eBPF-based Content and Computation-aware Communication for Real-time Edge Computing

By placing computation resources within a one-hop wireless topology, the recent edge computing paradigm is a key enabler of real-time Internet of Things (IoT) applications. In the context of IoT scenarios where the same information from a sensor is used by multiple applications at different locations, the data stream needs to be replicated. However, the transportation of parallel streams might not be feasible due to limitations in the capacity of the network transporting the data. To address this issue, a content and computation-aware communication control framework is proposed based on the Software Defined Network (SDN) paradigm. The framework supports multi-streaming using the extended Berkeley Packet Filter (eBPF), where the traffic flow and packet replication for each specific computation process is controlled by a program running inside an in-kernel Virtual Ma- chine (VM). The proposed framework is instantiated to address a case-study scenario where video streams from multiple cameras are transmitted to the edge processor for real-time analysis. Numerical results demonstrate the advantage of the proposed framework in terms of programmability, network bandwidth and system resource savings.Comment: This article has been accepted for publication in the IEEE International Conference on Computer Communications (INFOCOM Workshops), 201

BPFabric: Data Plane Programmability for Software Defined Networks

In its current form, OpenFlow, the de facto implementation of SDN, separates the network’s control and data planes allowing a central controller to alter the matchaction pipeline using a limited set of fields and actions. To support new protocols, forwarding logic, telemetry, monitoring or even middlebox-like functions the currently available programmability in SDN is insufficient. In this paper, we introduce BPFabric, a platform, protocol, and language-independent architecture to centrally program and monitor the data plane. BPFabric leverages eBPF, a platform and protocol independent instruction set to define the packet processing and forwarding functionality of the data plane. We introduce a control plane API that allows data plane functions to be deployed onthe-fly, reporting events of interest and exposing network internal state. We present a raw socket and DPDK implementation of the design, the former for large-scale experimentation using environment such as Mininet and the latter for high-performance low-latency deployments. We show through examples that functions unrealisable in OpenFlow can leverage this flexibility while achieving similar or better performance to today’s static design

Bioactive Compounds Isolated From Lignin of Empty Bunch Palm Fiber and Their Effects on in Vitro Rumen Fermentation

The objective of this experiment was to study the effects of bioactive compounds isolated from purified lignin formacell (PLF) of empty bunch palm fiber as natural antimicrobes and their effects on in vitro rumen fermentation. The first experiment was inhibition test of 11 bioactive compounds isolated from PLF, using disc diffusion method against the growth of Escherichia coli, Salmonella typhimurium, and Staphylococcus aureus. Four of the most potential bioactive compounds were then used in the second experiment, which was an in vitro test using fresh rumen liquid of Ongole grade beef cattle, to study their effects on rumen fermentation. Six treatments with 3 replications were applied in a completely randomized block (CRB) design. The treatments were R0= 0.5 g basal diet; R1= R0 + 0.3 mg Rumensin®; R2= R0 + 0.3 mg syringaldehyde; R3= R0 + 0.3 mg p-hydroxybenzoic acid; R4= R0 + 0.3 mg m-hydroxybenzoic acid; and R5= R0 + 0.3 mg oxybenzene. Isolate fraction of CC-2 (syringaldehyde), CC-3 (m-hydroxybenzoic acid), VLC-5 (oxybenzene), and VLC-9 (p-hydroxybenzoic acid) exhibited antimicrobes activity against all tested bacteria. Other isolated fractions exhibited antimicrobes activity only against 1 or 2 tested bacteria. The use of syringaldehyde, p-hydroxybenzoic acid, m-hydroxybenzoic acid, and oxybenzene improved ammonia concentration, microbial protein synthesis, and nutrients digestibility. Bioactive compounds had no effect on rumen pH but reduced total VFA concentration as well as the estimate of methane production

eBPF: A New Approach to Cloud-Native Observability, Networking and Security for Current (5G) and Future Mobile Networks (6G and Beyond)

Modern mobile communication networks and new service applications are deployed on cloud-native platforms. Kubernetes (K8s) is the de facto distributed operating system for container orchestration, and the extended version of the Berkeley Packet Filter (eBPF)- in the Linux (and MS Windows) kernel- is fundamentally changing the approach to cloud-native networking, security, and observability. In this paper, we introduce what eBPF is, its potential for Telco cloud, and review some of the most promising pricing and billing models applied to this revolutionary operating system (OS) technology. These models include schemes based on a data source usage model or the number of eBPF agents deployed on the network, linked to specific eBPF modules. These modules encompass network observability, runtime security, and power dissipation monitoring. Next, we present our eBPF platform, named Sauron in this work, and demonstrate how eBPF allows us to write custom code and dynamically load eBPF programs into the kernel. These programs enable us to estimate the energy consumption of cloud-native functions, derive performance counters and gauges for transport networks, 5G applications, and non-access stratum protocols. Additionally, we can detect and respond to unauthorized access to cloud-native resources in real-time using eBPF. Our experimental results demonstrate the technical feasibility of eBPF in achieving highly performant monitoring, observability, and security tooling for current mobile networks (5G, 5G Advanced) as well as future networks (6G and beyond)

Phase and Amplitude Responses of Narrow-Band Optical Filter Measured by Microwave Network Analyzer

The phase and amplitude responses of a narrow-band optical filter are measured simultaneously using a microwave network analyzer. The measurement is based on an interferometric arrangement to split light into two paths and then combine them. In one of the two paths, a Mach-Zehnder modulator generates two tones without carrier and the narrow-band optical filter just passes through one of the tones. The temperature and environmental variations are removed by separated phase and amplitude averaging. The amplitude and phase responses of the optical filter are measured to the resolution and accuracy of the network analyzer

Unleashing Unprivileged eBPF Potential with Dynamic Sandboxing

For safety reasons, unprivileged users today have only limited ways to customize the kernel through the extended Berkeley Packet Filter (eBPF). This is unfortunate, especially since the eBPF framework itself has seen an increase in scope over the years. We propose SandBPF, a software-based kernel isolation technique that dynamically sandboxes eBPF programs to allow unprivileged users to safely extend the kernel, unleashing eBPF's full potential. Our early proof-of-concept shows that SandBPF can effectively prevent exploits missed by eBPF's native safety mechanism (i.e., static verification) while incurring 0%-10% overhead on web server benchmarks.Comment: 8 pages, 5 figures, to appear in the 1st SIGCOMM Workshop on eBPF and Kernel Extension