On eBPF extensions to Kubernetes CNI datapath

Abstract

The combination of expressiveness and access to native Linux kernel capabilities explains the wide adoption of extended Berkeley Packet Filter (eBPF) as de-facto choice for implementing software based in-kernel network functions. While full of potential, it is infeasible to abandon existing (in-kernel) networking infrastructure and switch to eBPF based solutions overnight. To this end, we present an evolutionary approach for extending existing in-kernel networking infrastructure with eBPF modules such that new enhancements and feature replacements can be done to extend the present networking infrastructure. We demonstrate feasibility of eBPF based feature evolution of in-kernel networking by using Kubernetes CNI as an example.