-
Welcome
-
Subscribe to
Sponsors
DIAMOND SPONSOR
PLATINUM SPONSORS
GOLD SPONSORS
SILVER SPONSORS
T-SHIRT SPONSOR
BREAKFAST SPONSOR
MEDIA SPONSORS
Cilium - Container Networking with BPF & XDP
This proposal has been rejected.
One Line Summary
Fast in-kernel networking and security policy enforcement for containers based on eBPF programs generated on the fly
Abstract
We present a new open source project which provides IPv6 & IPv4 networking for Linux Containers by generating programs for each individual container on the fly and then runs them as JITed BPF code in the kernel. By generating and compiling the code, the program is reduced to the minimally required feature set and then heavily optimised by the compiler as parameters become plain variables. The upcoming addition of the Express Data Plane (XDP) to the kernel will make this approach even more efficient as the programs will get invoked directly from the network driver.
Tags
networking, containers, IPv6, bpf, policy, xdp
Speaker
-
- Twitter: tgraf__
Biography
Thomas Graf has been a Linux kernel developer for 10 years, working on a variety of networking subsystems. His current focus is on container network and security. He contributes to various open source projects, such as the Linux kernel, Cilium and Open vSwitch. Thomas is currently at Noiro Networks, a Cisco project.
