Express Data Path

XDP (eXpress Data Path) is an eBPF-based high-performance network data path used to send and receive network packets at high rates by bypassing most of the operating system networking stack. It is merged in the Linux kernel since version 4.8.^[2] This implementation is licensed under GPL. Large technology firms including Amazon, Google and Intel support its development. Microsoft released their free and open source implementation XDP for Windows in May 2022.^[1] It is licensed under MIT License.^[3]

The idea behind XDP is to add an early hook in the RX path of the kernel, and let a user supplied eBPF program decide the fate of the packet. The hook is placed in the network interface controller (NIC) driver just after the interrupt processing, and before any memory allocation needed by the network stack itself, because memory allocation can be an expensive operation. Due to this design, XDP can drop 26 million packets per second per core with commodity hardware.^[4]

The eBPF program must pass a preverifier test^[5] before being loaded, to avoid executing malicious code in kernel space. The preverifier checks that the program contains no out-of-bounds accesses, loops or global variables.

The program is allowed to edit the packet data and, after the eBPF program returns, an action code determines what to do with the packet:

• XDP_PASS: let the packet continue through the network stack
• XDP_DROP: silently drop the packet
• XDP_ABORTED: drop the packet with trace point exception
• XDP_TX: bounce the packet back to the same NIC it arrived on
• XDP_REDIRECT: redirect the packet to another NIC or user space socket via the AF_XDP address family

XDP requires support in the NIC driver but, as not all drivers support it, it can fallback to a generic implementation, which performs the eBPF processing in the network stack, though with slower performance.^[6]

XDP has infrastructure to offload the eBPF program to a network interface controller which supports it, reducing the CPU load. In 2023, only Netronome^[7] cards support it.

Microsoft is partnering with other companies and adding support for XDP in its MsQuic implementation of the QUIC protocol.^[1]

Along with XDP, a new address family entered in the Linux kernel starting 4.18.^[8] AF_XDP, formerly known as AF_PACKETv4 (which was never included in the mainline kernel),^[9] is a raw socket optimized for high performance packet processing and allows zero-copy between kernel and applications. As the socket can be used for both receiving and transmitting, it supports high performance network applications purely in user space.^[10]

Lua error in mw.title.lua at line 392: bad argument #2 to 'title.new' (unrecognized namespace name 'Portal').

• Application layer
• Network layer
• Data link layer

• XDP documentation on Read the Docs
• AF_XDP documentation on kernel.org
• xdp-for-windows on GitHub
• XDP walkthrough at FOSDEM 2017 by Daniel Borkmann, Cilium
• AF_XDP at FOSDEM 2018 by Magnus Karlsson, Intel
• eBPF.io - Introduction, Tutorials & Community Resources
• L4Drop: XDP DDoS Mitigations, Cloudflare
• Unimog: Cloudflare's edge load balancer, Cloudflare
• Open-sourcing Katran, a scalable network load balancer, Facebook
• Cilium's L4LB: standalone XDP load balancer, Cilium
• Kube-proxy replacement at the XDP layer, Cilium
• eCHO Podcast on XDP and load balancing

Lua error in Module:Authority_control at line 153: attempt to index field 'wikibase' (a nil value).