Section 3: Networking with eBPF

In this section, we will develop eBPF-based network functions and achieve kernel-level performance.

Write, build, and deploy eBPF programs that intercept and manipulate network packets at scale, with a focus on efficiency, performance, and security. These eBPF programs will be Cloud-native Network Functions.

1. Set up an eBPF Development Environment: Describe the tooling required to build eBPF applications, e.g. libbpf, bpftool, LLVM Clang, Linux headers, and explain what role they play.
2. ADR: Discuss advantages and limitations of using C for kernel-space program and Go for user-space application.
3. Write an eBPF Program using Restricted C (Kernel Space)
4. Write an eBPF Application using and Go (User Space)
5. Build an eBPF Program
6. Deploy an eBPF Program
7. Best practices for eBPF application development
   • Compile Once Run Everywhere (CO-RE)
   • X-Factor CNFs
8. Service Function Chaining: Discuss how netkit replaces traditional veth/tc datapaths with a BPF-programmable network device, allowing for host-native packet processing speeds.

We will explain each line at great length, covering:

• Learn how to Read, Write, Build (Cross Compile), and Containerize eBPF programs.
• Learn how to Deploy Containerized eBPF programs into a Bare-Metal Kubernetes cluster
• Service Function Chaining using NETKIT_NEXT and NETKIT_REDIRECT.

We'll cover the Program Types, Map Types, and Kernel Hooks that are relevant to our eBPF program. We'll also address tradeoffs, in ADR fashion, so you know why certain decisions were made in lieu of other options.

• We will also point to other references (official docs, etc.) if course participants want to dive deeper into alternative types and options.

📄️ An Introduction to Netkit

Understand the fundamentals of netkit, the BPF-programmable network device.