I'd like to propose various BPF core and networking related topics some of which we also encountered during Cilium development, for example, during our recent BPF kube-proxy replacement work: - Cilium uses BPF cgroups programs for its Kubernetes Service implementation in order to select backends and directly connect to them instead of later having to perform NAT on the skb itself in lower layers. BPF cgroups hooks are not network namespace aware while Kubernetes pods are heavily built around network namespaces. In addition to getting BPF cgroups netns aware, I'd like to discuss various other needs Cilium has around its BPF cgroups usage in order to fix some short-comings we're facing today including the addition of new hooks. - Another issue is the BPF fib lookup helper use in combination with our BPF based NodePort implementation, where goal is to discuss design proposals to enable the Cilium agent to push L3 addresses into the kernel for its backends and have the neighboring subsystem self-manage & maintain their resolution. - Third topic is to discuss a BPF-based static keys proposal in order to dynamically allow to enable/disable functionality at runtime with very low overhead and without reloading programs through the verifier. This builds upon recent work that has been done around direct jumps for optimizing tail calls. - Some of the LRU based maps in Cilium have interdependencies; currently, we use a band-aid through the means of a garbage collector in order to evict data from multiple maps, but what is needed is a LRU eviction callback that we can make use of in order to trigger deletion events in dependent maps. We'll discuss possible API options on how this could be addressed generically. Thanks, Daniel
