In a data center, many operator meter each VM's packet to the Internet for billing In a SR-IOV setup, the NIC would have to meter packets for all VMs being served by the NIC (or smartNIC). A NIC such as the one from Netronome supports BFP in their NIC NPU. There are frontends in C and golang to EBPF that convert to byte code for the NPU on the NIC. If the NIC uses an FPGA, Verilog has to be generated.
Hemant On Thursday, October 4, 2018 at 9:26:10 AM UTC-4, Tamás Gulácsi wrote: > > Yes. But where do you place that bpf code? > Where will it run? > What packets will it monitor? > > eBPF is run in a virtual machine _in_the_kernel_. > So a "VM using SR-IOV" bypasses this, also. > > Your monitor must be running in each guest VM, or you must NOT allow > SR-IOV - that bypasses the host's kernel - even the host supervisor! - too! > > 2018. október 4., csütörtök 14:22:49 UTC+2 időpontban Hemant Singh a > következőt írta: > >> Right. However, if a VM is using SR-IOV which connects the VM directly >> to the NIC, the kernel is bypassed. Since sending my email, I also found a >> packet filter in golang: >> >> https://godoc.org/golang.org/x/net/bpf >> >> I have tested the above code yet. >> >> Thanks, >> >> Hemant >> >> On Thursday, October 4, 2018 at 12:22:11 AM UTC-4, Tamás Gulácsi wrote: >>> >>> If your metering runs in the same (virtual) machine as the metered >>> processes, the kernel sees the packets, so ebpf is the fastest. >>> >>> If you run in different machines, or the virtualization skips the host, >>> then you cannot catch the packets. >>> >> -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
