Submitted
eBPF maps are powerful enough to express any type of configuration and runtime information for packet processing engines. However, DDoS protection applications may step behind usual usecases, and corner cases of algorithms in the eBPF maps appear more often and strike harder.
Aggressive insertions into maps, exhaustion of preallocated space, and races - typical situations during an incoming DDoS attack. In this talk, we will cover additions that we had to make for the eBPF maps to make them more scalable under attacks and to drop malicious traffic more effectively, and additions that help us monitor situations better and avoid possible degradations.
| OveMer | RevExp | ||
|---|---|---|---|
| Review #9A | Florian Westphal 1 | 3 | 2 |
| Review | Kuniyuki Iwashima 1 | 3 | 2 |
| Review | Cong Wang 1 | 5 | 3 |
| Review | Martin KaFai Lau 1 | 4 | 3 |
| Review (not started) | Alex Duyck 2 | ||
![[Main]](../images/view48.png)
Main![[Review]](../images/review48.png)
Review![[PDF]](../images/pdf.png)
tailoring-ebpf-maps-for-ddos.pdf![[Assign]](../images/assign48.png){kind=small}
External reviews![[Add comment]](../images/comment48.png){kind=small}
Add comment![[Text]](../images/txt24.png)
Reviews and comments in plain text