Express Data Path#AF XDP

File:Netfilter-packet-flow.svg. XDP bypasses the networking stack and memory allocation for packet metadata.|alt=]]

The idea behind XDP is to add an early hook in the RX path of the kernel, and let a user supplied eBPF program decide the fate of the packet. The hook is placed in the network interface controller (NIC) driver just after the interrupt processing, and before any memory allocation needed by the network stack itself, because memory allocation can be an expensive operation. Due to this design, XDP can drop 26 million packets per second per core with commodity hardware.{{Citation|last=Høiland-Jørgensen|first=Toke|title=Source text and experimental data for our paper describing XDP: tohojo/xdp-paper|date=2019-05-03|url=https://github.com/tohojo/xdp-paper/blob/master/benchmarks/bench01_baseline.org#initial-data-from-jespers-runs|access-date=2019-05-21}}

The eBPF program must pass a preverifier test{{Cite web|url=https://lwn.net/Articles/740157/|title=A thorough introduction to eBPF [LWN.net]|website=lwn.net|access-date=2019-05-14}} before being loaded, to avoid executing malicious code in kernel space. The preverifier checks that the program contains no out-of-bounds accesses, loops or global variables.

The program is allowed to edit the packet data and, after the eBPF program returns, an action code determines what to do with the packet:

• XDP_PASS: let the packet continue through the network stack
• XDP_DROP: silently drop the packet
• XDP_ABORTED: drop the packet with trace point exception
• XDP_TX: bounce the packet back to the same NIC it arrived on
• XDP_REDIRECT: redirect the packet to another NIC or user space socket via the AF_XDP address family

XDP requires support in the NIC driver but, as not all drivers support it, it can fallback to a generic implementation, which performs the eBPF processing in the network stack, though with slower performance.{{Cite web|url=https://www.mail-archive.com/netdev@vger.kernel.org/msg165397.html|title=net: Generic XDP|website=www.mail-archive.com|access-date=2019-05-14}}

XDP has infrastructure to offload the eBPF program to a network interface controller which supports it, reducing the CPU load. In 2023, only Netronome{{Cite web|url=https://www.netronome.com/blog/bpf-ebpf-xdp-and-bpfilter-what-are-these-things-and-what-do-they-mean-enterprise/|title=BPF, eBPF, XDP and Bpfilter… What are these things and what do they mean for the enterprise? - Netronome|website=www.netronome.com|language=en|access-date=2019-05-14}} cards support it.

Microsoft is partnering with other companies and adding support for XDP in its MsQuic implementation of the QUIC protocol.

Along with XDP, a new address family entered in the Linux kernel starting 4.18.{{Cite web|url=https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=08dbc7a66af2321661173c04d872eba44003cc13|title=kernel/git/torvalds/linux.git - Linux kernel source tree|website=git.kernel.org|access-date=2019-05-16}} AF_XDP, formerly known as AF_PACKETv4 (which was never included in the mainline kernel),{{Cite web|url=https://lore.kernel.org/netdev/95aaafdc-ef8a-c4b9-6104-a1a753c81820@intel.com/T/|title=Questions about AF_PACKET V4 and AF_XDP|website=Kernel.org}} is a raw socket optimized for high performance packet processing and allows zero-copy between kernel and applications. As the socket can be used for both receiving and transmitting, it supports high performance network applications purely in user space.{{Cite web|url=https://lwn.net/Articles/750845/|title=Accelerating networking with AF_XDP [LWN.net]|website=lwn.net|access-date=2019-05-16}}

{{Portal|Free and open-source software}}

• Application layer
• Network layer
• Data link layer

{{Reflist}}

• [https://prototype-kernel.readthedocs.io/en/latest/networking/XDP/ XDP documentation] on Read the Docs
• [https://www.kernel.org/doc/html/latest/networking/af_xdp.html AF_XDP documentation] on kernel.org
• {{GitHub|microsoft/xdp-for-windows}}
• [https://archive.fosdem.org/2017/schedule/event/ebpf_xdp/ XDP walkthrough] at FOSDEM 2017 by Daniel Borkmann, Cilium
• [https://archive.fosdem.org/2018/schedule/event/af_xdp/ AF_XDP] at FOSDEM 2018 by Magnus Karlsson, Intel
• [https://ebpf.io/ eBPF.io - Introduction, Tutorials & Community Resources]
• [https://blog.cloudflare.com/l4drop-xdp-ebpf-based-ddos-mitigations/ L4Drop: XDP DDoS Mitigations], Cloudflare
• [https://blog.cloudflare.com/unimog-cloudflares-edge-load-balancer/ Unimog: Cloudflare's edge load balancer], Cloudflare
• [https://code.fb.com/open-source/open-sourcing-katran-a-scalable-network-load-balancer/ Open-sourcing Katran, a scalable network load balancer], Facebook
• [https://cilium.io/blog/2021/05/20/cilium-110#standalonelb Cilium's L4LB: standalone XDP load balancer], [https://cilium.io/ Cilium]
• [https://cilium.io/blog/2020/06/22/cilium-18#kube-proxy-replacement-at-the-xdp-layer Kube-proxy replacement at the XDP layer], [https://cilium.io/ Cilium]
• [https://github.com/isovalent/eCHO/tree/main/episodes/009 eCHO Podcast on XDP and load balancing]

{{Authority control}}

Category:Command-line software

Category:Firewall software

Category:Linux security software

Category:Linux kernel features

Category:Free and open-source software

Category:Microsoft free software

Category:Software using the GNU General Public License

Category:Software using the MIT license

Category:2016 software

Category:Free software programmed in C