability. The discussion then shifts to the challenges of running packet processing applications in Kubernetes, where eBPF's integration is not straightforward due to its interaction with virtual interfaces and network plugins. The script concludes with the necessity of a custom CNI for eBPF applications in Kubernetes and the ongoing work to build a solution. The video ends with a summary of the benefits of using eBPF for smart device connectivity, the preference for microservices over monoliths, and the cool factor of running multiple packet processing apps concurrently.

Mindmap

Keywords

πŸ’‘Smart Mouse Traps

Smart mouse traps refer to a type of device that uses technology to capture mice. In the context of the video, these traps are equipped with connectivity that allows them to send push notifications once a mouse is caught. This example is used to illustrate the practical application of advanced networking technologies in everyday devices, showcasing the integration of IoT (Internet of Things) principles.

πŸ’‘M-NO (Mobile Network Operator)

M-NO stands for Mobile Network Operator, which is a company that provides wireless communication services to mobile phone users. The script mentions M-NO in relation to the connectivity of smart devices, emphasizing the importance of reliable and robust network services for the operation of IoT devices like smart mouse traps.

πŸ’‘GTP (GPRS Tunneling Protocol)

GTP is a network protocol used in mobile networks to transport data across a wireless network. In the video, GTP is mentioned as the protocol used for the data path in smart mouse traps, which must be terminated and translated into another protocol, GRE, for efficient data transmission within a networked environment.

πŸ’‘AWS Integration

AWS, or Amazon Web Services, is a comprehensive and broadly adopted cloud platform. The script discusses how device traffic from smart mouse traps gets routed into a customer's VPC (Virtual Private Cloud) on AWS without going over the public internet, highlighting the security and efficiency of such integration.

πŸ’‘GRE (Generic Routing Encapsulation)

GRE is a protocol used to encapsulate a variety of network layer protocols. The video explains that traffic from the smart mouse traps, which initially uses GTP, is wrapped in GRE for compatibility with AWS Transit Gateway, demonstrating the technical steps involved in data transmission across different network environments.

πŸ’‘BPF (Berkeley Packet Filter)

BPF is a technology for executing packet processing programs in the kernel space, which is crucial for high-performance networking. The video discusses how BPF is used to manage the conversion between GTP and GRE tunnels efficiently, emphasizing its role in handling complex packet processing tasks.

πŸ’‘XDP (eXpress Data Path)

XDP is a high-performance networking bypass framework in the Linux kernel. The script mentions using XDP for fast packet processing, indicating its importance in achieving low-latency network operations, which is critical for real-time applications like smart devices.

πŸ’‘Collect Mode

Collect mode is a method of aggregating traffic from multiple sources into a single stream. The video describes how a single GTP tunnel in collect mode can aggregate all GTP traffic, which simplifies the management of a large number of tunnels and enhances network efficiency.

πŸ’‘Stateful Processing

Stateful processing refers to the ability of a system to keep track of the state of network connections. The script touches on the challenges of managing stateful processing in evolving applications, where BPF provides a solution by allowing state to be extracted and injected into new instances.

πŸ’‘Microservices Architecture

Microservices architecture is a design approach that structures applications as collections of loosely coupled services. The video discusses the preference for microservices over monolithic applications due to the complexity of managing smart devices, highlighting the scalability and flexibility of this architectural pattern.

πŸ’‘Kubernetes

Kubernetes is an open-source platform designed to automate deploying, scaling, and operating application containers. The script mentions the use of Kubernetes to manage BPF applications, indicating the integration of advanced networking technologies with container orchestration systems for efficient management of cloud-native applications.

Highlights

Nick works for a company called mnii and uses a smart mouse trap example to explain their work.

Smart mouse traps send push notifications when a mouse is caught, using mui cement side for connectivity.

The company is transitioning from gpdk to ebpf, which is seen as a game-changer.

Data packets are shipped using IP, with GTP tunnels terminated on the right-hand side.

AWS integration allows device traffic to enter the customer VPC without using the public internet.

Traffic is wrapped in GRE for compatibility with AWS Transit Gateway.

Over 1 million GTP tunnels are managed in a busy region, aggregated into a single GRE tunnel.

A TC program uses BPF SKB get tunnel key helper to recover tunnel information.

BPF maps are used to match tunnels to customers and find target GRE tunnels.

Packets are redirected into a GRE device operating in collect mode.

BPF handles complex corner cases like packet reassembly and fragmentation.

BPF is used for high-performance packet processing, with XDP programs for fast path matching.

BPF allows running multiple packet processing apps side by side.

BPF maps have a powerful API for populating and reading content with type information.

State can be extracted from a running instance and injected into a new one using BPF.

DPDK is faster than BPF but requires dedicating a CPU core to a single task.

BPF's ability to run multiple apps side by side is a significant advantage over DPDK.

BPF works well with Kubernetes, but some adjustments are needed for packet processing.

A secondary interface with a custom CNI is provisioned to meet packet processing needs.

The company is taking smart devices online using isdp and TC, with a focus on scalability.

The conclusion emphasizes the importance of BPF for running multiple packet processing apps in parallel.

Transcripts

play00:00

[Music]

play00:09

hi I'm Nick I work for a company called

play00:12

mnii I'd like to use a cute example to

play00:15

explain what we are doing I have a

play00:17

customer that makes Smart mouse traps

play00:20

once the mouse is trapped a push

play00:22

notification is sent Mouse trp is always

play00:24

online and it doesn't depend on your

play00:26

Wi-Fi for connectivity because it has

play00:28

mui cement side we don't offer voice

play00:32

only data shipping IP packets is an

play00:34

important part of our business we relied

play00:37

on gpdk in the past but now we are

play00:40

transitioning to ebpf today I want to

play00:42

tell you why we see ebpf as a game

play00:45

changer I'd like to acknowledge that

play00:48

signaling in cell networks is a complex

play00:51

topic I will conveniently ignore

play00:53

signaling today once a device is online

play00:56

and authenticated the data pass is

play00:58

rather simple it is a GTP tunnel we have

play01:01

to terminate on the right hand side we

play01:04

have AWS integration device traffic gets

play01:07

right into the customer VPC without

play01:09

traveling over the public internet

play01:12

actually it enters our VPC first the

play01:15

traffic is wrapped in GRE because AWS

play01:18

Transit Gateway understands GRE and it

play01:21

can match the tunnel to the customer VPC

play01:23

where appearing withs we had to convert

play01:26

between GTP tunnels on the left hand

play01:28

side and GR on the right hand side we

play01:31

have over 1 million GTP tunnels in a

play01:34

busy region but relatively few GRE

play01:37

tunnels clearly you can can't have a

play01:40

million tunnels in Linux instead a

play01:43

single tunnel in so-called collect mode

play01:45

Aggregates all GTP traffic a TC program

play01:49

uses BPF SKB get tunnel key helper to

play01:52

recover information about a tunnel the

play01:55

program uses BPF maps to match a tunnel

play01:58

to the customer and to find out the

play02:00

target GRE tunnel finally the program

play02:03

updates the tunnel key and redirects the

play02:05

packet into a GRE device also operating

play02:09

in collect mode it's reasonably fast

play02:12

better yet it handles all complex Corner

play02:14

cases such as packet reassembly and

play02:17

fragmentation and sending icmp

play02:19

fragmentation needed

play02:22

messages Corner cases do happen but for

play02:25

the majority of packets conversion

play02:27

between GTP and gr is a simple as

play02:30

changing a few headers in the packet

play02:31

buffer we use XDP program was a fast PA

play02:35

it match a tunnel to the customer and

play02:38

finds out the target G tunnel using BPF

play02:41

Maps shared with DC program so

play02:44

apparently BPF is quite handy and

play02:46

Powerful however we consider it the

play02:48

Breakthrough for a different reason

play02:50

let's have a look at the broader picture

play02:53

there are some complications on the left

play02:55

a device can open several sessions

play02:57

simultaneously it results in multiple

play02:59

GTP tunnels to be used for different

play03:02

traffic classes on the right it is

play03:04

typically a few GRE tunnels per customer

play03:06

for improved throughput and redundancy

play03:09

some customers do their own tunneling so

play03:12

that packets can carry additional

play03:13

metadata such as an Ino ID and in

play03:16

between we have a nut and a firewall and

play03:19

flow logs in the kitchen sink due to

play03:22

overall complexity we prefer to do

play03:24

several apps instead of a single

play03:26

monolith so we have multiple apps to

play03:29

operate and not just multiple apps but

play03:32

multiple instances of every app it would

play03:34

be nice if you could run several apps

play03:36

side by side on a single server another

play03:39

challeng is State product evolves and

play03:42

requirements change therefore we have to

play03:43

push updates of but the tel mightly for

play03:46

days either we keep old versions of the

play03:48

software out until it drains or we

play03:51

impact customers it would be nice if you

play03:54

could extract State out of a running

play03:56

instance and somehow inject it into a

play03:58

new one

play04:01

with mpf it is finally possible to run

play04:03

multiple packet processing apps side by

play04:05

side that's why we write our

play04:07

applications in mpf or more precisely

play04:10

the packet processing part we use goang

play04:13

for user space part we are H ebpf

play04:16

users we manage our f with kubernets I

play04:20

have to acknowledge that ebpf maps are

play04:22

accidentally awesome they are equipped

play04:24

with powerful API to populate and to

play04:27

read back the content speak speaking of

play04:30

content a complete type information is

play04:32

available it is not OP pack bites you

play04:34

are looking at but rather structures

play04:36

with named fields of known type it is

play04:39

possible to build a generic tool to dump

play04:41

and restore State performing conversion

play04:44

that data out changed with sufficient

play04:47

effort streaming replication can be

play04:50

achieved we can also populate a ebpf map

play04:53

from a database table in a generic way

play04:56

I'd love to dedicate more time to ebpf

play04:58

Maps but unfortunately I

play05:00

hand speaking about high performance

play05:02

packet processing it's hard to ignore

play05:05

the pdk it has been around for a while

play05:07

and it is quite popular the idea is to

play05:09

remove a network interface from the

play05:11

kernel and to drive it from user space

play05:14

pcket buffers are shared with user space

play05:16

via memory mapping similarly receiving

play05:19

transmitting are exposed application PS

play05:22

receiving in a busy Loop to find out if

play05:25

there is an incoming

play05:27

packet I have to acknowledge that the in

play05:30

general is faster than ebpf a modern CPU

play05:33

has many special purpose instructions

play05:35

such as AVX which ebpf lags when using

play05:38

dpdk a CPU core is typically dedicated

play05:41

to a single task hence CPU cach heat

play05:44

rates are higher dpdk is also more

play05:47

flexible since it is just regular user

play05:50

space however dpdk means to BU the

play05:52

polling as soon as there are more

play05:55

threats and CPU cores everything falls

play05:58

apart VIs BPF it is possible to run

play06:01

multiple packet processing apps side by

play06:03

side easily and it is

play06:07

huge finally let's talk about running in

play06:10

kubernets an application relying on isdp

play06:13

works just fine in kubernets except it

play06:16

doesn't an X Program won't see any

play06:18

packets coming in it doesn't work with

play06:21

virtual internet P it probably doesn't

play06:23

work with net kit

play06:25

either let's follow the path of an

play06:28

incoming packet it's CC program attached

play06:30

to e z observes a packet and redirects

play06:33

it into vf1 normally a redirect would

play06:37

put a packet on an internal queue inside

play06:39

which is an pair and packet processing

play06:42

would end eventually the Kel will find

play06:44

out that there is a packet pending the

play06:46

packet will reemerge from via T passing

play06:50

through hdp andc layers is expected but

play06:53

there is an important optimization

play06:55

happening instead of a plane redirect

play06:58

BBF redirect pi done the packet doesn't

play07:01

go into cure the packet processing

play07:03

doesn't end instead it performs another

play07:05

iteration using grass interface set to

play07:08

W2 since there is no waiting on the que

play07:11

the latency improves several Corners are

play07:13

cut and hdp is

play07:16

skipped however for our packet

play07:19

processing needs we actually want the

play07:20

packet to get on a c consider this they

play07:23

have many packet processing apps each

play07:26

with their own ebpf blobs accumulating

play07:29

multiple packets and processing the

play07:31

batch together is more effective from

play07:33

CPU cach perspective it also like to

play07:35

dispatch packets to ports in DP since

play07:38

going through TC to hit XDP makes little

play07:41

sense apparently packet processing apps

play07:44

have different needs compared to regular

play07:46

container work claws since we don't see

play07:48

a way to unify conflicting requirements

play07:50

we provision a secondary interface with

play07:52

a custom

play07:54

cni it's time for a conclusion we are

play07:57

taking smart devices online using isdp

play08:00

and TC the service is complex therefore

play08:03

we are doing Cals instead of a monolith

play08:06

is the BPF it is finally possible to run

play08:08

multiple packet processing apps side by

play08:10

side is really cool however to make it

play08:13

work in kubernets a proposed build C is

play08:15

necessary we are currently working on

play08:18

one

play08:19

[Music]

play08:23

[Applause]

play08:23

[Music]

Browse More Related Video

eBPF’s Abilities and Limitations: The Truth - Liz Rice & John Fastabend, Isovalent

Looking Ahead: the eBPF Innovation Roadmap - Thomas Graf

Quality of Service (QoS) PART-2 Explained in Hindi l Embedded and Real time Operating System Course

SMT 2-6 Sniffing

What is Ethereum? A Beginner's Explanation in Plain English

Network Virtualization Simplified

Rate This
β˜…
β˜…
β˜…
β˜…
β˜…

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
eBPFSmart DevicesData ProcessingNetwork OptimizationLinux NetworkingAWS IntegrationGTP TunnelingPacket ProcessingTech InnovationSoftware Efficiency