[LSF/MM/BPF] BPF: various topics

[LSF/MM/BPF] BPF: various topics

[Daniel Borkmann]

I'd like to propose various BPF core and networking related topics some of which we
also encountered during Cilium development, for example, during our recent BPF
kube-proxy replacement work:

- Cilium uses BPF cgroups programs for its Kubernetes Service implementation
   in order to select backends and directly connect to them instead of later
   having to perform NAT on the skb itself in lower layers. BPF cgroups hooks
   are not network namespace aware while Kubernetes pods are heavily built
   around network namespaces. In addition to getting BPF cgroups netns aware,
   I'd like to discuss various other needs Cilium has around its BPF cgroups
   usage in order to fix some short-comings we're facing today including
   the addition of new hooks.
- Another issue is the BPF fib lookup helper use in combination with our BPF
   based NodePort implementation, where goal is to discuss design proposals to
   enable the Cilium agent to push L3 addresses into the kernel for its backends
   and have the neighboring subsystem self-manage & maintain their resolution.
- Third topic is to discuss a BPF-based static keys proposal in order to
   dynamically allow to enable/disable functionality at runtime with very low
   overhead and without reloading programs through the verifier. This builds upon
   recent work that has been done around direct jumps for optimizing tail calls.
- Some of the LRU based maps in Cilium have interdependencies; currently, we
   use a band-aid through the means of a garbage collector in order to evict
   data from multiple maps, but what is needed is a LRU eviction callback that
   we can make use of in order to trigger deletion events in dependent maps.
   We'll discuss possible API options on how this could be addressed generically.

Thanks,
Daniel