Extensible virtual switch datapath
First Claim
Patent Images
1. A method for processing data packets at a generic packet filtering subsystem on a host machine, the method comprising:
- receiving a packet;
generating a flow key by parsing at least one of header information and metadata of the packet;
looking up a flow table to determine whether there is a match for the flow key;
identifying a fixed length array returned by the flow table based on the flow key, the fixed-length array including a plurality of elements, wherein each of the plurality of elements provides an indication of a type of action to execute on the packet; and
executing one or more actions corresponding to one or more types of actions indicated by the plurality of elements of the fixed-length array using one or more action programs.
1 Assignment
0 Petitions
Accused Products
Abstract
Certain embodiments described herein are generally directed to configuring an extended Berkeley Packet Filter (eBPF) fast path. In some embodiments, a fixed-length array of actions is generated and loaded into the eBPF fast path, where each element of the array indicates a type of action for execution on a packet received by the eBPF fast path. In some embodiments, the eBPF fast path is loaded with a number of eBPF programs, each configured to execute a different type of action.
29 Citations
24 Claims
-
1. A method for processing data packets at a generic packet filtering subsystem on a host machine, the method comprising:
-
receiving a packet; generating a flow key by parsing at least one of header information and metadata of the packet; looking up a flow table to determine whether there is a match for the flow key; identifying a fixed length array returned by the flow table based on the flow key, the fixed-length array including a plurality of elements, wherein each of the plurality of elements provides an indication of a type of action to execute on the packet; and executing one or more actions corresponding to one or more types of actions indicated by the plurality of elements of the fixed-length array using one or more action programs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer readable medium comprising instructions to be executed in a computer system, wherein the instructions when executed in the computer system perform a method for processing data packets at a generic packet filtering subsystem on a host machine, the method comprising:
-
receive a packet; generate a flow key by parsing at least one of header information and metadata of the packet; look up a flow table to determine whether there is a match for the flow key; identify a fixed length array returned by the flow table based on the flow key, the fixed-length array including a plurality of elements, wherein each of the plurality of elements provides an indication of a type of action to execute on the packet; execute one or more actions corresponding to one or more types of actions indicated by the plurality of elements of the fixed-length array using one or more action programs. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer system comprising:
-
one or more virtual machines; and a hypervisor serving as an interface between the one or more virtual machines and hardware resources of the computer system, the hypervisor comprising a virtual switch that comprises; a slow path subsystem used for configuring a fast path subsystem with a fixed-length array; and the fast path subsystem configured to; receive a packet for a virtual machine of the one or more virtual machines; generate a flow key by parsing at least one of header information and metadata of the packet; look up a flow table to determine whether there is a match for the flow key; identify a fixed length array returned by the flow table based on the flow key, the fixed-length array including a plurality of elements, wherein each of the plurality of elements provides an indication of a type of action to execute on the packet; execute one or more actions corresponding to one or more types of actions indicated by the plurality of elements of the fixed-length array using one or more action programs. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification