simplified DDoS prototype using DPDK application model.
to leverage DPDK libraries and PMD feature to build line rate processing for
- zero buffer copy
- reduce failover on faulty cases
- de-centralized telemetry
- in bound no Relational Data Base
- Primary configruation and Secodnary
- Failure of secodnary, Primary pass through
- Flow calssification based on destination IP
- Inbound IP reassembly with ACL filtering
- service core based telemetry and data base update.
- eBPF inspired flow distribution to multiple workers
EBPF |
---|
- drop:
clang-9 -O2 -emit-llvm -I /usr/include/linux -c drop.c -o - `| llc -march=bpf -mcpu=probe -filetype=obj -o drop.o
- pass:
clang-9 -O2 -emit-llvm -I /usr/include/linux -c pass.c -o - `| llc -march=bpf -mcpu=probe -filetype=obj -o pass.o
- port_forward:
clang-9 -O2 -emit-llvm -I /usr/include/linux -c port_forwad.c -o - `| llc -march=bpf -mcpu=probe -filetype=obj -o pass.o
- DPDK
- libnuma-dev
software | release |
---|---|
DPDK | dpdk-stable-18.11.4 |
- EBPF
- ip -force link set dev interfacename xdp off
- ip -force link set dev interfacename xdp object binaryname section "prog"
- ip -force link set dev interfacename1 xdp off; ip -force link set dev interfacename2 xdp off
- ip -force link set dev interfacename1 xdp object binaryname section "prog"; ip -force link set dev interfacename2 xdp object binaryname section "prog"
- bpftool map update id mapid1 key interfacename1_ifindex 0x0 0x0 0x0 value interfacename2_ifindex 0x0 0x0 0x0
- bpftool map update id mapid2 key interfacename2_ifindex 0x0 0x0 0x0 value interfacename1_ifindex 0x0 0x0 0x0
- Download DPDK from dpdk.org.
- Untar DPDK tar file.
- Execute the following commands
cd <to unatar dpdk folder>
make config T=x86_64-native-linuxapp-gcc O=x86_64-native-linuxapp-gcc
export RTE_SDK=$PWD
export RTE_TARGET=x86_64-native-linuxapp-gcc
cd x86_64-native-linuxapp-gcc
make -j 4
- Test the custom build by cross checking examples like helloworld & l2fwd.
meson <build directory>
ninja -C <build directory>