Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the technical challenges and solutions for implementing Fully Qualified Domain Name (FQDN) policies directly in the Linux kernel using eBPF in this conference talk from the Linux Plumbers Conference. Learn how container networking plugins like Cilium traditionally rely on user-space DNS proxies to intercept DNS-to-IP mappings and implement CIDR-based policies, creating reliability issues when proxies experience downtime. Discover how recent eBPF enhancements enable native DNS parsing in kernel space, allowing for the complete elimination of user-space proxies and resulting in improved tail latencies and decoupled data plane and control plane operations. Understand the implementation details of stream parser and stream verdict BPF programs that support DNS over TCP, while examining the complexities introduced by DNS compression features. Gain insights into the development challenges encountered, including verifier behavior issues that required extensive debugging and kernel version upgrades to resolve. Examine specific scenarios where understanding verifier internals became crucial for successful implementation, and explore potential improvements to the developer experience through better documentation and abstractions that could simplify verifier operations for future eBPF developers working on similar networking solutions.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
