Member-only story
This will be a Series of Posts on eBPF extensively covering XDP and its usage.
New technology, implemented in Linux, extends kernel functionalities without having to modify the kernel, Safe to execute with a verification engine, JIT compiler and LLVM (Virtual Environment) basically a safe and secure tiny VM.
Some Background
As my career is mainly in Network Engineering, when some talks about Network performance my initial thoughts jump to increasing network throughput, Port-Density, High speed and secure interconnect, I recently came across Systems Performance by Brendan Gregg. I have to say I have never ever imagined that the role is sought out, I went through the book (https://www.amazon.co.uk/Systems-Performance-Enterprise-Brendan-Gregg/dp/0133390098) and I was indeed mind blown by the granularity that one can look into an individual system.
I definitely would recommend anyone in Networking/Cloud/Systems Engineering to go through this book if you haven’t t already, it exposes a whole new level of Linux Kernel and E-BPF and Performance methodologies (Chapter 2) which I instantly fell in love with.
What Inspired me?
When I first saw the book I was under the initial impression that this was meant for Linux system administrators and was only about a bunch of commands. On a Sunday evening when I was browsing through some of the Linux networking commands, I realised the depth and after some research, I understood XDP (express Data Path) is actually written with the help of BPF which opens a whole new level of Networking that major firms already implemented, as an example you could use XDP to build a load balancer, a DDOS mitigation system and bypass IP-Tables completely, change packet headers at network card level and Cilium (which is well known in Kubernetes space) is using an implementation based on eBPF, but more of this later.
Short Example
Most of us know the life of a TCP session, which would technically have Connect, SYN, and ACK. let's use a BPF program to see what happens when I try to SSH into the
we can clearly see, the old and new TCP states of an arriving packet when I closed the TCP session I could even see the Close_wait and Last_Ack which is fantastic.
The next series of posts would cover Installation (docker, vagrant and native) along with some programming starters.
-Rakesh
