OpenStack is a powerful and flexible platform for building private and public clouds, but it can also be complex to manage, especially when it comes to networking and observability. In this post, we’ll explore how eBPF is being used to supercharge OpenStack, providing significant improvements in performance, networking, and tracing.

The Challenge: Networking and Observability in OpenStack

Traditional networking in virtualized environments often relies on overlay networks, which can introduce performance overhead due to encapsulation. Similarly, gaining deep visibility into the behavior of OpenStack’s many microservices can be challenging with traditional monitoring tools.

This is where eBPF comes in. By running sandboxed programs directly in the Linux kernel, eBPF can provide a level of performance and visibility that is difficult to achieve with other methods.

Accelerated Networking with eBPF and XDP

One of the most exciting applications of eBPF in OpenStack is in the area of networking. eBPF, combined with XDP (eXpress Data Path), can be used to create a high-performance data plane that can significantly accelerate network traffic.

For example, a proof-of-concept by Luis Tomás demonstrates how to use eBPF/XDP to accelerate BGP routing in an OpenStack environment. By replacing traditional ip rules and ip routes with an eBPF program, traffic can be redirected to the OVN overlay at the kernel level, or even offloaded to the network card for maximum performance.

This approach can lead to:

  • Reduced latency: By bypassing parts of the kernel’s networking stack.
  • Increased throughput: By processing packets more efficiently.
  • Lower CPU utilization: By offloading work from the main CPU.

Projects like Cilium and Calico, which can be used as networking plugins for OpenStack, also leverage eBPF to provide a high-performance data plane. When running on bare metal, these solutions can eliminate the “double encapsulation” problem found in many virtualized environments, leading to even greater performance gains.

In-Kernel Analytics and Tracing

eBPF is not just for networking. It’s also a powerful tool for in-kernel analytics and tracing, which can be used to improve the security and observability of OpenStack clouds.

A presentation from the OpenStack Summit in Vancouver 2023 showed how eBPF can be used to build security profiles of OpenStack services like Nova, Neutron, and Keystone. By monitoring API calls and file system access at the kernel level, it’s possible to detect anomalies and potential security threats, such as brute-force attacks or SQL injection, with high accuracy.

This deep level of visibility can also be used for:

  • Performance troubleshooting: Identifying bottlenecks and performance regressions in OpenStack services.
  • Resource accounting: Getting detailed information about resource usage by different tenants and services.
  • Compliance and auditing: Creating a detailed audit trail of all activity in the cloud.

Getting Started with eBPF in OpenStack

If you’re interested in exploring the benefits of eBPF in your own OpenStack environment, here are a few resources to get you started:

  • Calico for OpenStack: The Calico documentation provides detailed instructions on how to deploy Calico with OpenStack, including the requirements for using the eBPF data plane.
  • Cilium: While not exclusively an OpenStack project, Cilium’s powerful eBPF-based networking and security features can be integrated with OpenStack.
  • eBPF.io: The official eBPF website is the best place to learn more about eBPF itself and find a wealth of resources, including tutorials, documentation, and a list of related projects.

As the OpenStack and eBPF communities continue to collaborate, we can expect to see even more exciting and innovative uses of this powerful technology in the future.