facebookincubator/katran facebookincubator/katran

  • Stars
    star
    4,674
  • Rank 9,050 (Top 0.2 %)
  • Language
    C
  • License
    GNU General Publi...
  • Created over 6 years ago
  • Updated 3 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
facebookincubator/katran
github

facebookincubator

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A high performance layer 4 load balancer

logo

Support Ukraine CI Status

Katran is a C++ library and BPF program to build high-performance layer 4 load balancing forwarding plane. Katran leverages XDP infrastructure from the kernel to provide an in-kernel facility for fast packet's processing.

Katran's key features

  1. Blazing fast (especially w/ XDP in driver mode).
  2. Performance scaling linearly with a number of NIC's RX queues.
  3. RSS friendly encapsulation.

See the detailed features' description below :

Documentation's sections

  1. README (this file) - a generic overview of katran.
  2. USAGE - the detailed description of how katran's library can be used, configured or changed.
  3. DEVELOPING - description of how developing process looks like: how to build and test katran.
  4. EXAMPLE - output of how to run provided examples (thrift and gRPC services, which leverage katran library)

Examples of usage

We provide simple examples of katran library usage w/ thrift and gRPC endpoints. Please refer to Examples for more detailed information.

Installation

Current distribution tested: Ubuntu 20.04

Requirements:

  • Recent linux kernel (5.6+)
  • Recent version of clang compiler (6.0+) For ubuntu if unsure run sudo apt install build-essential

build.sh

This script is a simple wrapper around getdeps.py (see next section). It requiers python3.6 or later in your PATH.

To install dependencies run: ./build.sh install

To build: ./build.sh <params>

If no flags are added then a default build is executed using the --allow-system-packages flag: ./build.sh

To do more complex stuff or understand how everything is build you can read the getdeps.py section and script.

getdeps.py

This script is used by many of Meta's OSS tools. It will download and build all of the necessary dependencies first, and will then invoke cmake etc to build katran. This will help ensure that you build with relevant versions of all of the dependent libraries, taking into account what versions are installed locally on your system.

It's written in python so you'll need python3.6 or later on your PATH. It works on Linux, macOS and Windows.

The settings for katran's cmake build are held in its getdeps manifest build/fbcode_builder/manifests/katran, which you can edit locally if desired.

This script will download and build all of the necessary dependencies first, and will then invoke cmake etc to build katran. This will help ensure that you build with relevant versions of all of the dependent libraries, taking into account what versions are installed locally on your system.

Currently requires python 3.6+ to be on your path.

python3 ./build/fbcode_builder/getdeps.py --allow-system-packages build katran

It puts output in its scratch area:

  • installed/katran/lib/

You can also specify a --scratch-path argument to control the location of the scratch directory used for the build. You can find the default scratch install location from logs or with python3 ./build/fbcode_builder/getdeps.py show-inst-dir

There are also --install-dir and --install-prefix arguments to provide some more fine-grained control of the installation directories. However, given that katran provides no compatibility guarantees between commits we generally recommend building and installing the libraries to a temporary location, and then pointing your project's build at this temporary location, rather than installing katran in the traditional system installation directories. e.g., if you are building with CMake you can use the CMAKE_PREFIX_PATH variable to allow CMake to find katran in this temporary installation directory when building your project.

If you want to invoke cmake again to iterate, there is a helpful run_cmake.py script output in the scratch build directory. You can find the scratch build directory from logs or with python3 ./build/fbcode_builder/getdeps.py show-build-dir

build_katran.sh (to be deprecated)

To build and install katran library and thrift/gRPC examples - you need to run build_katran.sh script.

It should take care of all the required dependencies. If you need to build it for other Linux distributions, you need to make sure that you have installed: - folly - recent version of clang compiler (6.0+) - glog/gtest/gflags/elf libraries

Additionally, if you want to build examples, fbthrift and gRPC must be installed, as well!

While we run Meta's CI on CentOS, we do our best to support OSS build on recent Ubuntu versions. If you have any issues with build or need older Ubuntu versions - open github issue or better send us PR :)

Motivation behind layer 4 load balancing

Layer 4 load balancer (lb) enables to easily scale out Layer7 load balancers (the ones which terminate TCP sessions). Benefits of L4 lb over other techniques for scaling L7 lb is that it is :

  1. compared to DNS it doesn't need to wait for TTL to redirect traffic from failed L7 lb.

  2. compared to anycast-based solution, L4 lbs are more resilient to the networking related issues (which triggers mass ECMP reshuffle)/ enable better handling of adding/removing of L7 lbs from the pool as well as provide better support for unequal load balancing.

Environment requirements for katran to run

There are special requirements for katran to work properly. However, we do believe that most of the potential users of the library can easily satisfy them:

  1. katran works only in DSR (direct service response) mode.

  2. Network topology should be L3 based (everything above the top of the rack switch should be routed). This is because we are 'offloading' routing decision for sending packets to the real server to first routing device (by unconditionally sending all packets from katran there.)

  3. katran doesn't support fragmentation (it cannot forward the fragmented packet, nor it can fragment them by itself if resulting packet size is bigger then MTU). This could be mitigated either by increasing MTU inside your network or by changing advertising TCP MSS from L7 lbs (this is recommended even if you have increased MTU, as it will prevent fragmentation related issues towards some of the client. For example, if instead of default TCP MSS 1460 (for ipv4) you will advertise 1450 - it will help clients behind PPPoE connection).

  4. katran doesn't support packets w/ IP options set.

  5. Maximum packet size cannot be bigger than 3.5k (and 1.5k by default).

  6. katran is built with the assumption that it's going to be used in a "load balancer on a stick" scenario: where single interface would be used both for traffic "from user to L4 lb (ingress)" and "from L4 lb to L7 lb (egress)."

L4 load balancing network topology

alt text

Steps:

  1. katran receives packet

  2. Checks if the destination of the packet is configured as a VIP (virtual IP address - IP address of the service).

  3. For an incoming packet toward a VIP - katran is checking if it saw packet from the same session before, and if it has - it sends the packet to the same real (actual server/l7 lb which then processes/terminates the TCP session).

  4. If it's a new session - from 5 tuples in the packet, calculate a hash value.

  5. Using this hash value - pick a real server.

  6. Update session table with this lookup information so that katran can simply lookup this information for the next packet in the session and not calculate the hash again.

  7. Encapsulate packet in another IP packet and send to the real.

L4 load balancing failure scenario

alt text

As we use only the data from the packet's headers to calculate a hash value, which is then used to pick a real server, different L4 lbs are consistent in real server selection, even w/o explicit state sharing amongst each other. This feature allows us to restart/drain single L4 lb w/o affecting TCP sessions, going to the L7 lbs.

katran's features description

  1. Fast : katran uses XDP for packet forwarding, which allows to run packet handling routines right after packet has been received by network interface card (NIC) and before kernel had any chance to run (when XDP is working in "driver mode", katran supports "generic XDP" mode of operation as well (with some performance degradation compare to "driver mode")).

  2. Performance scales linearly with a number of NIC's RX queues : The way XDP works is that it invokes BPF program on every received packet, and if your NIC has multiple queues, for each of them BPF program will be invoked independently. As katran is completely lockless and uses per-cpu versions of BPF maps - it scales linearly.

  3. RSS friendly encapsulation : katran is uses ipip encapsulation for packet forwarding from L4 lb to L7 lb. However, to be able to work in conjunction with RSS on L7 lb receive side, instead of using the same source for every ipip packet, katran crafts a special one, in such a way, that different flows will have different outer (ipip) source IP, but packets in same flow will always have the same.

  4. Fixed size (size is configurable on start) connection tracking table w/ LRU strategy for eviction of old entries.

  5. Modified Maglev hashing for connections : It provides us good resiliency in case of failure and excellent load balancing features. The hashing was modified to be able to support unequal weights for backend (L7 lbs) servers

  6. No need for busylooping on receive path : Your load balancer will barely consume any CPU if there is no traffic to serve.

  7. katran (and XDP in general) allows you to run any application w/o any performance penalties on the same server (compare to some of other "kernel bypass" technologies)

Trivia

katran is named (it's actually an alternative name) after spiny dogfish shark.

License

katran is GPL-2.0 licensed, as found in the LICENSE file.

More Repositories

1

SocketRocket

A conforming Objective-C WebSocket client library.
Objective-C
9,534
star
2

AITemplate

AITemplate is a Python framework which renders neural network into high performance CUDA/HIP C++ code. Specialized for FP16 TensorCore (NVIDIA GPU) and MatrixCore (AMD GPU) inference.
Python
4,515
star
3

velox

A C++ vectorized database acceleration library aimed to optimizing query engines and data processing systems.
C++
3,474
star
4

cinder

Cinder is Meta's internal performance-oriented production version of CPython.
Python
3,458
star
5

FBX2glTF

A command-line tool for the conversion of 3D model assets on the FBX file format to the glTF file format.
C++
2,060
star
6

spectrum

A client-side image transcoding library.
C++
1,987
star
7

oomd

A userspace out-of-memory killer
C++
1,795
star
8

fastmod

A fast partial replacement for the codemod tool
Rust
1,648
star
9

xar

executable archive format
Python
1,571
star
10

Bowler

Safe code refactoring for modern Python.
Python
1,532
star
11

submitit

Python 3.8+ toolbox for submitting jobs to Slurm
Python
1,245
star
12

gloo

Collective communications library with various primitives for multi-machine training.
C++
1,181
star
13

fizz

C++14 implementation of the TLS-1.3 standard
C++
1,128
star
14

dhcplb

dhcplb is Facebook's implementation of a load balancer for DHCP.
Go
1,046
star
15

below

A time traveling resource monitor for modern Linux systems
Rust
1,029
star
16

OnlineSchemaChange

A tool for performing online schema changes on MySQL.
Python
965
star
17

Glean

System for collecting, deriving and working with facts about source code.
Hack
923
star
18

Battery-Metrics

Library that helps in instrumenting battery related system metrics.
Java
736
star
19

retrie

Retrie is a powerful, easy-to-use codemodding tool for Haskell.
Haskell
500
star
20

superconsole

The superconsole crate provides a handler and building blocks for powerful, yet minimally intrusive TUIs. It is cross platform, supporting Windows 7+, Linux, and MacOS. Rustaceans who want to create non-interactive TUIs can use the component composition building block system to quickly deploy their code.
Rust
477
star
21

nvdtools

A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)
Go
446
star
22

nimble

New file format for storage of large columnar datasets.
C++
419
star
23

infima

A UI framework that provides websites with the minimal CSS and JS needed to get started with building a modern responsive beautiful website
HTML
405
star
24

CG-SQL

CG/SQL is a compiler that converts a SQL Stored Procedure like language into C for SQLite. SQLite has no stored procedures of its own. CG/CQL can also generate other useful artifacts for testing and schema maintenance.
HTML
391
star
25

TTPForge

The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).
Go
320
star
26

flowtorch

This library would form a permanent home for reusable components for deep probabilistic programming. The library would form and harness a community of users and contributors by focusing initially on complete infra and documentation for how to use and create components.
Jupyter Notebook
300
star
27

ptr

Python Test Runner.
Python
284
star
28

senpai

Senpai is an automated memory sizing tool for container applications.
Python
270
star
29

fbjni

A library designed to simplify the usage of the Java Native Interface
C++
260
star
30

dynolog

Dynolog is a telemetry daemon for performance monitoring and tracing. It exports metrics from different components in the system like the linux kernel, CPU, disks, Intel PT, GPUs etc. Dynolog also integrates with pytorch and can trigger traces for distributed training applications.
C++
251
star
31

gazebo

A Rust library containing a collection of small well-tested primitives.
Rust
235
star
32

reindeer

Reindeer is a tool to transform Rust Cargo dependencies into generated Buck build rules
Rust
177
star
33

dispenso

The project provides high-performance concurrency, enabling highly parallel computation.
C++
174
star
34

GeoLift

GeoLift is an end-to-end geo-experimental methodology based on Synthetic Control Methods used to measure the true incremental effect (Lift) of ad campaign.
R
171
star
35

oculus-linux-kernel

The Linux kernel code for Oculus devices
C
156
star
36

FCR

FBNet-Command-Runner: A thrift service to run commands on heterogeneous Network devices with configurable parameters.
154
star
37

dataclassgenerate

DataClassGenerate (or simply DCG) is a Kotlin compiler plugin that addresses an Android APK size overhead from Kotlin data classes.
Kotlin
154
star
38

hsthrift

The Haskell Thrift Compiler. This is an implementation of the Thrift spec that generates code in Haskell. It depends on the fbthrift project for the implementation of the underlying transport.
Haskell
148
star
39

FioSynth

Tool which enables the creation of synthetic storage workloads, automates the execution and results collection of synthetic storage benchmarks.
Python
140
star
40

meta-code-verify

Code Verify is an open source web browser extension that confirms that your Facebook, Messenger, Instagram, and WhatsApp Web code hasn’t been tampered with or altered, and that the Web experience you’re getting is the same as everyone else’s.
TypeScript
137
star
41

tacquito

Tacquito is an open source TACACs+ server written in Go that implements RFC8907
Go
93
star
42

go-qfext

a fast counting quotient filter implementation in golang
Go
91
star
43

momentum

A library for human kinematic motion and numerical optimization solvers to apply human motion
C++
89
star
44

ForgeArmory

ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).
Swift
80
star
45

antlir

ANoTher Linux Image buildeR
Rust
76
star
46

sks

Secure Key Storage (SKS) is a library for Go that abstracts Security Hardware on laptops.
Go
72
star
47

dcrpm

A tool to detect and correct common issues around RPM database corruption.
Python
72
star
48

ConversionsAPI-Tag-for-GoogleTagManager

This repository will contain the artifacts needed for setting up Conversions API implementation on Google Tag Manager's serverside. Please follow the instructions https://www.facebook.com/business/help/702509907046774
Smarty
64
star
49

InjKit

Injection Kit. It is a java bytecode processing library for bytecode injection and transformation.
Java
55
star
50

obs-plugins

OBS Plugins
C++
54
star
51

glTFVariantMeld

An application that accepts files on the glTF format, interprets them as variants of an over-arching whole, and melds them together.
Rust
51
star
52

haberdashery

A collection of high-performance crypto implementations.
Rust
44
star
53

later

A framework for python asyncio with batteries included for people writing services in python asyncio
Python
39
star
54

go2chef

A Golang tool to bootstrap a system from zero so that it's able to run Chef to be managed
Go
39
star
55

CommutingZones

Commuting zones are geographic areas where people live and work and are useful for understanding local economies, as well as how they differ from traditional boundaries. These zones are a set of boundary shapes built using aggregated estimates of home and work locations. Data used to build commuting zones is aggregated and de-identified.
JavaScript
39
star
56

ConversionsAPI-Client-for-GoogleTagManager

This repository will contain the artifacts needed for setting up Conversions API implementation on Google Tag Manager's serverside. Primarily we will be hosting, - ConversionsAPI(Facebook) Client - listens on the events fired to GTM Server and maps them to common GTM schema. - ConversionsAPI(Facebook) Tag - server tag that fires events to CAPI.For more details on Design here https//fburl.com/uae68vlr
37
star
57

Facebook-Pixel-for-Wordpress

A plugin for advertisers who use Wordpress to enable them easily setup the facebook pixel.
JavaScript
37
star
58

strobelight

Meta's fleetwide profiler framework
C++
28
star
59

buck2-change-detector

Given a Buck2 built project and a set of changes (e.g. from source control) compute the targets that may have changed. Sometimes known as a target determinator, useful for optimizing a CI system.
Rust
28
star
60

wordpress-messenger-customer-chat-plugin

Messenger Customer Chat Plugin for WordPress
PHP
27
star
61

CP4M

CP4M is a conversational marketing platform which enables advertisers to integrate their customer-facing chatbots with FB Messenger/WhatsApp, in order to meet customers where they are and drive native conversations on the advertiser's owned infra.
Java
27
star
62

rush

RUSH (Reliable - unreliable - Streaming Protocol)
C++
26
star
63

MY_ENUM

Small c++ macro library to add compile-time introspection to c++ enum classes.
C++
17
star
64

SafeC

Library containing safer alternatives/wrappers for insecure C APIs.
C++
16
star
65

go-belt

It is an implementation-agnostic Go(lang) package to generalize observability tooling (logger, metrics, tracer and so on) and provide ability to use any of these tools with a standard context. Essentially it is an attempt to standardize observability API in Go.
Go
16
star
66

spark-ar-core-libs

Core libraries that can be used in Spark AR. You can import each library depends on your requirements.
TypeScript
15
star
67

scrut

Scrut is a testing toolkit for CLI applications. A tool to scrutinize terminal programs without fuss.
Rust
15
star
68

sado

A macOS signed-app shim for running daemons with reliable capabilities.
Swift
12
star
69

Portal-Kernel

Kernel Code for Portal.
C
11
star
70

npe-toolkit

Libraries, guides, blueprints, and sample code, to enable rapidly building 0-1 applications on iOS, Android and web.
TypeScript
10
star
71

Eigen-FBPlugins

This is collection of plugins extending Eigen arrays/matrices with main focus on using them for computer vision. In particular, this project should provide support for multichannel arrays (missing in vanilla Eigen) and seamless integration between Eigen types and OpenCV functions.
C++
9
star
72

isometric_pattern_matcher

A new isometric calibration pattern - which should/might lead to higher accuracy calibrations compared to existing solutions (checkerboards, patterns of circles).
C++
8
star
73

dnf-plugin-cow

Code to enable Copy on Write features being upstreamed in rpm and librepo
Shell
8
star
74

jupyterhub_fb_authenticator

JupyterHub Facebook Authenticator is a Facebook OAuth authenticator built on top of OAuthenticator.
Python
8
star
75

wireguard_py

Cython library for Wireguard
C
7
star
76

kernel-patches-daemon

Sync Patchwork series's with Github pull requests
Python
6
star
77

meta-fbvuln

OpenEmbedded meta-layer that allows producing a vulnerability manifest alongside a Yocto build. The produced manifest is suitable for ongoing vulnerability scanning of fielded software.
5
star
78

gazebo_lint

A Rust linter that provides various suggestions based on the new primitives offered in the `gazebo` library.
Rust
4
star
79

language-capirca

Adds syntax highlighting for Capirca filetypes in Atom. Capirca is an open source standard for writing vendor-neutral firewall policies as originally released by Google: https://github.com/google/capirca
3
star
80

cinderx

cinderx
C++
3
star
81

fbc_owrt_feed

Facebook Connectivity OpenWrt Feed. Package feed for OpenWrt router OS by Facebook Connectivity programme.
Lua
2
star
82

cutlass-fork

A Meta fork of NV CUTLASS repo.
C++
2
star
83

hwbits_lib

Abstraction of hardware register-level protocols in a python semantic names.
Python
1
star