Session

Kubernetes networking on Linux is dominated by eBPF based implementations, Cilium CNI is the most popular one among these. To offload an eBPF based stack like this to DPU, we have explored several key questions and challenges starting from basics like - Can we offload it ‘completely’ to a DPU ? Can it be done without adding any complexity at user level ? What if all nodes in the cluster don’t have a DPU, can it still work ? In a solution like this, how much of host resources can be saved ? What if security policies are present which are HW accelerated, how do these numbers look like ? Can we keep eBPF code changes minimal ? And can such a solution be opensource and HW vendor neutral ?

In this session we would like to walk you through the challenges that we have encountered and the solutions we have created to achieve our goal. Demonstrated with Marvell Octeon 10 DPU we will show how this solution transparently offloads Cilium’s eBPF NW stack. We also have some intriguing metrics that can be helpful for end users.

Session merged with DPU BoF (https://netdevconf.info/0x19/40)