Abstract

Techniques are presented herein that support a method for using the extended Berkeley Packet Filter (eBPF) to perform data plane traffic mirroring at an eXpress Data Path (XDP) level to provide data plane traffic observability. The presented techniques, which may be referred to herein as XeS, encompass an XeS agent component at a user level as well as an XeS server (i.e., an eBPF bytecode program) at a kernel level. The components may communicate through shared S-Map and F-Map tables. The presented techniques process Switch Port Analyzer (SPAN) source traffic efficiently at the XDP level immediately after packets arrive at the interface. Additionally, the presented techniques support Encapsulated Remote Switch Port Analyzer (ERSPAN) encapsulation and transmission to a destination through either a slow path (via the kernel Internet Protocol (IP) stack) or a fast path (directly at the XDP level using S-MAP entries installed by the XeS agent). For the fast path, the presented techniques support a new XDP-REPLICATE action code in addition to the existing XDP-REDIRECT or XDP-TX action codes.

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Recommended Citation

Ma, Xueqiang (Sherman) and Ghosh, Kalyan K., "USING EPBF TO SUPPORT DATA PLANE OBSERVABILITY WITH TRAFFIC MIRRORING", Technical Disclosure Commons, (May 02, 2023)
https://www.tdcommons.org/dpubs_series/5856

Download

COinS

Technical Disclosure Commons

Defensive Publications Series

USING EPBF TO SUPPORT DATA PLANE OBSERVABILITY WITH TRAFFIC MIRRORING

Abstract

Creative Commons License

Recommended Citation

Browse

Search

Submit

Additional Information

Technical Disclosure Commons

Defensive Publications Series

USING EPBF TO SUPPORT DATA PLANE OBSERVABILITY WITH TRAFFIC MIRRORING

Inventor(s)

Abstract

Creative Commons License

Recommended Citation

Share

Browse

Search

Submit

Additional Information