News

Talk: "The CLASShoFIREs: who's got your back?" (Jamal Hadi Salim, Lucas Bates)

Description:

In this paper we are going to do performance comparison between two new tc packet classification approaches added to the kernel recently, ebpf and flower in comparison with old lady u32. The talk is going to briefly discuss their differing philosophical approaches in solving the packet classification problem and then focus on their respective compute overheads from a black box perspective in a methodical way.

Different data path insertion points will be analyzed from a throughput perspective in conjunction with control plane overhead.

Tags:

Talk: "MACsec: encryption for the wired LAN" (Sabrina Dubroca)

Description:

MACsec, or IEEE 802.1AE, is an encryption standard for wired LANs. It can also secure VLANs, protect DHCP traffic, prevent tampering on ethernet headers, on real devices or over VXLAN. It can be used on its own, or rely on 802.1X for authentication and key distribution via the MACsec Key Agreement (MKA) extension.

In a cloud setting, MACsec over VXLAN could allow encryption to be performed by the tenants themselves instead of relying on the provider's hypervisor.

Tags:

Talk: "Bridge filtering with nftables" (Florian Westphal)

Description:

The current Linux bridge/ebtables architecture has several shortcomings. In the past those were worked around by adding 'header stripping' features to the bridge netfilter core or by invoking ip(6)tables hooks directly from the bridge layer.

Nftables, a framework to replace and unify the various packet filtering tools in the Linux kernel offers an opportunity to provide a more flexible approach to handling bridge filtering needs.

Tags:

BoF: "IPsec performance" (Steffen Klassert)

Description:

IPsec suffers from poor performance compared to non IPsec protocols. This is mostly because the needed crypto operations are cpu intensive, but also the IPsec networking path is not well optimized.

This BoF is to discuss possible improvements of the IPsec networking path.

Here we want to consider pure software improvements as well as hardware support for IPsec.

Possible improvements could be:

Tags:

Tutorial: "Deploying MPLS with Linux" (Roopa Prabhu)

Description:

The Linux kernel recently added a new MPLS datapath driver and API to configure MPLS fib. This tutorial introduces users to these recent MPLS developments in the Linux kernel and walks through the process of setting up and deploying MPLS with Linux.

Agenda:

  • A brief introduction to MPLS.
  • Linux kernel MPLS infrastructure.
  • Light weight tunnel infrastructure.
  • MPLS ip tunnels using the light weight tunnel infrastructure.
  • Deploying Linux MPLS LSP and LER routers.
  • Futures.

Tags:

Talk: "IPv6 route lookup performance and scaling" (Michal Kubeček)

Description:

Some of our customers have been observing IPv6 performance problems on their high load routers; these could be tracked down to IPv6 route lookup and its scaling to higher number of CPU.

Tags:

Tutorial: "Namespaces and CGroups, the basis of Linux containers" (Rami Rosen)

Description:

It is clear to everyone that containers are getting a growing part in our world. This tutorial will describe the kernel infrastructure of Linux Container projects, namely the Namespaces and CGroups subsystems, focusing on its network aspects (like Network namespaces and CGouprs networking kernel modules).

This is the suggested agenda of the talk:

Tags:

Keynote: "Hardware Checksumming: Less is More" (David S. Miller)

We are happy to confirm that David S. Miller (Linux Networking Maintainer) will be giving the following keynote speech: "Hardware Checksumming: Less is More".

Tags:

BoF: "Unlocking SR-IOV in Linux" (John Fastabend)

Description:

The Linux kernel does not fully utilize existing hardware capabilities provided by SR-IOV. As a result user-space consumers (such as libvirt) end up only supporting the most basic of features. The result is serious users of SR-IOV end up depending on proprietary implementations outside of Linux.

The purpose of this BOF is to get SR-IOV on Linux unstuck from the current stall.

Any of the following are highly encouraged to attend:

Tags:

Talk: "Measuring wifi performance across all Google Fiber customers" (Avery Pennarun)

Description:

In the last year, Google Fiber has added lots of interesting (and open source) self-analysis features to our fleet of wifi access points in customers' homes in Kansas City, Provo, and Austin. In the background we collect data like transfer speeds, signal strength, device capabilities, background interference, and so on. We also have a "device taxonomy" that allows us to break down the data by device types such as tablets, iPhones, Windows PCs, Chromecasts, etc. Avery will show lots of surprising and unsurprising charts and show how they

Tags:

Pages