Recently, eBPF has become the de-facto standard for Linux observability, allowing people to retrieve runtime information of software running on a server at unprecedented flexibility and granularity. However, the advantages of this technology are not limited only to monitoring and tracing applications. The use of eBPF to implement network functions that go beyond the traditional switching and routing has been demonstrated on different applications such as load balancing (e.g., Facebook Katran), DDoS Mitigation (e.g., Cloudflare L4Drop), container networking (e.g., Cilium) and security (e.g., bpf-iptables), with considerable advantages in terms of portability, resource consumption, development process and integration with the existing services.
However, writing complex network services with eBPF is sometimes complex given the lack of a common framework that provides a useful abstraction to developers to solve common problems or known limitations. Even if a considerable effort is undergoing to improve tools such as BCC or libbpf, it does not (yet) exist a common structure to implement an eBPF-based networking service, which forcibly has to include data as well as control/management planes. Furthermore, the complexity of creating arbitrary service chains with vanilla eBPF is non-negligible. This forces developers to dedicate a considerable amount of time, effort and code to handle tasks that are outside the core operations of the network service they are interested in.
In this talk, we will present Polycube, an open-source software framework based on eBPF, that enables the creation of arbitrary and complex eBPF-based network function chains. Polycube network services have a fixed structure made up of a data plane, responsible for per-packet processing and forwarding, and a control and management plane in charge of the service configuration and other non-dataplane tasks. Moreover, Polycube provides a model-driven service abstraction that is used to automatically generate the internal structure of the service and the REST APIs used to interact with the service itself. We will first show the design and architecture of Polycube together with a detailed description of the APIs and abstractions provided to the developers to simplify the development and instruction between the different services. Finally, we demonstrate, with a small live demo, the practical benefits of the Polycube programming model and the ability to enable the creation of complex networking applications, such as a prototypal CNI provider for Kubernetes.