Netdev Review: eBPF as a Multi-Purpose Tool for Programmable Networks

By Quentin Monnet | Nov 28, 2017

The 2.2 edition of the Netdev conference took place in Seoul, South Korea, in early November. The previous edition was covered by Nic on this blog, but he is too busy offloading JITted programs right now, so I will steal the spotlight this time around.

The Netdev conference keeps growing and attracting new developers. Around 170 attendees were present, coming from more countries than ever before. However, this remains an extremely technical conference, where everyone comes not to buy new features, but to discuss their implementation in the Linux network stack instead. Netronome continues to be deeply involved in Netdev. The company regularly sponsors the event and takes an active part in its organization. We presented two talks and took part in two expert panels. And with a total of six attendees from the company, we were well represented during the event!

And thus, with so many eyes and ears, we could assist and present on all the latest developments in the Linux networking subsystem. Split between two tracks, the conference covered work on a broad range of kernel functionalities, but some trends should be distinguished.

eBPF (extended Berkeley Packet Filter), for example, has been receiving a fair amount of interest over the past few conferences. Its design, rather than its implementation, was discussed over and over again in prior instances. But this time, attention was given to “using” eBPF and XDP (eXpress Data Path). We do not have industrial use cases yet, however, eBPF is spreading to other components of the kernel. Used with Netem, XDP provides “XNetem,” an accelerated framework for testing TCP flows under various traffic conditions. In another presentation, some parts of the XDP architecture were envisioned to be merged with the future “AF_PACKET v4” socket interface, that is supposed to drastically speed up the use of sockets thanks to the “zero-copy” mechanism. Or, eBPF programs could be used to programatically update TCP parameters, such as contention window size, and improve Explicit Congestion Notification (ECN). XDP used as a replacement for tap, in addition to other mechanisms, can also improve virtual machine networking performance. Another talk focused on “demystifying” XDP and provided hints for the new users, insisting on userspace debugging utilities such as the new bpftool created by Netronome. Interaction with hardware was also approached, either in relation with “hardware-based hints” to speed up metadata processing by collecting data gathered by the NIC, or in yet another talk, by directly offloading the programs to the NIC… Oh wait, but this last one was done by Nic and Jakub from Netronome, of course!

Other recurring topics included ECN, which in addition to fine tuning with eBPF, provided matter to an excellent comparison of the performances provided by the main existing solutions, or even to a specific talk about the AccECN algorithm. Traffic control subsystem also received its usual share of interest, with its own workshop and proposals to increase the rate of insertion of TC rules. One presentation focused on adding support for conntrack to TC, in particular to get conntrack offloaded through TC. And on a closely related topic, Simon Horman presented Netronome’s work on TC “flower” offload, explaining the rationale for offloading and how it’s implemented.

Besides the introduction of new features, some sessions were more oriented towards implementation details in order to gain performances, or simply to get a consensus and move in the right direction. Examples include the work on Multi-PCI socket network devices, or removing the RTNL mutex, or about the status and the planning of extensions for SR-IOV. On the latter topic, a consensus was made to add new features only to the new “switchdev” mode, but was later subject to new discussions on the Netdev mailing list.

Many other topics were covered too, not all of them related to server networking, but undoubtedly interesting all the same: in-kernel VPNs with Wireguard, TLS receive-side crypto offload, efforts to get the latest Linux features on Android older kernels, talks about IPsec or Netfilter or wireless networking, efforts to remove “bloat” code from the WiFi stack or from the main stack in general, testing tools and frameworks… and still some additional presentations not even listed here!

Overall, the Linux networking community is thriving. The conference attracts more and more experts, and so does the kernel. A lot of work is being done to attain high throughput, and to compete in performance with userspace solutions, such as DPDK, while offering a broad range of features. In particular, contributions to eBPF have been increasing to the point that they now stand for about forty percent of the non-driver networking patches! New measures must be taken, such as creating a distinct “bpf” tree for the code (alongside “net” and “net-next”), and maybe one day introducing automatic testing. For our part, we are comforted in our decision to work with eBPF, and to work on offloads: both are topics that attract a lot of attention and of efforts from the community. We are moving further on this road, always in cooperation with the kernel. 

You can find more information about the conference on the Netdev 2.2 conference website. The slides and the videos of the talks will be added to the site shortly. In the meantime, summaries of the talks are available on

I look forward to seeing everyone at the next conference, and until then, I’m going back to assist Nic on his offloads!