The eXpress Data Path: Fast Programmable Packet Processing in the Operating System Kernel

Programmable packet processing is increasingly implemented using kernel bypass  techniques, where a userspace application takes complete control of the  networking hardware to avoid expensive context switches between kernel and  userspace. However, as the operating system is bypassed, so are its  application isolation and security mechanisms; and well-tested configuration,  deployment and management tools cease to function.

To overcome this limitation, we present the design of a novel approach to  programmable packet processing, called the eXpress Data Path (XDP). In XDP,  the operating system kernel itself provides a safe execution environment for  custom packet processing applications, executed in device driver context. XDP  is part of the mainline Linux kernel and provides a fully integrated solution  working in concert with the kernel’s networking stack. Applications are  written in higher level languages such as C and compiled into custom byte code  which the kernel statically analyses for safety, and translates into native  instructions. 

We show that XDP achieves single-core packet processing performance as high as  24 million packets per second, and illustrate the flexibility of the  programming model through three example use cases: layer-3 routing, inline  DDoS protection and layer-4 load balancing.

Authors:
Toke Høiland-Jørgensen (Karlstad University / Red Hat)
Jesper Dangaard Brouer (Red Hat)
Daniel Borkmann (Cilium.io)
John Fastabend (Cilium.io)
Tom Herbert (Quantonium Inc.)
David Ahern (Cumulus Networks)
David Miller (Red Hat)

Published in: ACM CoNEXT ’18, Heraklion, Greece, December 04 – 07, 2018 (open access)

PDF link