Popis: |
eBPF je nova tehnologija, ki omogoča izvajanje programov v jedru Linux, brez potrebe po spreminjanju izvorne kode jedra oz. nalaganju jedrnega modula. Obljublja varno in zmogljivo sledenje procesom, filtriranje sistemskih klicev in procesiranje omrežnih paketov. Obdelava velike količine omrežnih paketov na omrežnih usmerjevalnikih je zelo obremenjujoča za CPE, zato si za zmanjšanje obremenitve procesorja lahko pomagamo z raznimi pospeševalniki. Tehnologija XDP eBPF-programom omogoča dostop do omrežnih paketov v najnižji možni točki jedra. Na papirju se zato zdi kot idealna rešitev za implementacijo pospeševalnika posredovanja paketov, posredovanja, ki ga opravlja omrežni usmerjevalnik. Cilj tega diplomskega dela je torej preveriti, ali tehnologija XDP tudi v praksi omogoča funkcionalno in učinkovito implementacijo takega pospeševalnika. Najprej smo nekaj besed namenili tehničnemu povzetku tehnologije eBPF in analizirali delovanje sklada TCP/IP jedra Linux, ko usmerja omrežne pakete. Opisali smo koncept pospeševalnika posredovanja paketov in razložili njegovo delovanje s pregledom obstoječega pospeševalnika SFE. Nato smo se posvetili lastni implementaciji pospeševalnika v tehnologiji XDP, opisali vse težave, na katere smo naleteli in razložili njihove rešitve. Nekaj besed smo namenili tudi možnim izboljšavam našega izdelka. Na koncu smo zmogljivost in učinkovitost končne implementacije v tehnologiji XDP primerjali s pospeševalnikom SFE in s skladom TCP/IP jedra Linux. Pridobljene rezultate smo prikazali in so dokaz, da je naš izdelek zaradi pametne uporabe tehnologij eBPF in XDP funkcionalen, učinkovit ter zmogljiv, prav tako pa je v tem boljši od pospeševalnika SFE oz. sklada TCP/IP. eBPF is a new technology that allows programs to run in the Linux kernel without the need to modify the kernel's source code or load a kernel module. It promises secure and efficient tracking of processes, filtering of system calls and processing of network packets. Processing a large volume of network packets on network routers is a very CPE-intensive process, so we can help reduce processor load with various accelerators. The XDP technology allows eBPF programs access to network packets at the lowest possible point in the kernel. On paper it seems like the ideal solution for implementing a packet forwarding accelerator, forwarding which is usually performed by the network router. The goal of this thesis is therefore to examine whether XDP also allows functional and efficient implementation of such an accelerator in practice. First, we dedicated a few words to a technical summary of the eBPF technology and analyzed the operation of the Linux TCP/IP stack when it routes network packets. We described the concept of a packet forwarding accelerator and explained its operation by reviewing an existing accelerator SFE. Then we focused on our own implementation of the accelerator in XDP technology, described all the problems we encountered and explained their solutions. We also dedicated a few words to possible improvements of our product. Finally, we compared the performance and efficiency of the final XDP implementation with the SFE accelerator and the Linux kernel itself. The results obtained are presented and are evidence that our product is functional, efficient and powerful, due to the smart use of eBPF and XDP technologies and is also better than the SFE accelerator or the Linux TCP/IP stack. |