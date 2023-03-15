



Barbara Liskov has a distinguished Turing Award-winning career and has had a profound impact on modern thinking about distributed computing. He liked to emphasize the power of abstraction and its role in finding suitable interfaces for systems and finding effective designs for system implementations.

Liskov has been proven correct time and time again, and we are now at a crossroads that will drive the evolution of cloud-native system design in new abstractions and eBPF, especially powerful new ways. These new abstractions will unlock the next wave of cloud-native innovation and set the course for the evolution of cloud-native computing.

Cloud Native Challenges: Complexity and Scale

Before diving into eBPF, let’s first examine what cloud native is and why it needs to evolve.

Cloud Native employs a container model that provides a common denominator for a single kernel to manage many network objects. There are related trends, such as networking becoming namespace-based and full-blown VMs being replaced by containers or lightweight VMs. Cloud native shifts the scale and scope from a few VMs to a large number of containers with a higher container density per node for efficient use of resources and shorter container lifespans. Dynamic IP pools for these containers also have high IP churn.

The challenges don’t stop there.

Once the cluster is up and bootstrapped, there are Day 2 challenges such as observability, security, multi-cluster and cloud management, and compliance. Moving to a cloud-native environment is not a one-switch. Its progressive journey.

Once you have your cloud native environment set up, you face integration requirements with external workloads (e.g. pod networking, CIDR, services, and BGP for gateways, etc., via service abstractions or egress gateways for more predictable IP address). Also, there is a continuing need to migrate to IPv6-only clusters for greater IAM flexibility, the need to use NAT46/64 for interaction with legacy workloads, and topology awareness You need to be able to connect multiple clusters on-premises/off-premises in a scalable manner. Such as routing and traffic encryption.

These problems are only growing. Gartner estimates that over 95% of new digital workloads will be deployed on cloud-native platforms from 30% in 2021 to 2025.

Limitations of Linux Kernel Building Blocks

As always, the Linux kernel is the foundation for solving these challenges, with applications using sockets as data sources and sinks and the network as the communication bus. Linux and Kubernetes are now unified as cloud OS.

But in cloud native, cgroups (CPU, memory handling), namespaces (net, mount, pid), SELinux, seccomp, netfiler, netlink, AppArmor, auditd, perf were designed over 10 years ago.

These tools do not always work together. Some tools are inflexible and only allow global policies, not per-container policies. They are unaware of pods and high level service abstractions and many rely on iptables for networking.

As a platform team, we want to provide developer tooling for cloud-native environments, but we may find ourselves stuck in this box that doesn’t represent cloud-native environments efficiently.

eBPF: Building Abstractions for the Cloud Native World

eBPF is a revolutionary technology that allows kernels to be dynamically programmed in a safe, high-performance, and scalable manner. It is used to safely and efficiently extend the kernel’s cloud-native capabilities without requiring kernel source code changes or kernel module loading.

eBPF:

Hook anywhere in the kernel to modify functionality and customize its behavior without changing the kernel source Ensure that programs run safely to prevent kernel crashes and other instabilities is validated JIT compiled at near-native execution speed Ability to add OS features at runtime without disrupting JIT workloads or restarting nodes Shift context from Kubernetes user space to Linux kernel

These features allow us to safely abstract the Linux kernel and prepare for the cloud native world.

eBPF Abstraction for the Cloud Native Revolution

Next, we’ll cover 10 ways eBPF abstractions are helping evolve cloud-native stacks, from accelerating innovation to improving performance.

#1. eBPF Accelerates Kernel Innovation

Adding new features to the Linux kernel is a long process. The typical patch lifecycle involves developing a patch, merging it upstream, and then waiting for a major distribution release. Users usually stick to LTS kernels (Ubuntu, for example, is usually a two-year cycle). So, to innovate in the traditional model, you have to build kernel modules or your own kernel, excluding most of the community. Also, the feedback loop from developer to user is minimized. eBPF was able to break this long cycle by decoupling it from kernel releases. For example, Cilium changes can be upgraded on-the-fly in a running kernel and work with different kernel releases. This allows us to add new cloud-native capabilities years before they would otherwise be possible.

#2. eBPF extends kernel but with safety belts on

New features can improve functionality, but they also introduce new risks and edge cases. The development and testing costs are much higher for eBPF code with the same functionality as kernel code. The eBPF verifier ensures that your code will not crash the kernel. Portability of eBPF modules across kernel versions is achieved through CO-RE, kconfigs, and BPF type information. The eBPF flavor of C language is also a safer choice for kernel programming. All of this makes adding new features to the kernel safer than directly patching or using kernel modules.

#3. eBPF allows short production feedback loops

Traditional feedback loops have involved patching an in-house kernel, gradually rolling it out to fleets to deploy changes, starting experiments, collecting data, and incorporating feedback into the development cycle. . It was a very long and fragile cycle in which nodes had to restart and drain traffic, which could not move quickly, especially in a dynamic cloud-native environment. eBPF decouples this feedback loop from the kernel and allows atomic program updates on the fly, dramatically shortening this feedback loop.

#Four. eBPF provides building blocks in the kernel instead of reinventing the wheel in user space

Instead of requiring a large rewrite of the userspace stack, eBPF allows you to piggyback parts into the kernel and use them as-is, while dramatically facilitating integration. eBPF adds building blocks to the kernel that are too complex for other kernel subsystems, especially for new cloud-native use cases. eBPF allowed Cilium to easily add a NAT 46/64 gateway to connect his IPv6-only Kubernetes cluster to his IPv4-based infrastructure.

#Five. eBPF allows you to fix or mitigate kernel bugs on the fly

Recently, eBPF was used to fix a kernel bug in the veth (virtual ethernet) driver that was affecting queue selection. (See eBPF summit talk, All Your Queues Are Belong to Us.) This on-the-fly fix enabled by eBPF reduces the complex roll of new kernels to the cloud, a particularly time-consuming process for his providers. out was avoided. Cloud-native workloads can bring new edge cases to the kernel, but on-the-fly remediation with eBPF makes packet processing more resilient and reduces the attack surface from bad actors .

#6. eBPF brings data processing closer to the source and reduces resource consumption

Traditional virtual network functions such as load balancers and firewalls are resolved at the packet level. Every packet has to be inspected, modified or dropped, which is computationally expensive for the kernel. eBPF reframed the original problem by moving as close to the event source as possible towards per-socket hooks, per-cgroup hooks, XDP (eXpress Data Path), etc. This significantly reduced resource costs and allowed us to move from dedicated boxes to general purpose worker nodes. Seznam.cz was able to reduce the load balancer’s CPU consumption by a factor of 72 using eBPF.

#7. eBPF reduces traffic latency

Using eBPF for forwarding allows many parts of the network stack to be bypassed, greatly improving network efficiency and performance. For example, Cilium was able to use his eBPF to implement a bandwidth manager that reduced p99 latency by a factor of 4.2. It also helped enable BIG TCP and a new veth driver replacement that allows containers to reach host network speeds.

#8. eBPF provides efficient data processing

By minimizing fast paths, eBPF reduces creep in kernel functions that slow down data processing. Complex custom cloud-native use cases don’t have to be part of the kernel. They are the building blocks of eBPF that can be leveraged in various edge cases. For example, separating helpers and maps from eBPF’s entry point allows Cilium to create a faster and customizable alternative to kube-proxy in his eBPF, allowing it to continue scaling even when iptables is inadequate.

#9. eBPF facilitates low-overhead, granular visibility into the system

Given the changes in cloud-native workloads, it can be difficult to find and debug issues. With the eBPF collector, you can build a fleet-wide tracing and observability platform with low overhead. Instead of changing application code or adding sidecars, using eBPF results in zero instrumentation observability. Troubleshooting operational issues can also be safely done through bpftrace, providing far richer visibility, programmability, and ease of use than old-style performance.

#Ten. eBPF creates a secure identity abstraction for enforcing policies

In cloud-native environments, eBPF allows us to abstract away from high pod IP churn into more long-term identities. IPs are meaningless given that everything revolves around pod labels and that pods are typically very short-lived for ephemeral workloads. By understanding the context of processes within the kernel, eBPF helps abstract away from IP and provides a more specific identity abstraction. A secure identity abstraction for workloads allowed Cilium to build features like short-lived pods and her Egress gateway for mTLS.

eBPF for innovation, abstraction and performance

Cloud native is changing requirements of platforms that need to support higher levels of performance and scalability along with constant change. Many of the Linux kernel building blocks that support these demanding workloads are decades old. Luckily, eBPF allows you to dynamically change your kernel to create abstractions that are ready for the cloud-native world. eBPF is unlocking cloud-native innovations, creating new kernel building blocks and dramatically improving application platform performance.

Bill Mulligan is the maintainer of Cilium and heavily involved in the eBPF ecosystem. He works for Isovalent.

The New Tech Forum provides unprecedented depth and breadth for exploring and discussing new enterprise technologies. This selection is subjective, material, and based on a selection of technologies that we believe are of greatest interest to InfoWorld readers. InfoWorld does not accept marketing materials for publication and reserves the right to edit all content contributed. Please send all inquiries to [email protected]

Copyright © 2023 IDG Communications, Inc.

Sources 1/ https://Google.com/ 2/ https://www.infoworld.com/article/3689690/how-ebpf-unlocks-cloud-native-innovation.html The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos