I’m learning eBPF technologies on linux to be able to develop some very efficient network applications. Why I need that level of efficiency and how eBPF solve this will be part of these blog series.

What is eBPF ?

eBPF stand for extended Berkeley Packet Filter, and is an extension of BPF now called cBPF. eBPF code is run on a kernel virtual machine and is verified prior its execution. This will let us write code that will run on kernel space without the need to actually create a module, its safer because the code is limited by the kernel JIT compiler that makes sure it will always end.

These features allows the programming of high efficient observability tools as well to be able to load XDP programs that can bypass user space network management tools and run at driver level. Facebook, Google and other companies are taking advantage of this, and have been creating LoadBalancers, Intrusion detection systems, as well Kubernetes network and monitoring solutions.

Why I want to learn this ?

First of all because of curiosity. This tool seems really powerful and let me understand on a better way how kernel and networking works on linux, even if I’m not writting kernel subsystems or modules I think this can help me leverage my general understanding of the kernel and different stacks.

Following this idea, I currently work and manage with several kubernetes clusters and I develop tooling and solutions for cloud native applications, there are several solutions and many companies have done a tremendous amount of work to solve and develop great tools. But even when you have at your hand amazing opensource tools you end up having specific use cases that only make sense for your business and it’s imperative to extend or develop your own solutions and tooling. Understanding what others have done and being able to read opensource code is essential in this endeavor, so knowing ebpf and xdp is crucial to be able to fulfil part of my daily job, if not today it will be in the future.

XDP Tutorial, setting up environment

I found this tutorial: https://github.com/xdp-project/xdp-tutorial that provides an easy start and tooling to create an environment to test on linux without the need to write your own namespace network scripts. I really like it and I started to follow it. However any linux distribution would work, I decided to use a Fedora 34 vm with Vagrant, so if I mess with networking I don’t lose internet connectivity.

# -*- mode: ruby -*-
# vi: set ft=ruby :

VAGRANTFILE_API_VERSION = "2"

$bootstrap=<<SCRIPT
dnf install make glibc-devel.i686 elfutils-libelf-devel wget tar vim tmux jq systemtap-sdt-devel clang ccls bcc strace kernel-devel ccls -y && dnf upgrade -y && reboot
SCRIPT

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
    ipv4 = "192.168.33.10"
    config.vm.define "xdp-tutorial" do |fedora|
        fedora.vm.box = "fedora/34-cloud-base"
        fedora.vm.box_version = "34.20210423.0"
        net_index = 1
        fedora.vm.hostname = "bpfbook"
        fedora.vm.provider "virtualbox" do |vb|
            vb.customize ["modifyvm", , "--memory", "1024"]
        end
      fedora.vm.synced_folder ".", "/vagrant", "rsync", ".git/"
        fedora.vm.provider "libvirt" do |lv|
            lv.memory = 1024
        end
        fedora.vm.network , "#{ipv4}"
        fedora.vm.provision , $bootstrap,  => "#{ipv4}"
    end
end

Clone the the xdp tutorial repo on the same directory where your Vagrantfile is located, I personally created a submodule because I created a git repo to keep track of my work.

$ mkdir xdp_tutorial
$ git init
$ git add Vagrantfile
$ git submodule add git@github.com:xdp-project/xdp-tutorial.git
$ git submodule init --recursive
$ git commit -m "First Commit"

Last words and spoiler alert.

I will be posting my discoveries, experiences and evidently my solutions. Use this to compare and please comment your solutions as well, be thoughtful or at least not too mean with my code, I don’t code C on daily basis. `