ByteDance’s Container Networking Stack with Chen Tang

July 1, 2025

47 min episode · 2 min read

Chen Tang

Episode

47 min

Read time

2 min

AI-Generated Summary

Published Dec 25, 2025

Key Takeaways

✓eBPF kernel programming: Developers write C programs that compile to bytecode, pass through a safety verifier, then load into the Linux kernel without modules or restarts, enabling dynamic packet filtering and system tracing in production environments.
✓Hardware offloading strategy: ByteDance combines eBPF with smart NIC hardware by using a slow path-fast path separation where eBPF processes initial packets, then an agent translates rules to hardware that caches them for thirty-second intervals, bypassing kernel overhead.
✓Container networking at scale: Traditional Kubernetes service discovery becomes a bottleneck above 100,000 machines because indexing all backend containers creates unacceptable overhead, requiring ByteDance to build custom service discovery frameworks that operate without global state management.
✓RDMA integration technique: eBPF enables RDMA direct memory access for containers by first identifying destination locations through kernel hooks, then passing connectivity information to NICs that can bypass kernel stack entirely for subsequent packets between containerized applications.

What It Covers

ByteDance engineer Chen Tang explains how the company uses eBPF technology to manage container networking across over one million servers, replacing traditional virtual switches with kernel-level packet routing for improved efficiency and scalability.

Key Questions Answered

•eBPF kernel programming: Developers write C programs that compile to bytecode, pass through a safety verifier, then load into the Linux kernel without modules or restarts, enabling dynamic packet filtering and system tracing in production environments.
•Hardware offloading strategy: ByteDance combines eBPF with smart NIC hardware by using a slow path-fast path separation where eBPF processes initial packets, then an agent translates rules to hardware that caches them for thirty-second intervals, bypassing kernel overhead.
•Container networking at scale: Traditional Kubernetes service discovery becomes a bottleneck above 100,000 machines because indexing all backend containers creates unacceptable overhead, requiring ByteDance to build custom service discovery frameworks that operate without global state management.
•RDMA integration technique: eBPF enables RDMA direct memory access for containers by first identifying destination locations through kernel hooks, then passing connectivity information to NICs that can bypass kernel stack entirely for subsequent packets between containerized applications.

Notable Moment

Chen reveals that ByteDance can inject observability code directly into the kernel of live production containers, collect diagnostic data from specific function calls and contexts, then remove the tracing program without any system restart or service interruption.

Know someone who'd find this useful?