From: Thomas Graf <tgraf@suug.ch>
To: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: Florian Westphal <fw@strlen.de>, netdev@vger.kernel.org
Subject: Re: [flamebait] xdp, well meaning but pointless
Date: Thu, 1 Dec 2016 17:28:14 +0100 [thread overview]
Message-ID: <20161201162814.GA31300@pox.localdomain> (raw)
In-Reply-To: <7e2be2fc-7c04-b333-59c7-43d4fcfcb451@stressinduktion.org>
On 12/01/16 at 04:52pm, Hannes Frederic Sowa wrote:
> First of all, this is a rant targeted at XDP and not at eBPF as a whole.
> XDP manipulates packets at free will and thus all security guarantees
> are off as well as in any user space solution.
>
> Secondly user space provides policy, acl, more controlled memory
> protection, restartability and better debugability. If I had multi
> tenant workloads I would definitely put more complex "business/acl"
> logic into user space, so I can make use of LSM and other features to
> especially prevent a network facing service to attack the tenants. If
> stuff gets put into the kernel you run user controlled code in the
> kernel exposing a much bigger attack vector.
>
> What use case do you see in XDP specifically e.g. for container networking?
DDOS mitigation to protect distributed applications in large clusters.
Relying on CDN works to protect API gateways and frontends (as long as
they don't throw you out of their network) but offers no protection
beyond that, e.g. a noisy/hostile neighbour. Doing this at the server
level and allowing the mitigation capability to scale up with the number
of servers is natural and cheap.
> > I agree with you if the LB is a software based appliance in either a
> > dedicated VM or on dedicated baremetal.
> >
> > The reality is turning out to be different in many cases though, LB
> > needs to be performed not only for north south but east west as well.
> > So even if I would handle LB for traffic entering my datacenter in user
> > space, I will need the same LB for packets from my applications and
> > I definitely don't want to move all of that into user space.
>
> The open question to me is why is programmability needed here.
>
> Look at the discussion about ECMP and consistent hashing. It is not very
> easy to actually write this code correctly. Why can't we just put C code
> into the kernel that implements this once and for all and let user space
> update the policies?
Whatever LB logic is put in place with native C code now is unlikely the
logic we need in two years. We can't really predict the future. If it
was the case, networking would have been done long ago and we would all
be working on self eating ice cream now.
> Load balancers have to deal correctly with ICMP packets, e.g. they even
> have to be duplicated to every ECMP route. This seems to be problematic
> to do in eBPF programs due to looping constructs so you end up with
> complicated user space anyway.
Feel free to implement such complex LBs in user space or natively. It is
not required for the majority of use cases. The most popular LBs for
application load balancing have no idea of ECMP and require ECMP aware
routers to be made redundant itself.
next prev parent reply other threads:[~2016-12-01 16:28 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-01 9:11 [flamebait] xdp, well meaning but pointless Florian Westphal
2016-12-01 13:42 ` Hannes Frederic Sowa
2016-12-01 14:58 ` Thomas Graf
2016-12-01 15:52 ` Hannes Frederic Sowa
2016-12-01 16:28 ` Thomas Graf [this message]
2016-12-01 20:44 ` Hannes Frederic Sowa
2016-12-01 21:12 ` Tom Herbert
2016-12-01 21:27 ` Hannes Frederic Sowa
2016-12-01 21:51 ` Tom Herbert
2016-12-02 10:24 ` Jesper Dangaard Brouer
2016-12-02 11:54 ` Hannes Frederic Sowa
2016-12-02 16:59 ` Tom Herbert
2016-12-02 18:12 ` Hannes Frederic Sowa
2016-12-02 19:56 ` Stephen Hemminger
2016-12-02 20:19 ` Tom Herbert
2016-12-02 18:39 ` bpf bounded loops. Was: [flamebait] xdp Alexei Starovoitov
2016-12-02 19:25 ` Hannes Frederic Sowa
2016-12-02 19:42 ` John Fastabend
2016-12-02 19:50 ` Hannes Frederic Sowa
2016-12-03 0:20 ` Alexei Starovoitov
2016-12-03 9:11 ` Sargun Dhillon
2016-12-02 19:42 ` Hannes Frederic Sowa
2016-12-02 23:34 ` Alexei Starovoitov
2016-12-04 16:05 ` [flamebait] xdp Was: " Hannes Frederic Sowa
2016-12-06 3:05 ` Alexei Starovoitov
2016-12-06 5:08 ` Tom Herbert
2016-12-06 6:04 ` Alexei Starovoitov
2016-12-05 16:40 ` Edward Cree
2016-12-05 16:50 ` Hannes Frederic Sowa
2016-12-05 16:54 ` Edward Cree
2016-12-06 11:35 ` Hannes Frederic Sowa
2016-12-01 16:06 ` [flamebait] xdp, well meaning but pointless Florian Westphal
2016-12-01 16:19 ` David Miller
2016-12-01 16:51 ` Florian Westphal
2016-12-01 17:20 ` Hannes Frederic Sowa
[not found] ` <CALx6S35R_ZStV=DbD-7Gf_y5xXqQq113_6m5p-p0GQfv46v0Ow@mail.gmail.com>
2016-12-01 18:02 ` Tom Herbert
2016-12-02 17:22 ` Jesper Dangaard Brouer
2016-12-03 16:19 ` Willem de Bruijn
2016-12-03 19:48 ` John Fastabend
2016-12-05 11:04 ` Jesper Dangaard Brouer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161201162814.GA31300@pox.localdomain \
--to=tgraf@suug.ch \
--cc=fw@strlen.de \
--cc=hannes@stressinduktion.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).