基于eBPF的虚拟化网络与云原生网络应用
网络安全与数据治理 2期
施苏峰
(1.东南大学 网络空间安全学院,江苏 南京211189;2.网络通信与安全紫金山实验室,江苏 南京211111)
摘要: 近年来,随着eBPF的内核代码安全注入机制的发展,eBPF已经在网络优化、性能监控等方面获得大量应用。介绍了eBPF在网络功能虚拟化领域的应用概述,以及其基于容器架构发展而来的云原生网络功能领域的应用概述,并举出了eBPF用于上述领域的典型应用:网络功能虚拟化领域的负载均衡、快速丢包、限流应用,以及云原生网络功能领域的Kubernetes容器网络加速、服务网格加速应用。
中图分类号: TP393
文献标识码: A
DOI: 10.19358/j.issn.2097-1788.2023.02.002
引用格式: 施苏峰. 基于eBPF的虚拟化网络与云原生网络应用[J].网络安全与数据治理,2023,42(2):9-18.
文献标识码: A
DOI: 10.19358/j.issn.2097-1788.2023.02.002
引用格式: 施苏峰. 基于eBPF的虚拟化网络与云原生网络应用[J].网络安全与数据治理,2023,42(2):9-18.
Virtual network and cloud native network application based on eBPF
Shi Sufeng1,2
(1.School of Cyber Science and Engineering,Southeast University,Nanjing 211189,China; 2.Purple Mountain Laboratories,Nanjing 211111,China)
Abstract: In recent years, with the development of eBPF kernel code security injection mechanism, eBPF has been widely used in network optimization, performance monitoring and other aspects. This paper introduces the application of eBPF in the field of network function virtualization and the application of eBPF in the field of cloud native network function based on container architecture. Typical applications of eBPF used in the above fields are presented, including load balancing, fast packet loss and network traffic rate limiting applications in the field of network virtualization. In addition, the Kubernetes container network acceleration and service grid acceleration applications in the field of cloud native network functions are also mentioned.
Key words : eBPF;network function virtualization;cloud native;load balancing;Kubernetes;service mesh
0 引言
随着eBPF(extended Berkeley Packet Filter)技术在网络功能虚拟化以及云原生网络功能领域的逐渐成熟,其复用内核协议栈、内核安全校验、流量短路等优势使得传统的网络功能虚拟化以及云原生网络功能拥有了创新性的发展。
本文详细内容请下载:https://www.chinaaet.com/resource/share/2000005207
作者信息:
施苏峰(1998-),通信作者,男,硕士研究生,主要研究方向:eBPF、云原生、网络功能虚拟化。E-mail:1257989860@qq.com。
此内容为AET网站原创,未经授权禁止转载。