Presenter(s)
Arvinder S. Dhanoa
Abstract
IPv4 exhaustion has been a prevalent problem for years, as organizations and service providers have fought against the scarcity of IPv4 address space on the internet. NAT64 is increasingly deployed as a solution to this problem. As a result, it becomes increasingly important that the deployment of NAT64 technologies is easy and performant. Numerous implementations of NAT64 technologies already exist, and some new implementations use eBPF as well. In this research, we implemented a CLAT with an eBPF TC classifier and compared its performance to Jool, a widely used kernel module. We did this using a series of virtual machines on two networks, and a VyOS router. Using iperf3, we compared throughput in TCP and UDP and analyzed throughput and performance loss. Deployment is trivial – essentially loading the program to the appropriate interfaces – and the overhead is minimized because both approaches stay entirely within kernel space.
College
College of Science & Engineering
Department
Computer Science
Campus
Winona
First Advisor/Mentor
Mingrui Zhang
Second Advisor/Mentor
Trung Nguyen Trung
Third Advisor/Mentor
Sudharsan Iyengar
Start Date
4-24-2025 9:00 AM
End Date
4-24-2025 10:00 AM
Presentation Type
Poster Session
Format of Presentation or Performance
In-Person
Session
1a=9am-10am
Poster Number
21
Included in
An Implementation and Comparison of NAT64 using eBPF and the Jool Kernel Module.
IPv4 exhaustion has been a prevalent problem for years, as organizations and service providers have fought against the scarcity of IPv4 address space on the internet. NAT64 is increasingly deployed as a solution to this problem. As a result, it becomes increasingly important that the deployment of NAT64 technologies is easy and performant. Numerous implementations of NAT64 technologies already exist, and some new implementations use eBPF as well. In this research, we implemented a CLAT with an eBPF TC classifier and compared its performance to Jool, a widely used kernel module. We did this using a series of virtual machines on two networks, and a VyOS router. Using iperf3, we compared throughput in TCP and UDP and analyzed throughput and performance loss. Deployment is trivial – essentially loading the program to the appropriate interfaces – and the overhead is minimized because both approaches stay entirely within kernel space.
