Hemant Singh wrote:
In a data center, many operator meter each VM's packet to the Internet for
billing In a SR-IOV setup, the NIC would have to meter packets for all VMs
being served by the NIC (or smartNIC). A NIC such as the one from
Netronome supports BFP in their NIC NPU. There are frontends in C and
golang to EBPF that convert to byte code for the NPU on the NIC. If the
NIC uses an FPGA, Verilog has to be generated.
Hemant
From what I understand, sr-iov provides the capability to bypass the
vm/guests kernel. Thus, I think injecting the bytecode in the domU/guest
kernel won't work. For this approach to work, the accounting/metering
*has to happen* outside your vm boundary; I believe vendors provide
drivers at the dom0 and pf layer to support this.
Though if you still want to use ebpf, one way I can think of is to have
a host (where presumably you'll compile and inject the ebpf bytecode
into that hosts' kernel) situated at a nexthop to the pf providing the
vf(s) to the guest with vlan tagged packets.
Another solution could be to probably to run a port mirror so you can do
the accounting per vlan tagged port on another host (where presumably
you'll compile and inject the ebpf bytecode into that hosts' kernel).
Whether this is via vf(s) switch or dedicated is up to yourself and the
driver/(pcie nic) you use I guess.
Reading your requirement between the line though, it looks like
depending on where you are situated (dom0/domU/upstream router) and the
accounting rate required, a libpcap-based capture accounting will be
sufficient - e.g., github.com/akrennmair/gopcap or many forks/variants
thereof of libpcap. I believe access to raw sockets should be feasible
enough in your case in the vm -
https://github.com/akrennmair/gopcap/blob/master/tools/tcpdump/tcpdump.go.
If you have the kernel infrastructure to support raw sockets, you should
be able to account those packets using libcap.
[ ... ]
Regards
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
