-
Notifications
You must be signed in to change notification settings - Fork 158
BESS Overview
BESS is a software switch designed to be extensible and high performance. BESS is the first software switch designed specifically to support Network Functions Virtualization, in addition to traditional virtual networking tasks. You can check out this longer slide-deck for a talk given by BESS's creator Sangjin Han.
To get started with BESS, you should know about four key components of BESS:
- bessd: the "BESS daemon" is the core software switch. The daemon itself carries packets between ports and modules.
- ports: ports are places that packets may enter or exit bessd. A port can connect to a network interface, to a virtual machine, to a containerized app, or a normal process running in user space.
-
modules: modules are chunks of code that allow bessd to inspect or modify packets. Modules receive and release packets via input and output gates. Some built-in modules include:
- A round-robin module, which receives packets on one input gate and releases packets in a round-robin fashion over multiple output gates.
- An ACL module, which receives packets on one input gate, and checks whether the packet header matches a blacklisted firewall rule. Packets which match a blacklisted rule are released on one gate, packets which do not match any blacklisted rule are released on another gate.
- bessctl: this is the controller for bessd. bessctl offers a command-line interface allowing an administrator to configure which ports are connected to which modules, inspect where traffic is flowing within bessd, and a variety of other useful administrative commands.
In the BESS repository, the code for bessd can be found in core/
, the code for ports can be found in core/drivers/
, the code for modules can be found in core/modules/
and the code for bessctl can be found in bessctl/
. If this is your first time using BESS, don't worry about the code so much -- we'll focus on getting BESS built and running and how to use it first.
No! BESS is entirely in userspace and binds directly to network interfaces (bypassing the kernel) using DPDK. Avoiding the overhead of the kernel networking stack is part of what makes BESS ultra-fast. Here is the same figure as above, but now with the kernel/user space division in view.