-
Welcome
-
Subscribe to
Container Networking with BPF & XDP
Session information has not yet been published for this event.
One Line Summary
Fast in-kernel container networking with security policy enforcement based on BPF programs which are generated on the fly for each container.
Abstract
This talk demonstrates that programmability and performance does not require user space networking, it can be achieved in the kernel by generating BPF programs and leveraging the existing kernel subsystems. We will demo an early prototype which provides fast IPv6 & IPv4 connectivity to containers, container labels based security policy with avg cost O(1), and debugging and monitoring based on the per-cpu perf ring buffer. We encourage a lively discussion on the approach taken and next steps.
Tags
networking, debugging, kernel, containers, bpf, visibility
Speaker
-
- Twitter: tgraf__
Biography
Thomas Graf has been a Linux kernel developer for 10 years, working on a variety of networking subsystems. His current focus is on container network and security. He contributes to various open source projects, such as the Linux kernel, Cilium and Open vSwitch. Thomas is currently at Noiro Networks, a Cisco project.