登录查看更多内容

eBPF Stateful Programs and State Synchronization Problem

Teodor Podobnik

SRE @ Prewave | Master of Science in Computer Science

发布日期: 2024年12月23日

Like any other stateful application, eBPF programs store their state in eBPF Maps. However, to avoid a single point of failure, these applications are often deployed across multiple nodes, in a so called high-availability setup.

But how do we ensure that decisions like IP blacklisting or DNS client rate-limiting remain consistent across all nodes when each node maintains its own eBPF Map to track client request counts?

In today’s newsletter, we’ll explore the problem of state synchronization of eBPF Maps across multiple nodes.

The Problem

Today, eBPF programs are widely used for stateful networking solutions such as:

Load Balancing: Storing information about backend servers, including IP addresses, ports, and health states, to choose one for forwarding incoming traffic.
Connection Tracking: Storing timestamps for connection activity. If a connection remains idle for too long, the eBPF program can clean up old entries, effectively implementing a garbage collection mechanism for expired sessions.
Firewalls: Storing state information about active connections, such as the number of packets or bytes associated with an IP address within a time window, to dynamically enforce rate limits or blacklist clients.

Unlike stateless applications, high-availability stateful applications often need to maintain consistent state information across all nodes in a cluster. In the scenario of eBPF application, the state of each node's eBPF Map must be synchronized across the cluster.

?? eBPF maps are key-value data structures used to store and share data between eBPF programs and user-space applications or across different eBPF programs.

However, there is currently no known synchronization tool or daemon available for eBPF Maps.

The Solution

To address this, I decided to build a solution myself.

Here’s a high-level overview of the solution:

This approach leverages asynchronous eBPF map notification updates...

Read the full post, on my Substack Newsletter: https://ebpfchirp.substack.com/p/ebpf-stateful-programs-and-state

Cloud Chirp

1,011 位关注者

José Roberto Almaráz da Cunha Junior

Senior Specialist Manager at Deloitte Australia

2 个月

Awesome! Are you going to continue to work on it beyond POC? This seems a crucial piece !

Tim O'Guin

Open Source Advocate | Top 100% TryHackMe | Ex AWS Security Specialist

3 个月

This looks sick. ??

1 次回应

查看更多评论

要查看或添加评论，请登录

Teodor Podobnik的更多文章

Can eBPF Provide Real-Time PostgreSQL Insights Without Degrading Performance?

2025年2月21日

Can eBPF Provide Real-Time PostgreSQL Insights Without Degrading Performance?

Database engineers know very well how important it is to observe and monitor databases. And it’s not just about…

1 条评论
Dependency Management at Scale: How To Maintain 200+ Infrastructure Tools Up to Date

2025年2月19日

Dependency Management at Scale: How To Maintain 200+ Infrastructure Tools Up to Date

If you’ve ever maintained a large-scale infrastructure, you know that every week brings a stream of new updates in…
Goby: A Simple CLI to Bootstrap Your eBPF Projects

2025年2月9日

Goby: A Simple CLI to Bootstrap Your eBPF Projects

When getting started with eBPF, learning the concepts is just one part of the challenge—the other is setting up your…

5 条评论
Go, C, Rust, and More: Picking the Right eBPF Application Stack

2025年1月23日

Go, C, Rust, and More: Picking the Right eBPF Application Stack

Back in 2021, when I set out to develop my first eBPF program, I remember feeling overwhelmed by the variety of eBPF…

1 条评论
Tracepoints, Kprobes, or Fprobes: Which One Should You Choose?

2025年1月5日

Tracepoints, Kprobes, or Fprobes: Which One Should You Choose?

It is safe to say that almost all eBPF programs can extract and send kernel event data to user space applications…
Are We Really Stuck with One Socket, One Port?

2024年12月17日

Are We Really Stuck with One Socket, One Port?

Most UNIX programming text books as well as practices hold the following statements to be true: One socket could be…

1 条评论
?? Important Update for All Subscribers ??

2024年9月26日

?? Important Update for All Subscribers ??

As many of you know, I've been sharing in-depth insights on eBPF, Kubernetes, Devops and more technical dive-ins right…
eBPF Maps State Synchronization across Multi-Node Kubernetes Cluster

2024年8月14日

eBPF Maps State Synchronization across Multi-Node Kubernetes Cluster

When eBPF started gaining popularity, its initial adoption focused primarily on observability, offering developers new…
Challenges and Strategies in eBPF Uprobe Development

2024年8月12日

Challenges and Strategies in eBPF Uprobe Development

When it comes to eBPF development, the hardest part is moving forward from the code examples and tutorials you find on…

3 条评论
Cloud Chirp #19 ?? - Read Now (3 minutes)

2024年8月4日

Cloud Chirp #19 ?? - Read Now (3 minutes)

Recently, many tech companies have started exploring eBPF due to its independence from the main application, its small…

2 条评论

See all articles

eBPF Stateful Programs and State Synchronization Problem

Teodor Podobnik

SRE @ Prewave | Master of Science in Computer Science

The Problem

The Solution

Cloud Chirp

1,011 位关注者

Teodor Podobnik的更多文章

社区洞察

其他会员也浏览了

?? SIP Protocol as Defined in RFC 3261:

How Supervisor Solved No-IP DUC's IPv6 Update Issues

The Downfall of the Runet, possible scenarios.

How a Faulty Update Grounded the World

Nmap Commands

Web 1.0: How Did We Get Here? Part 2

OPERATING SYSTEM INTERCONNECTION (OSI)

How did CrowdStrike manage to Push the faulty update Globally?

BHIS Webcast: Your Free and Open Source EDR Options! w/ John Strand (1-Hour)

RADIUS vs TACACS+

The Problem

The Solution

Cloud Chirp

1,011 位关注者

Teodor Podobnik的更多文章

Can eBPF Provide Real-Time PostgreSQL Insights Without Degrading Performance?

Dependency Management at Scale: How To Maintain 200+ Infrastructure Tools Up to Date

Goby: A Simple CLI to Bootstrap Your eBPF Projects

Go, C, Rust, and More: Picking the Right eBPF Application Stack

Tracepoints, Kprobes, or Fprobes: Which One Should You Choose?

Are We Really Stuck with One Socket, One Port?

?? Important Update for All Subscribers ??

eBPF Maps State Synchronization across Multi-Node Kubernetes Cluster

Challenges and Strategies in eBPF Uprobe Development

Cloud Chirp #19 ?? - Read Now (3 minutes)

社区洞察

其他会员也浏览了

?? SIP Protocol as Defined in RFC 3261:

How Supervisor Solved No-IP DUC's IPv6 Update Issues

The Downfall of the Runet, possible scenarios.

How a Faulty Update Grounded the World

Nmap Commands

Web 1.0: How Did We Get Here? Part 2

OPERATING SYSTEM INTERCONNECTION (OSI)

How did CrowdStrike manage to Push the faulty update Globally?

BHIS Webcast: Your Free and Open Source EDR Options! w/ John Strand (1-Hour)

RADIUS vs TACACS+