Skip to content
/ af_xdp_test Public

AF_XDP Test Environment - Running Inside Docker Network

License

MIT license
13 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

glasnostic/af_xdp_test

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
result
result
 
 
scripts
scripts
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
docker-compose.yaml
docker-compose.yaml
 
 
start
start
 
 
stop
stop
 
 

Repository files navigation

AF_XDP Test Environment Inside Docker

This example is meant as a test environment to check the feasibility and performance of AF_XDP inside a docker network (Containers communicating via the veth driver).

Test Setup

We have a Client and a Server running a simple HTTP server and iperf3. Both containers are reachable in the Docker network (CIDR: 172.16.239.0/24) via IP 172.16.239.13 (Client) and 172.16.239.14 (Server).

To intercept the traffic via AF_XDP, we put a Router container (IP 172.16.239.13) in between. The router is rewriting the source and destination IP of each incoming packet.

If coming from the Client, the destination IP is rewritten the Server's IP and the other way around. The source IP is set to the Router's IP, to ensure that packets are sent back to the Router.

If the Client is now connecting to the Router, the traffic goes to the Server via the Router. The forward flow (FF) and backward flow (BF) looks like this:

+-------------------+          +-------------------+          +-------------------+
|                   |          |                   |          |                   |
|                   |    FF    |                   |    FF    |                   |
|      Client       +--------->+       Router      +--------->+       Server      |
|  (172.16.239.13)  |    BF    |  (172.16.239.12)  |    BF    |  (172.16.239.14)  |
|                   |<---------|                   |<---------|                   |
|                   |          |                   |          |                   |
+-------------------+          +-------------------+          +-------------------+

Additionally, the router also sends ARP requests to get the MAC address of the Server.

The test spends some time rewriting the packets. This could be avoided by placing Client and Server in different networks and attaching two interfaces (one for each network) to the router. However, for simplicity we just wanted one network interface to be handled by AF_XDP.

Run the Example

To run the example, you'll need to install Docker (tested with version 19.03) on a Linux 5.1 (or greater) kernel based system and start:

$ ./start                   # run this example
$ ./stop                    # stop running the example

Or if you want to run this example step by step, you can call the following commands:

$ ./scripts/huge                   # mount huge pages (required by the example)
$ docker-compose build             # build example Docker images
$ docker-compose up -d             # run the example
$ docker-compose logs -f <role>    # check log messages of container <role>
                                   # here role could be router, client or service
$ docker-compose down              # stop running the example

After running this test case, you should get the results shown in the ./result directory.

About

AF_XDP Test Environment - Running Inside Docker Network

Topics

network userspace bpf libbpf afxdp

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

13 stars

Watchers

7 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages