XDP is a performance and programmable network data packet processor. It comes into existence to mitigate some serious server-side issues like DDoS (Distributed Denial-of-Service) attacks or as a load balancer.
Need for XDP
The need for a performant networking data path is always a required feature for Linux servers. But the programmability of those data paths should also be there so that developers make something usable out of it. Although XDP has quite a steep learning path, due to the recent development of many tools and frameworks, writing XDP code is quite approachable nowadays. The huge advantage of XDP is its speed. The primary functionality of XDP is that developers can build new functionality to filter out packages without modifying the kernel itself. There are some scenarios when some package need not have to travel through the entire network stack to just decide either to forward or drop the packet. It should be done on the first layer of the networking stack by placing some filters. These filters should be programmed in such a way that they can easily recognize a malicious packet and drop it right at the beginning of the stack. This can save a lot of processing power and time. With XDP, this filtration is possible right at the front of the networking stack. Now using XDP, the developer can filter out any packets which may be sent by any hacker to make a DDoS attack. This can reduce much of the overhead in the normal kernel networking stack. This feature is recently demonstrated by Cloudflare in their DDoS protection demonstration. Some notable feature of XDP is as follows :
Why XDP Is Very Fast
XDP is an eBPF-based programmable, high-performance network data path in the Linux kernel. The performance gain of XDP is because of the bare metal packet processing at the lowest level of the software stack. It means that the data packet coming from the network hit the XDP first before any other process of the kernel. Therefore, engineers can program the XDP to optimize it for various use cases. From DDoS protection to the load balancer. XDP is loaded directly on the networking stack. When a packet is received by the networking stack, it gets a callback and processes the packets as fast as possible. XDP can drop 26 million packets per second per core in commodity hardware. The primary reason why XDP is very fast is, that the user is allowed to directly read or make changes to network packet data and take decisions on how to handle the packet at an earlier stage. This requires a very less process overhead and resulting better speed.
Connect Networking Stack With XDP
You can connect to networking with XDP by various means, but I am mentioning some popular methods here.
Types of Operation XDP Performs
Some of the operations XDP can perform once a packet is received by the networking interface are:
XDP and eBPF
eBPF is the extended version of Berkeley Packet Filter. It is like an abstracted virtual machine running inside the Linux kernel. eBPF is used to run a user-defined program inside a sandbox environment in the Linux kernel. Generally, it is used to run networking and monitoring tools in Linux servers to ensure optimal performance. XDP is a framework used to write very high-speed packet processing in BPF applications. To make it even faster, XDP runs BPF immediately after a packet is received by the networking stack. XDP has a very steep learning curve. Therefore developers are making tools and frameworks to make it easy to program using eBPF. It makes it very easy to write code for processing very high-frequency network processing using XDP and eBPF. The core advantage of XDP is that it doesn’t require you to modify the kernel, which was a huge headache for the engineers. But as people said, great power comes with great responsibility. As XDP runs eBPF as early as possible before packets are parsed by the kernel itself, eBPF programs have to do all the parsing themself and can’t rely on the kernel to do anything for them. As a programmer, most of your time you are working with terminal. This is a guide to decorate your terminal prompt. Do check it out.
