Packet Forwarding on Linux on Software Gone Wild
Linux operating system is used as the foundation for numerous network operating systems including Arista EOS and Cumulus Linux. It provides most networking constructs we grew familiar with including interfaces, VLANs, routing tables, VRFs and contexts, but they behave slightly differently from what we’re used to.
In Software Gone Wild Episode 86 Roopa Prabhu and David Ahern explained the fundamentals of packet forwarding on Linux, and the differences between Linux and more traditional network operating systems.
We started with the easy question "why does Cumulus care about the performance of software packet forwarding on Linux," and continued with a long list of interesting topics:
- Why should the control-plane processes use Linux data structures and not bypass them using things like OVSDB?
- What is NetLink API and how is it used by Cumulus hardware drivers?
- What is SwitchDev API and why is it becoming popular?
- Where are routing and forwarding tables stored on Linux?
- Why would you want to have multiple routing tables on a Linux box?
- How could you use those routing tables to implement VRFs and why was it traditionally so hard to do?
- How did Cumulus change the behavior of Linux routing tables to make VRFs simpler to use?
- What scaling problems would you hit when trying to implement VRFs with Linux routing tables, and how did Cumulus engineers solve them?
- How is route leaking between VRFs implemented on Linux?
- What are Linux namespaces and why are they not the right mechanism to implement VRFs?
For more details listen to the podcast and read the VRF for Linux blog post by David Ahern.
as always, i loved the podcast, but I did have an observation i wanted to make. David and Noopa did an excellent job of describing the differences between namespaces and VRFs, but it wasn't clear what namespaces were good for. It seems like it might have been worth mentioning that containers make extensive use of namespaces to provide isolation. there appear to be 7 different namespaces providing all sorts of isolation.
i also wanted to suggest that maybe namespaces and containers might be an excellent topic for your next linux podcast. keep up the good work!