A Controlled, Secure Vsock Tunnel for High-speed Data Transfer Between Guest and Host

Learn how to build a high-performance data plane over a vsock tunnel based on Ant Group's best practices in this 26-minute technical talk. Explore how the guest kernel enables Kata containers to access host daemonsets through UDS, similar to runc containers, by hijacking UDSs and tunneling data. Discover how both TCP and UDP protocols benefit from reduced overhead by utilizing a lightweight vsock tunnel instead of the guest network stack. Examine the unified communication methods between guest and host, along with an access control mechanism implemented in the guest kernel to enhance security. Dive into techniques for securely sharing the tunnel with host applications in userspace, such as Ztunnel, to bypass the host network stack and further reduce overhead. Speaker Xuewei Niu from Ant Group provides detailed insights into implementing this efficient and secure communication system.