Electronics and Telecommunications Trends (전자통신동향분석)

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

eBPF Technology Trends for Networking and Security in Cloud-native

클라우드 네이티브 환경에서 네트워킹 및 보안을 위한 eBPF 기술 동향

  • 신용윤 (네트워크.시스템보안연구실) ;
  • 신지수 (네트워크.시스템보안연구실) ;
  • 박철희 (네트워크.시스템보안연구실) ;
  • 박종근 (네트워크.시스템보안연구실)
  • Published : 2022.10.01
Download PDF
⟨ Previous Next ⟩

Abstract

In a situation where applications determine business competitiveness, they cannot respond to varying customer requirements without the cloud's flexibility and scalability. Companies have begun seeking ways to enjoy the advantages of the cloud fully, and the concept of "Cloud Native" is emerging as a solution to the problem. Cloud Native is now a target of interest in the market. Microservice and serverless functions can play a vital role in cloud-native architecture. Microservice arranges applications into various independent services, each offering certain functionality through mutual networking. eBPF is attracting attention as a cloud-native networking solution that quickly supports microservice features that repeat creation/deletion. This study identifies the characteristics of eBPF-based networking and evaluates cloud-native networking and secure networking using eBPF.

Keywords

Acknowledgement

이 논문은 2022년도 정부(과학기술정보통신부)의 재원으로 정보통신기획평가원의 지원[2020-0-00952, 5G+ 서비스 안정성 보장을 위한 엣지 시큐리티 기술 개발]과 2022년도 정부(국방부)의 재원으로 정보통신기획평가원의 지원을 받아 수행된 연구임[2022-0-00701, 국방정보통신망-상용망(5G) 연동을 위한 보안 기술 개발].

References

  1. CNCF, 2021 CNCF Annual Report, 2021.
  2. CNCF, CNCF Cloud Native Interative Landscape, https://landscape.cncf.io
  3. CNCF, Service Mesh: A Critical Component of the Cloud Native Stack, Apr. 26, 2017, https://www.cncf.io/blog/2017/04/26/service-mesh-critical-component-cloud-native-stack/
  4. CNCF envoy, https://www.envoyproxy.io/
  5. eBPF, https://ebpf.io/what-is-ebpf
  6. Linux Kernel, eBPF, https://github.com/torvalds/linux/blob/master/include/uapi/linux/bpf.h
  7. Dorsal Lab, An Entertaining eBPF XDP Adventure, 2017, https://suchakra.wordpress.com/2017/05/23/an-entertaining-ebpf-xdp-adventure/
  8. M. Majkowski, "How to drop 10 million packets per second," Cloudflare, 2018, https://blog.cloudflare.com/how-to-drop-10-million-packets/
  9. Cilium, What is Cilium - Architecture, https://cilium.io/get-started
  10. T. Graf, "CNI benchmark: Understanding Cilium network performance," Cilium, May 11, 2021, https://cilium.io/blog/2021/05/11/cni-benchmark/
  11. Cilium, Network Policy Editor - Tutorial: Allow Egress To Kubernetes DNS, Tutorial: Misunderstanding How Policy Rules Combine, https://editor.cilium.io
  12. Cilium, Kubernetes Network Policies Using Cilium - Controlling Ingress/Egress from Namespaces, May 11, 2018, https://cilium.io/blog/2018/09/19/kubernetes-network-policies
  13. Cilium, Try eBPF-powered Cilium Service Mesh - Join the Beta Program!, Dec 2, 2021, https://cilium.io/blog/2021/12/01/cilium-service-mesh-beta
  14. F. Parola, S. Miano, and F. Risso, "A proof of concept 5G mobile gateway with eBPF," in Proc. SIGCOMM '20, (Virtual), Aug. 2020, https://dl.acm.org/doi/abs/10.1145/3405837.3411395
  15. T.A. Navarro do Amaral et al., "Run-time adaptive In-Kernel BPF/XDP solution for 5G UPF," Electronics, vol. 11, no. 7, 2022, https://www.mdpi.com/2079-9292/11/7/1022 1022