Michel Machado

icon company Digirati icon location Boston, MA

Results 208 comments of Michel Machado

Is it feasible to use mysql for policy storage

Yes, it's feasible.

Enable policies to load balance flows

When Gatekeeper acts as a load balancer, the final destinations have to decapsulate the packets themselves if direct delivery (see #230) is not possible. This can be done with a...

Enable policies to load balance flows

Other examples of large scale load balancers: [Maglev](https://research.google.com/pubs/archive/44824.pdf), [Unimog](https://blog.cloudflare.com/unimog-cloudflares-edge-load-balancer/), and [GLB](https://github.blog/2018-08-08-glb-director-open-source-load-balancer/). These examples provide design references that can be useful for Gatekeeper.

Replace the ACL library with the BPF library

The BPF program must be written in such a way that it prioritizes the longest matching filter. See motivation for this in issue #462. Do ntuple filters support longest matching...

Replace the ACL library with the BPF library

The new solution should also fold in Ethernet Type filters. This will remove awareness of any particular type of filter from the GK and GT blocks.

Replace the ACL library with the BPF library

Having `struct rte_flow_item` as the input for the pattern to be matched will make it easier to use this BPF library since it's the same interface for [DPDK's generic flow...

Allocate Lua states on NUMA nodes that GT instances reside

One can do this using `lua_newstate()` instead of `luaL_newstate()`. One find more information about `lua_newstate()` in the second edition of the book "Programming in Lua", Chapter "31 Memory Management", Section...

Allocate Lua states on NUMA nodes that GT instances reside

The patch https://github.com/AltraMayor/gatekeeper/commit/c5959c06f99e83eb614439508e3f69eca08fe0fa almost closes this issue, but it doesn't do so because the current version of DPDK that we are using does not include `rte_realloc_socket()`. Once we upgrade our...

Allocate Lua states on NUMA nodes that GT instances reside

The patch https://github.com/AltraMayor/gatekeeper/commit/c5959c06f99e83eb614439508e3f69eca08fe0fa had to be disabled because LuaJIT does not support `lua_newstate()` on 64-bit targets. See issue #261 for details. Until LuaJIT finds a solution for this problem and...

How to make policy updates take effect immediately

`dylib.update_gt_lua_states()` and `dylib.update_gt_lua_states_incrementally()` immediately update the Lua policy on Grantor servers, but they have no effect on policy decisions that Gatekeeper servers had previously received. One has to wait for...