OVS kernel module has been widely used and served in various Linux distributions. Developers usually find the kernel upstream process to be time consuming, since it is generally hard to develop new features in complicated and high quality kernel code base. Moreover, in order to provide feature parity in different distributions, OVS developers constantly spend quite a lot of efforts to backport new features in upstream kernel to various distro kernels. An emerging technology, eBPF, comes into the picture as an alternative to implement OVS features in kernel which may resolve the aforementioned issues.
eBPF, extended Berkeley Packet Filter, is an expressive in-kernel virtual machine that has been included in Linux kernel since version 3.18. eBPF provides a safe and flexible way to run user provided program in the kernel on several hook points. For the network specific usage, we can load eBPF programs with tc (traffic control) and XDP (eXpress Data Path). With this technology, we can implement OVS datapath functionalities in eBPF program.
In this talk, we would like to share our exploration on the feasibility of implementing OVS datapath in eBPF through tc hook point. We first introduce the three core functionalities that handle received packets: (1) extract flow key by packet parsing; (2) flow lookup in the bpf map and (3) action executions through tail calls. Around them, we built eBPF datapath infrastructure to support bpf program loading, upcalls on flow miss, flow translation, flow installation and flow revalidate. We also highlights some of the challenges that we overcome on eBPF limitation, for example, the lack of TLV support led us to redefine a binary kernel-user API using a fixed-length array; and without a dedicated way to execute a packet, we created a dedicated device for user to kernel packet transmission, with a different BPF program attached to handle packet execute logic. Furthermore, we provide updates on our ongoing works on the megaflow and connection tracking design. Finally, we will demonstrate our eBPF datapath with VMWare’s NSX-T and OVN use cases.
