XDP (eXpress Data Path) is an

eBPF eBPF (often aliased BPF) is a technology that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel at runtime without requiring to chan ...

-based high-performance data path used to send and receive

network packet In telecommunications and computer networking, a network packet is a formatted unit of data carried by a packet-switched network. A packet consists of control information and user data; the latter is also known as the ''payload''. Control informa ...

s at high rates by bypassing most of the

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...

networking stack The protocol stack or network stack is an implementation of a computer networking protocol suite or protocol family. Some of these terms are used interchangeably but strictly speaking, the ''suite'' is the definition of the communication protoco ...

. It is merged in the

Linux kernel The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel. It was originally authored in 1991 by Linus Torvalds for his i386-based PC, and it was soon adopted as the kernel for the GNU ope ...

since version 4.8. This implementation is licensed under

GPL The GNU General Public License (GNU GPL or simply GPL) is a series of widely used free software licenses that guarantee end users the four freedoms to run, study, share, and modify the software. The license was the first copyleft for general us ...

. Large technology firms including Amazon, Google and Intel support its development. Microsoft released their

free and open source Free and open-source software (FOSS) is a term used to refer to groups of software consisting of both free software and open-source software where anyone is freely licensed to use, copy, study, and change the software in any way, and the source ...

implementation ''XDP for Windows'' in May 2022. It is licensed under

MIT License The MIT License is a permissive free software license originating at the Massachusetts Institute of Technology (MIT) in the late 1980s. As a permissive license, it puts only very limited restriction on reuse and has, therefore, high license comp ...

Data path

The idea behind XDP is to add an early hook in the RX path of the kernel, and let a user supplied eBPF program decide the fate of the packet. The hook is placed in the

network interface controller A network interface controller (NIC, also known as a network interface card, network adapter, LAN adapter or physical network interface, and by similar terms) is a computer hardware component that connects a computer to a computer network. Ear ...

(NIC) driver just after the

interrupt In digital computers, an interrupt (sometimes referred to as a trap) is a request for the processor to ''interrupt'' currently executing code (when permitted), so that the event can be processed in a timely manner. If the request is accepted, ...

processing, and before any memory allocation needed by the

network stack The protocol stack or network stack is an implementation of a computer networking protocol suite or protocol family. Some of these terms are used interchangeably but strictly speaking, the ''suite'' is the definition of the communication protoco ...

itself, because memory allocation can be an expensive operation. Due to this design, XDP can drop 26 million packets per second per core with commodity hardware. The eBPF program must pass a preverifier test before being loaded, to avoid executing malicious code in kernel space. The preverifier checks that the program contains no out-of-bounds accesses, loops or global variables. The program is allowed to edit the packet data and, after the eBPF program returns, an action code determines what to do with the packet: * XDP_PASS: let the packet continue through the network stack * XDP_DROP: silently drop the packet * XDP_ABORTED: drop the packet with trace point exception * XDP_TX: bounce the packet back to the same NIC it arrived on * XDP_REDIRECT: redirect the packet to another NIC or user space socket via the AF_XDP address family XDP requires support in the NIC driver but, as not all drivers support it, it can fallback to a generic implementation, which performs the eBPF processing in the network stack, though with slower performance. XDP has infrastructure to offload the eBPF program to a network interface controller which supports it, reducing the CPU load. In 2022, many network cards support it, e.g.

Netronome Netronome is a privately held fabless semiconductor company specializing in the design of network flow processors used for intelligent flow processing in network and communications devices, such as switches, routers and cyber security application ...

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...

and

Mellanox Mellanox Technologies Ltd. ( he, מלאנוקס טכנולוגיות בע"מ) was an Israeli-American multinational supplier of computer networking products based on InfiniBand and Ethernet technology. Mellanox offered adapters, switches, softwa ...

. Microsoft is partnering with other companies and adding support for XDP in the

MsQuic MsQuic is a free and open source implementation of the IETF QUIC protocol written in C that is officially supported on the Microsoft Windows (including Server), Linux, and Xbox platforms. The project also provides libraries for macOS and Android ...

protocol.

AF_XDP

Along with XDP, a new

address family An address family identifier is used to identify individual network address schemes or numbering plans for network communication in contexts where the use of individual addresses might otherwise be ambiguous. Address family identifiers were first d ...

entered in the Linux kernel starting 4.18. AF_XDP, formerly known as AF_PACKETv4 (which was never included in the mainline kernel), is a

raw socket A network socket is a software structure within a network node of a computer network that serves as an endpoint for sending and receiving data across the network. The structure and properties of a socket are defined by an application programming ...

optimized for high performance packet processing and allows

zero-copy "Zero-copy" describes computer operations in which the CPU does not perform the task of copying data from one memory area to another or in which unnecessary data copies are avoided. This is frequently used to save CPU cycles and memory bandwid ...

between kernel and applications. As the socket can be used for both receiving and transmitting, it supports high performance network applications purely in user space.

References

External links

XDP documentation
on

Read the Docs Read the Docs is an open-sourced free software documentation hosting platform. It generates documentation written with the Sphinx documentation generator. The site was created in 2010 by Eric Holscher, Bobby Grace, and Charles Leifer. On March 9, ...

AF_XDP documentation
on

kernel.org kernel.org is the main distribution point of source code for the Linux kernel, which is the base of the Linux operating system. Website The website and related infrastructure, which are operated by the Linux Kernel Organization, host the reposi ...

*
XDP walkthrough
at

FOSDEM Free and Open source Software Developers' European Meeting (FOSDEM) is a non-commercial, volunteer-organized European event centered on free and open-source software development. It is aimed at developers and anyone interested in the free and ...

2017 by Daniel Borkmann, Cilium
AF_XDP
at

2018 by Magnus Karlsson,

eBPF.io - Introduction, Tutorials & Community Resources

L4Drop: XDP DDoS Mitigations

Cloudflare Cloudflare, Inc. is an American content delivery network and DDoS mitigation company, founded in 2009. It primarily acts as a reverse proxy between a website's visitor and the Cloudflare customer's hosting provider. Its headquarters are in San ...

Unimog: Cloudflare's edge load balancer

Open-sourcing Katran, a scalable network load balancer

Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin M ...

Cilium's L4LB: standalone XDP load balancerCilium

Kube-proxy replacement at the XDP layerCilium

eCHO Podcast on XDP and load balancing
{{Authority control Command-line software Firewall software Linux security software Linux kernel features Free and open-source software Microsoft free software Software using the GPL license Software using the MIT license 2016 software

Data path

AF_XDP

See also

References

External links