ABSTRACT
While networks have evolved in profound ways, the tools to measure them from end hosts have not kept pace. State-of-the-art tools are ill-suited for elucidating observed network performance impairments and path dynamics, and are susceptible to operational policies of the network. Consequently, the semantic gap between the application-view of network performance vs. actual conditions has resulted in network oblivious (NOOB) systems and applications.
To address this NOOB problem, we examine the Extended Berkeley Packet Filter (eBPF) as a new way to improve the practice of gathering fine-grained network telemetry from the edge. More specifically, by leveraging the safe and efficient in-kernel programming mechanism of eBPF, we design a high-performance telemetry framework called nooBpf with two tools---namely noobprobe and noobflow---to quantify the actual network performance from end hosts and offer unprecedented insights into the flow-level performance, including in-network queuing and routing-induced delays. We illustrate the potential of these two tools to address the NOOB problem through a variety of experiments. The results of our experiments strongly suggest eBPF as a promising foundation for high-performance telemetry and for addressing the NOOB problem.
- A curated list of awesome projects related to eBPF. https://github.com/zoidbergwill/awesome-ebpf. Accessed May 2020.Google Scholar
- Apache cassandra. https://cassandra.apache.org/.Google Scholar
- Apache zookeeper. https://zookeeper.apache.org/.Google Scholar
- bcc Reference Guide. https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md. Accessed May 2020.Google Scholar
- BPF and XDP Reference Guide. http://docs.cilium.io/en/latest/bpf/. Accessed May 2020.Google Scholar
- BPF Compiler Collection (BCC). https://github.com/iovisor/bcc. Accessed May 2020.Google Scholar
- ebpf - extended berkeley packet filter. https://www.iovisor.org/technology/ebpf.Google Scholar
- FAST. https://fast.com. Accessed May 2020.Google Scholar
- Logdevice. https://logdevice.io.Google Scholar
- Ndt (network diagnostic tool). https://www.measurementlab.net/tests/ndt/.Google Scholar
- Adnan Ahmed, Ricky Mok, and Zubair Shafiq. Flowtrace: A framework for active bandwidth measurements using in-band packet trains. In International Conference on Passive and Active Network Measurement, pages 37--51. Springer, 2020.Google ScholarCross Ref
- Samer Al-Kiswany, Suli Yang, Andrea C Arpaci-Dusseau, and Remzi H Arpaci-Dusseau. Nice: Network-integrated cluster-efficient storage. In Proceedings of the 26th International Symposium on High-Performance Parallel and Distributed Computing, pages 29--40, 2017.Google ScholarDigital Library
- Brice Augustin, Xavier Cuvellier, Benjamin Orgogozo, Fabien Viger, Timur Friedman, Matthieu Latapy, Clémence Magnien, and Renata Teixeira. Avoiding traceroute anomalies with Paris traceroute. In Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pages 153--158. ACM, 2006.Google ScholarDigital Library
- Daniel Borkmann. On getting tc classifier fully programmable with cls bpf. 2016.Google Scholar
- Mark Crovella and Balachander Krishnamurthy. Internet measurement: infrastructure, traffic and applications. John Wiley & Sons, Inc., 2006.Google ScholarDigital Library
- Xu Cui, Michael Mior, Bernard Wong, Khuzaima Daudjee, and Sajjad Rizvi. Netstore: Leveraging network optimizations to improve distributed transaction processing performance. In Proceedings of the Second International Workshop on Active Middleware on Modern Hardware, pages 1--10, 2017.Google ScholarDigital Library
- Amogh Dhamdhere, David D Clark, Alexander Gamero-Garrido, Matthew Luckie, Ricky KP Mok, Gautam Akiwate, Kabir Gogia, Vaibhav Bajpai, Alex C Snoeren, and Kc Claffy. Inferring persistent interdomain congestion. In Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication, pages 1--15, 2018.Google ScholarDigital Library
- Dmitry Duplyakin, Robert Ricci, Aleksander Maricq, Gary Wong, Jonathon Duerig, Eric Eide, Leigh Stoller, Mike Hibler, David Johnson, Kirk Webb, Aditya Akella, Kuangching Wang, Glenn Ricart, Larry Landweber, Chip Elliott, Michael Zink, Emmanuel Cecchet, Snigdhaswin Kar, and Prabodh Mishra. The design and operation of CloudLab. In Proceedings of the USENIX Annual Technical Conference (ATC), pages 1--14, July 2019.Google Scholar
- Ramesh Govindan and Vern Paxson. Estimating router ICMP generation delays. In Passive & Active Measurement (PAM), 2002.Google Scholar
- Brendan Gregg. Linux Extended BPF (eBPF) Tracing Tools. http://www.brendangregg.com/ebpf.html. Accessed May 2020.Google Scholar
- Toke Høiland-Jørgensen, Jesper Dangaard Brouer, Daniel Borkmann, John Fastabend, Tom Herbert, David Ahern, and David Miller. The eXpress data path: fast programmable packet processing in the operating system kernel. In Proceedings of the 14th International Conference on emerging Networking EXperiments and Technologies, pages 54--66. ACM, 2018.Google ScholarDigital Library
- Van Jacobson. Pathchar: A tool to infer characteristics of Internet paths, 1997.Google Scholar
- Sangeetha Abdu Jyothi, Sayed Hadi Hashemi, Roy Campbell, and Brighten Godfrey. Towards an application objective-aware network interface. In 12th {USENIX} Workshop on Hot Topics in Cloud Computing (HotCloud 20), 2020.Google Scholar
- Baber Khalid, Nolan Rudolph, Ramakrishnan Durairajan, and Sudarsun Kannan. Micromon: A monitoring framework for tackling distributed heterogeneity. In 12th {USENIX} Workshop on Hot Topics in Storage and File Systems (HotStorage 20), 2020.Google Scholar
- Bingdong Li, Jeff Springer, George Bebis, and Mehmet Hadi Gunes. A survey of network flow applications. Journal of Network and Computer Applications, 36(2):567--581, 2013.Google ScholarDigital Library
- Matthew Luckie, Amogh Dhamdhere, David Clark, Bradley Huffaker, et al. Challenges in inferring internet interdomain congestion. In Proceedings of the 2014 Conference on Internet Measurement Conference, pages 15--22. ACM, 2014.Google ScholarDigital Library
- Matthew Luckie, Young Hyun, and Bradley Huffaker. Traceroute probe method and forward IP path inference. In Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, pages 311--324. ACM, 2008.Google ScholarDigital Library
- Steven McCanne and Van Jacobson. The BSD Packet Filter: A New Architecture for User-level Packet Capture. In Proceedings of the Usenix Winter, 1993.Google Scholar
- Chris Misa, Ramakrishnan Durairajan, Reza Rejaie, and Walter Willinger. Revisiting network telemetry in coin: A case for runtime programmability. IEEE Network, 35(5):14--20, 2021.Google ScholarDigital Library
- Ivan Morandi, Francesco Bronzino, Renata Teixeira, and Srikanth Sundaresan. Service Traceroute: Tracing Paths of Application Flows. In International Conference on Passive and Active Network Measurement, pages 116--128. Springer, 2019.Google Scholar
- Vern Paxson, Jamshid Mahdavi, Andrew Adams, and Matt Mathis. An architecture for large scale internet measurement. IEEE Communications Magazine, 36(8):48--54, 1998.Google ScholarDigital Library
- Cristel Pelsser, Luca Cittadini, Stefano Vissicchio, and Randy Bush. From Paris to Tokyo: On the suitability of ping to measure latency. In Proceedings of the 2013 conference on Internet measurement conference, pages 427--432. ACM, 2013.Google ScholarDigital Library
- Diana Popescu, Noa Zilberman, and Andrew Moore. Characterizing the impact of network latency on cloud-based applications' performance. 2017.Google Scholar
- Rob Sherwood and Neil Spring. Touring the Internet in a TCP sidecar. In Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pages 339--344. ACM, 2006.Google ScholarDigital Library
- J. Sommers and P. Barford. An active measurement system for shared environments. In Proceedings of ACM SIGCOMM Internet Measurement Conference, October 2007.Google ScholarDigital Library
- Joel Sommers and Ramakrishnan Durairajan. Elf: High-performance in-band network measurement. In IFIP Network Traffic Measurement and Analysis Conference, 2021.Google Scholar
- Srikanth Sundaresan, Mark Allman, Amogh Dhamdhere, and Kc Claffy. TCP congestion signatures. In Proceedings of the 2017 Internet Measurement Conference, pages 64--77. ACM, 2017.Google ScholarDigital Library
- Srikanth Sundaresan, Xiaohong Deng, Yun Feng, Danny Lee, and Amogh Dhamdhere. Challenges in inferring internet congestion using throughput measurements. In Proceedings of the 2017 Internet Measurement Conference, pages 43--56. ACM, 2017.Google ScholarDigital Library
- Hatem Takruri, Ibrahim Kettaneh, Ahmed Alquraan, and Samer Al-Kiswany. {FLAIR}: Accelerating reads with consistency-aware network routing. In 17th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 20), pages 723--737, 2020.Google Scholar
- Alex FR Trajano and Marcial P Fernandez. Two-phase load balancing of in-memory key-value storages using network functions virtualization (nfv). Journal of Network and Computer Applications, 69:1--13, 2016.Google ScholarDigital Library
- Bahador Yeganeh, Ramakrishnan Durairajan, Reza Rejaie, and Walter Willinger. A first comparative characterization of multi-cloud connectivity in today's internet. In Passive and Active Measurement: 21st International Conference, PAM 2020, Eugene, Oregon, USA, March 30--31, 2020, Proceedings 21, pages 193--210. Springer, 2020.Google Scholar
- Bahador Yeganeh, Ramakrishnan Durairajan, Reza Rejaie, and Walter Willinger. A case for performance- and cost-aware multi-cloud overlays. In In Proceedings of IEEE International Conference on Cloud Computing, Illinois, USA, 2023.Google ScholarCross Ref
Index Terms
- Schooling NOOBs with eBPF
Recommendations
On Integrating eBPF into Pluginized Protocols
eBPF is a popular technology originating from the Linux kernel that enables safely running user-provided programs in a kernel-context. This technology opened the door for efficient programming in the operating system, especially in its network stack. ...
Understanding the Security of Linux eBPF Subsystem
APSys '23: Proceedings of the 14th ACM SIGOPS Asia-Pacific Workshop on SystemsLinux eBPF allows a userspace application to execute code inside the Linux kernel without modifying the kernel code or inserting a kernel module. An in-kernel eBPF verifier pre-verifies any untrusted eBPF bytecode before running it in kernel context. ...
Fast In-kernel Traffic Sketching in eBPF
The extended Berkeley Packet Filter (eBPF) is an infrastructure that allows to dynamically load and run micro-programs directly in the Linux kernel without recompiling it.
In this work, we study how to develop high-performance network measurements in ...
Comments