Express Data Path

XDP (eXpress Data Path) is an eBPF-based high-performance data path used to send and receive network packets at high rates by bypassing most of the operating system networking stack. It is merged in the Linux kernel since version 4.8. This implementation is licensed under GPL. Large technology firms including Amazon, Google and Intel support its development. Microsoft released their free and open source implementation ''XDP for Windows'' in May 2022. It is licensed under MIT License.

Data path

The idea behind XDP is to add an early hook in the RX path of the kernel, and let a user supplied eBPF program decide the fate of the packet. The hook is placed in the network interface controller (NIC) driver just after the interrupt processing, and before any memory allocation needed by the network stack itself, because memory allocation can be an expensive operation. Due to this design, XDP can drop 26 million packets per second per core with commodity hardware.

The eBPF program must pass a preverifier test before being loaded, to avoid executing malicious code in kernel space. The preverifier checks that the program contains no out-of-bounds accesses, loops or global variables.

The program is allowed to edit the packet data and, after the eBPF program returns, an action code determines what to do with the packet:

* XDP_PASS: let the packet continue through the network stack
* XDP_DROP: silently drop the packet
* XDP_ABORTED: drop the packet with trace point exception
* XDP_TX: bounce the packet back to the same NIC it arrived on
* XDP_REDIRECT: redirect the packet to another NIC or user space socket via the AF_XDP address family

XDP requires support in the NIC driver but, as not all drivers support it, it can fallback to a generic implementation, which performs the eBPF processing in the network stack, though with slower performance.

XDP has infrastructure to offload the eBPF program to a network interface controller which supports it, reducing the CPU load. In 2022, many network cards support it, e.g. Netronome, Intel and Mellanox.

Microsoft is partnering with other companies and adding support for XDP in the MsQuic protocol.

AF_XDP

Along with XDP, a new address family entered in the Linux kernel starting 4.18. AF_XDP, formerly known as AF_PACKETv4 (which was never included in the mainline kernel), is a raw socket optimized for high performance packet processing and allows zero-copy between kernel and applications. As the socket can be used for both receiving and transmitting, it supports high performance network applications purely in user space.

See also

* Application layer
* Network layer
* Data link layer

References

External links

XDP documentation
on Read the Docs

AF_XDP documentation
on kernel.org
*

XDP walkthrough
at FOSDEM 2017 by Daniel Borkmann, Cilium

AF_XDP
at FOSDEM 2018 by Magnus Karlsson, Intel

eBPF.io - Introduction, Tutorials & Community Resources

L4Drop: XDP DDoS Mitigations
Cloudflare

Unimog: Cloudflare's edge load balancer
Cloudflare

Open-sourcing Katran, a scalable network load balancer
Facebook

Cilium's L4LB: standalone XDP load balancerCilium

Kube-proxy replacement at the XDP layerCilium

eCHO Podcast on XDP and load balancing

{{Authority control

Command-line software
Firewall software
Linux security software
Linux kernel features
Free and open-source software
Microsoft free software
Software using the GPL license
Software using the MIT license
2016 software