from the Data Deluge? A case for file filtering in eBPF Giulia Frascaria October 28, 2020 1 The data deluge on modern storage 2 Compute node CPU Network Storage node Flash The data deluge on CPU Network Storage node Flash Data DoS in reverse! 11 Compute node CPU Network Storage node Flash Data So similar yet so different ● DoS is malicious ● Data transfer is business-critical ● We 12 So similar yet so different ● DoS is malicious ● Data transfer is business-critical ● We can blindly drop DoS 13 But could we reduce data transfer size? eBPF filter-reduce 14 Filter Reduce input

Cilium Hubble Important common packages Debugging toFQDNs and DNS Debugging Mutexes / Locks and Data Races Hubble Bumping the vendored Cilium dependency Documentation Style Header Titles Body Code Cilium’s eBPF implementation is optimized for maximum performance, can be attached to XDP (eXpress Data Path), and supports direct server return (DSR) as well as Maglev consistent hashing if the load balancing run BGP Transparent Encryption Host-Reachable Services Kubernetes Without kube-proxy Bandwidth Manager (beta) Kata Containers with Cilium Configuring IPAM modes Local Redirect Policy (beta) BGP (beta)

Cilium Hubble Important common packages Debugging toFQDNs and DNS Debugging Mutexes / Locks and Data Races Hubble Bumping the vendored Cilium dependency Release Management Organization Release tracking Cilium’s eBPF implementation is optimized for maximum performance, can be attached to XDP (eXpress Data Path), and supports direct server return (DSR) as well as Maglev consistent hashing if the load balancing Networking (beta) Transparent Encryption Host-Reachable Services Kubernetes Without kube-proxy Bandwidth Manager (beta) Kata Containers with Cilium Configuring IPAM modes Local Redirect Policy (beta) BGP (beta)

Cilium Hubble Important common packages Debugging toFQDNs and DNS Debugging Mutexes / Locks and Data Races Hubble Bumping the vendored Cilium dependency Release Management Organization Release tracking Cilium’s eBPF implementation is optimized for maximum performance, can be attached to XDP (eXpress Data Path), and supports direct server return (DSR) as well as Maglev consistent hashing if the load balancing Transparent Encryption (stable/beta) Host-Reachable Services Kubernetes Without kube-proxy Bandwidth Manager (beta) Kata Containers with Cilium Configuring IPAM modes Local Redirect Policy (beta) Operations

worker nodes Recommended: Enable PodCIDR allocation (--allocate-node-cidrs) in the kube-controller-manager (recommended) Refer to the section Requirements for detailed instruction on how to prepare your wildcards for the kubernetes block like this: kubectl -n kube-system edit cm coredns [...] apiVersion: v1 data: Corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa worker nodes Recommended: Enable PodCIDR allocation (--allocate-node-cidrs) in the kube-controller-manager (recommended) Refer to the section Requirements for detailed instruction on how to prepare your

Cilium Hubble Important common packages Debugging toFQDNs and DNS Debugging Mutexes / Locks and Data Races Release Management Organization Release tracking Release Cadence Backporting process Backport run in standalone mode or as a cluster making it a great choice for local testing with multi-node data paths. Agent nodes are joined to the master node using a node-token which can be found on the master worker nodes Recommended: Enable PodCIDR allocation (--allocate-node-cidrs) in the kube-controller-manager (recommended) Refer to the section Requirements for detailed instruction on how to prepare your

on all worker nodes Enable PodCIDR alloca�on ( --allocate-node-cidrs ) in the kube-controller-manager (recommended) Refer to the sec�on Requirements for detailed instruc�on on how to prepare your Kubernetes for the kubernetes block like this: kubectl -n kube-system edit cm coredns [...] apiVersion: v1 data: Corefile: | .:53 { errors health kubernetes cluster.local in-addr on all worker nodes Enable PodCIDR alloca�on ( --allocate-node-cidrs ) in the kube-controller-manager (recommended) Refer to the sec�on Requirements for detailed instruc�on on how to prepare your Kubernetes

run in standalone mode or as a cluster making it a great choice for local testing with multi-node data paths. Agent nodes are joined to the master node using a node-token which can be found on the master worker nodes Recommended: Enable PodCIDR allocation (--allocate-node-cidrs) in the kube-controller-manager (recommended) Refer to the section Requirements for detailed instruction on how to prepare your wildcards for the kubernetes block like this: kubectl -n kube-system edit cm coredns [...] apiVersion: v1 data: Corefile: | .:53 { errors health kubernetes cluster.local in-addr.arpa

running on control plane to enable control/data plane connectivity ● Cilium state-keeping in shared cluster etcd Cilium in the DOKS Architecture Data Plane Node #1 cilium-agent Node #1 cilium-agent cilium-agent cilium-operator Control Plane kube-api-server cilium-agent kube-controller- manager scheduler ….. etcd VPC digitalocean.com How’s Cilium been working for us? ● Good experience

retrieve configuration options, and store state through eBPF maps to save and retrieve data in a wide set of data structures. These maps can be accessed from eBPF programs as well as from applications their own encoding. When the bees jumped on the case, it marked the beginning Of a whole new era for data sharing and messaging. Mail was still slow to go through the ship’s processors, But the electrician in-kernel aggregation of metrics allows flexible and efficient generation of observability events and data structures from a wide range of possible sources without having to export samples. Attaching eBPF