Re: [bpf-next v3 8/9] bpf: Provide helper to do forwarding lookups in kernel FIB table

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jesper Dangaard Brouer <brouer@redhat.com>
To: David Ahern <dsahern@gmail.com>
Cc: netdev@vger.kernel.org, borkmann@iogearbox.net, ast@kernel.org,
	davem@davemloft.net, shm@cumulusnetworks.com,
	roopa@cumulusnetworks.com, toke@toke.dk,
	john.fastabend@gmail.com, brouer@redhat.com
Subject: Re: [bpf-next v3 8/9] bpf: Provide helper to do forwarding lookups in kernel FIB table
Date: Thu, 10 May 2018 09:31:58 +0200	[thread overview]
Message-ID: <20180510093158.08a7ed4b@redhat.com> (raw)
In-Reply-To: <20180510033427.20756-9-dsahern@gmail.com>

On Wed,  9 May 2018 20:34:26 -0700
David Ahern <dsahern@gmail.com> wrote:

> Provide a helper for doing a FIB and neighbor lookup in the kernel
> tables from an XDP program. The helper provides a fastpath for forwarding
> packets. If the packet is a local delivery or for any reason is not a
> simple lookup and forward, the packet continues up the stack.
> 
> If it is to be forwarded, the forwarding can be done directly if the
> neighbor is already known. If the neighbor does not exist, the first
> few packets go up the stack for neighbor resolution. Once resolved, the
> xdp program provides the fast path.
> 
> On successful lookup the nexthop dmac, current device smac and egress
> device index are returned.
> 
> The API supports IPv4, IPv6 and MPLS protocols, but only IPv4 and IPv6
> are implemented in this patch. The API includes layer 4 parameters if
> the XDP program chooses to do deep packet inspection to allow compare
> against ACLs implemented as FIB rules.
> 
> Header rewrite is left to the XDP program.
> 
> The lookup takes 2 flags:
> - BPF_FIB_LOOKUP_DIRECT to do a lookup that bypasses FIB rules and goes
>   straight to the table associated with the device (expert setting for
>   those looking to maximize throughput)
> 
> - BPF_FIB_LOOKUP_OUTPUT to do a lookup from the egress perspective.
>   Default is an ingress lookup.
> 
> Initial performance numbers collected by Jesper, forwarded packets/sec:
> 
>        Full stack    XDP FIB lookup    XDP Direct lookup
> IPv4   1,947,969       7,074,156          7,415,333
> IPv6   1,728,000       6,165,504          7,262,720
> 

The "Full stack" tests were with netfilter modules unloaded.  Default
setting with netfilter conntrack loaded and default Fedora firewall
rules, show around 700Kpps.

> These number are single CPU core forwarding on a Broadwell
> E5-1650 v4 @ 3.60GHz.
> 
> Signed-off-by: David Ahern <dsahern@gmail.com>

Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>

This helper is awesome, as it really shows how XDP is meant to work in
concert and cooperate with the existing network stack.

-- 
Best regards,
  Jesper Dangaard Brouer
  MSc.CS, Principal Kernel Engineer at Red Hat
  LinkedIn: http://www.linkedin.com/in/brouer

next prev parent reply	other threads:[~2018-05-10  7:32 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-10  3:34 [bpf-next v3 0/9] bpf: Add helper to do FIB lookups David Ahern
2018-05-10  3:34 ` [bpf-next v3 1/9] net/ipv6: Rename fib6_lookup to fib6_node_lookup David Ahern
2018-05-10  3:34 ` [bpf-next v3 2/9] net/ipv6: Rename rt6_multipath_select David Ahern
2018-05-10  3:34 ` [bpf-next v3 3/9] net/ipv6: Extract table lookup from ip6_pol_route David Ahern
2018-05-10  3:34 ` [bpf-next v3 4/9] net/ipv6: Refactor fib6_rule_action David Ahern
2018-05-10  3:34 ` [bpf-next v3 5/9] net/ipv6: Add fib6_lookup David Ahern
2018-05-10  3:34 ` [bpf-next v3 6/9] net/ipv6: Update fib6 tracepoint to take fib6_info David Ahern
2018-05-10  3:34 ` [bpf-next v3 7/9] net/ipv6: Add fib lookup stubs for use in bpf helper David Ahern
2018-05-10  3:34 ` [bpf-next v3 8/9] bpf: Provide helper to do forwarding lookups in kernel FIB table David Ahern
2018-05-10  7:31   ` Jesper Dangaard Brouer [this message]
2018-05-10  9:09     ` Toke Høiland-Jørgensen
2018-05-10 19:27   ` Mathieu Xhonneux
2018-05-11  6:30     ` David Ahern
2018-05-10  3:34 ` [bpf-next v3 9/9] samples/bpf: Add example of ipv4 and ipv6 forwarding in XDP David Ahern
2018-05-10  7:22   ` Jesper Dangaard Brouer
2018-05-10 23:30 ` [bpf-next v3 0/9] bpf: Add helper to do FIB lookups Daniel Borkmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180510093158.08a7ed4b@redhat.com \
    --to=brouer@redhat.com \
    --cc=ast@kernel.org \
    --cc=borkmann@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=dsahern@gmail.com \
    --cc=john.fastabend@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=roopa@cumulusnetworks.com \
    --cc=shm@cumulusnetworks.com \
    --cc=toke@toke.dk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.