The IETF (Internet Engineering Task Force) Committee, responsible for developing protocols and architecture of the Internet, recently finalized the formation of RFC for the architecture of a set of BPF (Berkeley Packet Filter) and published the related specification for RFC 9669. The RFC has been categorized as a “proposed standard”, marking the beginning of efforts to elevate it to the status of a draft standard, symbolizing complete stabilization and accounting for all comments received.
The published specification outlines the BPF Bitcode instructions and a low-level virtual machine utilized in the Linux EBPF kernel subsystem to enable external processors to alter the system without necessitating changes to the kernel code. The EBPF functions as a basic virtual processor with registers, RISC-like instructions, stack, and meter. BPF programs are typically written in the BPF Assembly language, compiled into bytecode for execution in a virtual machine capable of interpreting and using JIT-compilation for bytecode translation into machine instructions.
The standardization of the BPF architecture set is anticipated to encourage the creation of third-party implementations compatible with the EBPF virtual machine for running BPF programs designed for the Linux kernel. Some network adapter manufacturers are working on developing virtual machines that can execute BPF programs, aiming to enhance the capabilities of the Express Data Path (XDP) subsystem for running BPF programs not only at the network driver level but also at the network card level.
For instance, Netronome has integrated BPF support into the Netronome Agilio CX Smartnic and supplied a variety of universal BPF program examples that can run on a CPU in a kernel with any XDP-compatible driver or on the network card itself. This capability allows for packet decision-making, modification, or redirection without utilizing CPU resources. Additionally, XRP technology is being developed to enable operations with NVMe drives, such as working with indices and data aggregation, at the driver level or on an external device.
Despite the potential benefits, concerns surrounding compatibility issues and the need to monitor EBPF state within the kernel have delayed broader implementation of such functionalities. Some manufacturers have postponed incorporating BPF hardware acceleration tools into their devices until a standardized solution is established.