A Control Plane Enabling Automated and Fully Adaptive Network Traffic Monitoring With eBPF

Magnani, Simone; Risso, Fulvio; Siracusa, Domenico

doi:10.1109/access.2022.3202644

Cited by 4 publications

(3 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In short, our eBPF solution complements and expands the scope of the works published in [27] and [28] to modern Telco infrastructures running on cloud-native platforms. Our focus is on the application of the eBPF technology, for observability/monitoring, security, and energy, specifically to the latest generation of mobile communication networks deployed on In the high-level logical diagram illustrated in Figure 16, the daemonset (ds) agent, i.e., the Sauron Agent, is deployed on each node in the cluster.…”

Section: ) Ebpf Solutions For Network Observabilitymentioning

confidence: 70%

“…Furthermore, the ideas presented in this paper meet the requirement for fully adaptive and programmable network monitoring. Drawing from similar approaches as described in [28], we propose a highly programmable eBPF solution that allows for efficient, dynamic, and granular monitoring pipelines (i.e., data collection mechanisms) with minimal overhead or impact for Telco networks.…”

Section: ) Ebpf Solutions For Network Observabilitymentioning

confidence: 99%

See 1 more Smart Citation

eBPF: A New Approach to Cloud-Native Observability, Networking and Security for Current (5G) and Future Mobile Networks (6G and Beyond)

Soldani,

Nahi,

Bour

et al. 2023

IEEE Access

Self Cite

View full text Add to dashboard Cite

Modern mobile communication networks and new service applications are deployed on cloudnative platforms. Kubernetes (K8s) is the de facto distributed operating system for container orchestration, and the extended version of the Berkeley Packet Filter (eBPF) -in the Linux (and MS Windows) kernel -is fundamentally changing the approach to cloud-native networking, security, and observability. In this paper, we introduce what eBPF is, its potential for Telco cloud, and review some of the most promising pricing and billing models applied to this revolutionary operating system (OS) technology. These models include schemes based on a data source usage model or the number of eBPF agents deployed on the network, linked to specific eBPF modules. These modules encompass network observability, runtime security, and power dissipation monitoring. Next, we present our eBPF platform, named Sauron in this work, and demonstrate how eBPF allows us to write custom code and dynamically load eBPF programs into the kernel. These programs enable us to estimate the energy consumption of cloud-native functions, derive performance counters and gauges for transport networks, 5G applications, and non-access stratum protocols. Additionally, we can detect and respond to unauthorized access to cloud-native resources in real-time using eBPF. Our experimental results demonstrate the technical feasibility of eBPF in achieving highly performant monitoring, observability, and security tooling for current mobile networks (5G, 5G Advanced) as well as future networks (6G and beyond).

show abstract

Section: ) Ebpf Solutions For Network Observabilitymentioning

confidence: 70%

Section: ) Ebpf Solutions For Network Observabilitymentioning

confidence: 99%

eBPF: A New Approach to Cloud-Native Observability, Networking and Security for Current (5G) and Future Mobile Networks (6G and Beyond)

Soldani,

Nahi,

Bour

et al. 2023

IEEE Access

Self Cite

View full text Add to dashboard Cite

show abstract

“…It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules [9]. Nowadays witnesses the widespread use of eBPF technology in networking [2,[10][11][12][13], observability [14][15][16][17][18], security, etc., due to its security, flexibility, and low overhead. XDP (eXpress Data Path) is a kind of eBPF program, which enables high-performance programmable access to networking packets before they enter the networking stack.…”

Section: Xdp-based Low-overhead Co-design For the Smartnic Traffic Mo...mentioning

confidence: 99%

Efficient traffic monitoring on SmartNICs through XDP co-design

Li,

Liu,

Zhou

2024

Third International Symposium on Computer Applications and Information Systems (ISCAIS 2024)

View full text Add to dashboard Cite

The explosive increase in cloud traffic has put forward higher requirements for network performance. As a key technology, smart network cards(SmartNICs) are of great significance for solving network performance bottlenecks in cloud environments. However, there is currently a lack of effective monitoring methods for the traffic flowing through smart network cards, making it a black box, which is not friendly to ensure the quality of service(QoS) for users. To alleviate it, in this paper, we propose a low-overhead collaborative design for data collection based on XDP in which the XDP program is attached to the VF representor(VF rep) which is the mandatory path for every traffic flow that is about to be offloaded to the SmartNIC to capture the necessary traffic information, and then the OVS command is used to obtain detailed traffic statistics offloaded. The collaborative design not only provides sufficient valuable information for SREs to understand the health status of the network, which is important for the QoS assurance but also has negligible performance overhead due to the inherent low overhead of the XDP program. Experimental results show that the proposed method costs less than 1% latency and throughput overhead to provide the desired information, which demonstrates our method is effective.

show abstract

Information Leakages of Docker Containers: Characterization and Mitigation Strategies

Zuppelli

Repetto

Caviglione

et al. 2023

2023 IEEE 9th International Conference on Network Softwarization (NetSoft)

View full text Add to dashboard Cite

A Control Plane Enabling Automated and Fully Adaptive Network Traffic Monitoring With eBPF

Cited by 4 publications

References 32 publications

eBPF: A New Approach to Cloud-Native Observability, Networking and Security for Current (5G) and Future Mobile Networks (6G and Beyond)

eBPF: A New Approach to Cloud-Native Observability, Networking and Security for Current (5G) and Future Mobile Networks (6G and Beyond)

Efficient traffic monitoring on SmartNICs through XDP co-design

Information Leakages of Docker Containers: Characterization and Mitigation Strategies

Contact Info

Product

Resources

About