eBPF RSS virtio-net support

RSS(Receive Side Scaling) is used to distribute network packets to guest virtqueues by calculating packet hash. Usually every queue is processed then by a specific guest CPU core.

For now there are 2 RSS implementations in qemu: - ‘in-qemu’ RSS (functions if qemu receives network packets, i.e. vhost=off) - eBPF RSS (can function with also with vhost=on)

eBPF support (CONFIG_EBPF) is enabled by ‘configure’ script. To enable eBPF RSS support use ‘./configure –enable-bpf’.

If steering BPF is not set for kernel’s TUN module, the TUN uses automatic selection of rx virtqueue based on lookup table built according to calculated symmetric hash of transmitted packets. If steering BPF is set for TUN the BPF code calculates the hash of packet header and returns the virtqueue number to place the packet to.

Simplified decision formula:

queue_index = indirection_table[hash(<packet data>)%<indirection_table size>]

Not for all packets, the hash can/should be calculated.

Note: currently, eBPF RSS does not support hash reporting.

eBPF RSS turned on by different combinations of vhost-net, vitrio-net and tap configurations:

  • eBPF is used:

    tap,vhost=off & virtio-net-pci,rss=on,hash=off

  • eBPF is used:

    tap,vhost=on & virtio-net-pci,rss=on,hash=off

  • ‘in-qemu’ RSS is used:

    tap,vhost=off & virtio-net-pci,rss=on,hash=on

  • eBPF is used, hash population feature is not reported to the guest:

    tap,vhost=on & virtio-net-pci,rss=on,hash=on

If CONFIG_EBPF is not set then only ‘in-qemu’ RSS is supported. Also ‘in-qemu’ RSS, as a fallback, is used if the eBPF program failed to load or set to TUN.

RSS eBPF program

RSS program located in ebpf/rss.bpf.skeleton.h generated by bpftool. So the program is part of the qemu binary. Initially, the eBPF program was compiled by clang and source code located at tools/ebpf/rss.bpf.c. Prerequisites to recompile the eBPF program (regenerate ebpf/rss.bpf.skeleton.h):

llvm, clang, kernel source tree, bpftool Adjust Makefile.ebpf to reflect the location of the kernel source tree

$ cd tools/ebpf $ make -f Makefile.ebpf

Current eBPF RSS implementation uses ‘bounded loops’ with ‘backward jump instructions’ which present in the last kernels. Overall eBPF RSS works on kernels 5.8+.

eBPF RSS implementation

eBPF RSS loading functionality located in ebpf/ebpf_rss.c and ebpf/ebpf_rss.h.

The struct EBPFRSSContext structure that holds 4 file descriptors:

  • ctx - pointer of the libbpf context.

  • program_fd - file descriptor of the eBPF RSS program.

  • map_configuration - file descriptor of the ‘configuration’ map. This map contains one element of ‘struct EBPFRSSConfig’. This configuration determines eBPF program behavior.

  • map_toeplitz_key - file descriptor of the ‘Toeplitz key’ map. One element of the 40byte key prepared for the hashing algorithm.

  • map_indirections_table - 128 elements of queue indexes.

struct EBPFRSSConfig fields:

  • redirect - “boolean” value, should the hash be calculated, on false - default_queue would be used as the final decision.

  • populate_hash - for now, not used. eBPF RSS doesn’t support hash reporting.

  • hash_types - binary mask of different hash types. See VIRTIO_NET_RSS_HASH_TYPE_* defines. If for packet hash should not be calculated - default_queue would be used.

  • indirections_len - length of the indirections table, maximum 128.

  • default_queue - the queue index that used for packet that shouldn’t be hashed. For some packets, the hash can’t be calculated(g.e ARP).

Functions:

  • ebpf_rss_init() - sets ctx to NULL, which indicates that EBPFRSSContext is not loaded.

  • ebpf_rss_load() - creates 3 maps and loads eBPF program from the rss.bpf.skeleton.h. Returns ‘true’ on success. After that, program_fd can be used to set steering for TAP.

  • ebpf_rss_set_all() - sets values for eBPF maps. indirections_table length is in EBPFRSSConfig. toeplitz_key is VIRTIO_NET_RSS_MAX_KEY_SIZE aka 40 bytes array.

  • ebpf_rss_unload() - close all file descriptors and set ctx to NULL.

Simplified eBPF RSS workflow:

struct EBPFRSSConfig config;
config.redirect = 1;
config.hash_types = VIRTIO_NET_RSS_HASH_TYPE_UDPv4 | VIRTIO_NET_RSS_HASH_TYPE_TCPv4;
config.indirections_len = VIRTIO_NET_RSS_MAX_TABLE_LEN;
config.default_queue = 0;

uint16_t table[VIRTIO_NET_RSS_MAX_TABLE_LEN] = {...};
uint8_t key[VIRTIO_NET_RSS_MAX_KEY_SIZE] = {...};

struct EBPFRSSContext ctx;
ebpf_rss_init(&ctx);
ebpf_rss_load(&ctx);
ebpf_rss_set_all(&ctx, &config, table, key);
if (net_client->info->set_steering_ebpf != NULL) {
    net_client->info->set_steering_ebpf(net_client, ctx->program_fd);
}
...
ebpf_unload(&ctx);

NetClientState SetSteeringEBPF()

For now, set_steering_ebpf() method supported by Linux TAP NetClientState. The method requires an eBPF program file descriptor as an argument.