It's possible with XVP to do bare metal package processing at the lowest point in the software
stack before the kernel, kernel network stack and this is make it ideal for speed.
At the end of execution of the XDP program it should return a code.
There is three possible choices.
XDP pass, let's say the packet pass to the normal flow in the network kernel stack or
XDP drop or abort to drop all the packet and so this is invisible to the normal stack
or XDP TX or redirect to send the packet away to another destination.
Let's see the most basic possible program XDP program that is this one that all it does
is just return XDP pass so the normal flow of the packet is preserved.
To compile XDP program we use a clang with the target BPF option so this is for example
to compile the previous program and after we can load the program to a network interface
using the XDP loader that is a command provided by XDP tools.
If we replace on the previous program that one the XDP pass with XDP drops all the coming
packages will be dropped.
As I said this all will happen before the normal kernel network stack so this program
this packet will completely invisible to the normal stack for example from TCP dump.
Fortunately for debugging it's we can use XDP dump that permits you view what the XDP
programs are doing with the packet and check what is the protocol if it is IPv4 than 8
we check if it is ECMP line 12 and after we access the previous map and add one to the
value.
The next step obviously is reading this data from the user space so we can access the
map with a syscall and read all the map.
Here we need a loop because for performance each core on the HCPU on the system have a
different map, a different copy of the map so we need to loop and some of them but it's
quite easy to access and communicate from user space to a BPF kernel space program.
Obviously we need to redirect packet if we want to do some nonbalancing so to redirect
packet we use XDP ticks or XDP redirect return code.
Before redirect we need to change value of the packet for example in TCP samples is very
easy we just swap the source MAC address and the destination source address so when we
return the XDP code the packets will be redirected to the other machine we selected.
Another important optimization to do on the load balancing is using direct server return
so all the servers send their response directly to the user without going another time to
the load balancer.
To do this load balancer and server must share the same from the group of the canned server
if the server was the first one the new direct the new request go to the second one and so
in this case unfortunately we break connection for example if a server goes online but if
we remove on the case that the server wasn't on the first choice all the packets continue
to go to the same score so if we remove not the first one but the other ones there is
no problem for render washing instead in many cases the ashing completely changes if we
change the set of server and all the connection blocks and only one or all of the servers.
This is all interesting but it will be really nice if we can load balancing do load balancing
without load balancer.
For doing this we can exploit we can leverage the ACMP routing feature that the routers
have.
Equal cost multi-path routing is designed for split traffic designated as single EP across
multiple links of equal cost but we can use it to split the traffic between server if
all the server announce the same EP and in this case the router blissfully redirects the
packet to all the server without knowing that is not one but end server that receive packages.
So we can go from a normal this normal architecture with a load balancer between a server and
router to a complete distributed load balancer where the package are distributed using ACMP.
So the ACMP is really useful for high performance load balancer and using optimization like
direct server return we can also increase the throughput.
To redirect all the package to the same backend server we need to use a consistent ashing
algorithm and it's possible to leverage the ACMP routing available in routers to distribute
packets between server and deploy the load balancer directly to the backend server without
the dedicated machine.
All the code that I developed is available open to the public city and there is also
a link to my thesis all in Italian fortunately where I examine all the available load balancers
in the market and all I explain all with more or less briefly let's say like 70 pages.
Thank you for your attention.
Thanks for the talk.
Thanks for the talk and I have one question.
Is it possible in XDP to inspect the source the data in the packets so you can just.
Yeah you can impact the packet quite really easy.
Here we have only the protocol and the protocol and which type of packet it is but it's possible
to go more inside the packet to examine all the packets.
Okay and the second part of this question is it wise to do it like from the.
Good but yeah.
Sorry guys if you leave the room please leave from the door over there.
Wait until he's over.
Thank you.
Thank you.