Kernel Bypass
Why Bypass The Kernel
Kernel Stack of Networking Related Process
Packet procesing in software requires very tight bounds on the time spent procesing each packet. On general purpose operating systems the network stacks are typically optimised for flexibility, which means they perform too many operations per packet to be able to keep up with high packet rates.Programmable packet processing is increasingly implemented using kernel bypass techniques, where a userspace application takes complete control of the networking hardware to avoid expensive context switches between kernel and userspace.
Toolkits like Intel’s Data Plane Development Kit (DPDK), byypass the operating system completely, instead passing control of the network hardware directly to the network application and dedicating one, or several, CPU cores exclusively to packet processing. The drawback of this method is increased of complexity and blurs security boundaries otherwise enforced by operating system kernel. This is problematic as infrasturcture moves towards container-based workloads coupled with orchestration systems, where the kernel plays a dominant role in resource abstratcion and isolation.
As an alternative to the kernel bypass design, Borkmann et. al. [1] present a system that adds programmability directly in the operating system Networking Stack in a cooperative way. This make it is possible to perform high-speed packet processing that integraties seamlessly with existing systems, while levearging functionality in the operating system.
Data Plane Development Kit (DPDK)
Kernel Stack of Networking Related Process
Open Virtual Switch (OVS)
BPF
XDP
Kernel Stack of Networking Related Process
References