What is XDP [1]?
How does XDP work?
Where can I start?
Result
Futher reading and references
The kernel subsystems making use of BPF [2], [3].
The kernel bypass techniques, where a userspace application takes complete control of the networking hardware to avoid expensive context switches between kernel and userspace.
In XDP, the operating system kernel itself provides a safe execution environment for custom packet processing applications, executed in device driver context.
XDP is part of the mainline Linux kernel and provides a fully integrated solution working in concert with the kernel’s networking stack.
E.g. layer-3 routing, inline DDoS protection and layer-4 load balancing.
What about DPDK? The Data Plane Development Kit (DPDK).
It is more difficult to integrate with the existing system, and applications have to re-implement functionality otherwise provided by the operating system network stack, such as routing tables and higher level protocols.
It has limited portability, i.e. DPDK Supported Hardwares [4] are needed.
It requires dedicating full CPU cores to packet processing.
The eXpress Data Path (XDP), works by …
Defining a limited execution environment in the form of a virtual machine running eBPF code, an extended version of original BSD Packet Filter (BPF) byte code format.
The kernel ensures the safety of the custom programs by statically verifying them at load time.
The programs are dynamically compiled into native machine instructions to ensure high performance.
Figure 1
Figure 2
The XDP driver hook is the main entry point for an XDP program, and is executed when a packet is received from the hardware.
The eBPF virtual machine executes the byte code of the XDP program, and just-in-time-compiles it for increased performance.
BPF maps are key/value stores that serve as the primary communication channel to the rest of the system.
The eBPF verifier statically verifies programs before they are loaded to make sure they do not crash or corrupt the running kernel.