Open-source IO visor eBPF-based packet tracing on multiple network interfaces of Linux boxes

Nam, Taekho; Kim, Jong-Won

doi:10.1109/ictc.2017.8190996

Cited by 7 publications

(4 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The creation of programmable data plane monitoring programs in-kernel led many researchers to investigate the effects, in terms of both performance improvement/degradation [7] and programmability/feasibility [8], of adopting eBPFbased solution to replace state-of-the-art approaches and monitoring functions. In fact, not only communities [9], [10] and open-source frameworks for observability (e.g., Cilium 1 ) constantly grow, but also many companies including Google, Microsoft, Facebook, Cloudfare 2 , and Sysdig 3 re-designed an optimised version of many applications in eBPF, such as firewalls, load-balancers, and more. For instance, in [11] authors use eBPF to efficiently replace iptables 4 , a well-known firewall and traffic management tool for Linux systems.…”

Section: A Ebpf-based Applications and Approachesmentioning

confidence: 99%

A Control Plane Enabling Automated and Fully Adaptive Network Traffic Monitoring With eBPF

2022

View full text Add to dashboard Cite

The extended Berkeley Packet Filter (eBPF) enables the dynamic injection of user-defined processing logic at run-time in the Linux networking stack without disrupting any active monitoring process. This enables the selective extraction of only the traffic features that are needed in a given instant of time, which is what we define fully adaptive network traffic monitoring. However, eBPF programs require adhoc control plane routines for each specific scenario in order to orchestrate the underlying data plane and export the required metrics, resulting in potentially duplicated source codes to maintain, and creating the risk of deploying, at runtime, unverified user-defined code that controls the devices running the monitoring process. This paper presents a control plane that automatically adapts both its management tasks and data extraction methodologies based on the underlying data plane provided by the user, who can merely focus on the monitoring logic definition. The paper evaluates the performance of the control plane's modules and demonstrates the advantages, in terms of processing speed and memory consumption, of a fullyadaptive monitoring approach with respect to nProbe (a state-of-the-art solution), an adaptive and a nonadaptive methodology in eBPF. Experiments prove that the control plane monitoring functionalities do not significantly affect the underlying data plane (0.15% degraded throughput) and leverage the most efficient extraction primitives (20x faster execution time), and show that the fully-adaptive monitoring leads to a higher number of processed packets (10x) and significantly lower memory occupancy (10x) when extracting the smallest set of features.

show abstract

Section: A Ebpf-based Applications and Approachesmentioning

confidence: 99%

A Control Plane Enabling Automated and Fully Adaptive Network Traffic Monitoring With eBPF

2022

View full text Add to dashboard Cite

show abstract

“…Then, to access the packet, the eBPF program uses a pointer to sk buff, and not xdp buff, which is not in the kernel. Nonetheless, the primary goal of these frameworks is to perform efficient switching, traffic classification [7], virtualized networks [8], [9], routing, traffic generation or communication optimization [10]. For instance, in [11] the main technical contribution of the authors is to show how this nascent technology can be used to not only build in-kernel programmable VNFs but also how to interconnect them on a single system.…”

Section: Background and Related Workmentioning

confidence: 99%

“…Each of them runs over the last long-term support version of nodejs (v10) in a Docker container. The reference implementation of the protocols is in github 8 . This is a JavaScript implementation of an Interledger connector.…”

Section: A Interledger Connectormentioning

confidence: 99%

The rise of eBPF for non-intrusive performance monitoring

Cassagnes

Trestioreanu

Joly

et al. 2020

NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium

View full text Add to dashboard Cite

In this paper, we explain that container engines are strengthening their isolation mechanisms. Therefore, nonintrusive monitoring becomes a must-have for the performance analysis of containerized user-space application in production environments. After a literature review and background of Linux subsystems and container isolation concepts, we present our lessons learned of using the extended Berkeley packet filter to monitor and profile performance. We carry out the profiling and tracing of several Interledger connectors using two full-fledged implementations of the Interledger protocol specifications.

show abstract

“…As mentioned in the requirements section, we required a special visibility agent that should collect the network packets from each network interface of SmartX box. IO Visor [37] is an open-source project designed to accelerate the innovation, development, and sharing of virtualized kernel input/output (I/O) services for networking, security, and tracing. It extends the networking capabilities based on extended Berkeley packet filter (eBPF) [38], which exists in the Linux upstream kernel version 4.x or later.…”

Section: Network Packet-precise Collectionmentioning

confidence: 99%

SmartX Multi-View Visibility Framework with Flow-Centric Visibility for SDN-Enabled Multisite Cloud Playground

Rathore

Kim

2019

Applied Sciences

Self Cite

View full text Add to dashboard Cite

Modern information communication technologies (ICT) infrastructures are getting complicated to cope with the various demands needed to accommodate the emerging technology paradigms such as cloud, software-defined networking (SDN), and internet of things (IoT). Visibility is essential for the effective operation of such modern ICT infrastructures to easily pinpoint server faults, network bottlenecks, and application performance troubles. Even though many conventional monitoring solutions are now available, multi-layer visibility is still limited when operating such complicated infrastructures. To address this particular limitation, a futuristic multi-layer visibility framework denoted as SmartX multi-view visibility framework (MVF), is proposed for unifying the visibility of underlay, physical and virtual resources, flow, and workload layers. To unify multi-layer visibility, this paper presents a comprehensive extension of SmartX MVF with flow-centric visibility for simultaneously monitoring physical-virtual resources, flows classification, and visualization to eventually assist secured operation of SDN-enabled multisite cloud infrastructure. Flow-centric visibility design has five main components (1) a lightweight network packets-precise flows visibility collection component, (2) a visibility data aggregation and tagging component, (3) a multi-layer visibility data integration component, (4) a non-learning-based network packets flows classification component, and (5) a visualization component. Furthermore, a prototype implementation of SmartX MVF with flow-centric visibility is deployed in an SDN-enabled multisite cloud playground to verify the proposed multi-view visibility of fine-grained flow-aware physical-virtual resources.

show abstract

Open-source IO visor eBPF-based packet tracing on multiple network interfaces of Linux boxes

Cited by 7 publications

References 1 publication

A Control Plane Enabling Automated and Fully Adaptive Network Traffic Monitoring With eBPF

A Control Plane Enabling Automated and Fully Adaptive Network Traffic Monitoring With eBPF

The rise of eBPF for non-intrusive performance monitoring

SmartX Multi-View Visibility Framework with Flow-Centric Visibility for SDN-Enabled Multisite Cloud Playground

Contact Info

Product

Resources

About