Flow Monitoring/Filtering for an Edge Cloud Cluster using eBPF/XDP

Abstract

In recent years, an edge cloud is emerging as a way to provide end users with enhanced networking and security for cloud based services. While virtualization made it possible for an edge cloud to provide the resources of an edge cloud cluster that supports its service more efficiently to its users, the network topology of an edge cloud cluster is growing more complicated. Accordingly, it is becoming more challenging to provide security of an edge cloud cluster. To enhance the security of an edge cloud cluster, this paper suggests monitoring-visualization-filtering system. By monitoring packets using eBPF at various locations of an edge cloud cluster, incoming flow of an edge cloud cluster can be visualized. Also, by implementing deep learning to detect any threats and showing an alarm through the visualization, an operator can efficiently identify them. Detected threats can be filtered by using a eBPF/XDP based packet filter that this paper suggests which also works in various locations of an edge cloud cluster while consuming minimum computing resources of its host machine. This paper uses enhanced K-Cluster, which is an edge cloud cluster testbed to verify the monitoringvisualization-filtering system that this paper suggests.