Spring is back in the Northern Hemisphere, and with it all kinds of features are blooming for eBPF. Kernel 5.12 is out and version 5.13 is on track to bring new exciting functionalities. At the same time, new projects hatch and companies are enjoying renewed activity. Several eBPF-related projects applied to join or upgrade their status in the bosom of CNCF. After some delay, no doubt caused by winter hibernation, welcome to the fifth issue of the eBPF Updates!
eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules.
Historically, the operating system has always been an ideal place to implement observability, security, and networking functionality due to the kernel’s privileged ability to oversee and control the entire system. At the same time, an operating system kernel is hard to evolve due to its central role and high requirement towards stability and security. The rate of innovation at the operating system level has thus traditionally been lower compared to functionality implemented outside of the operating system.
eBPF changes this formula fundamentally. By allowing to run sandboxed programs within the operating system, application developers can run eBPF programs to add additional capabilities to the operating system at runtime. The operating system then guarantees safety and execution efficiency as if natively compiled with the aid of a Just-In-Time (JIT) compiler and verification engine. This has led to a wave of eBPF-based projects covering a wide array of use cases, including next-generation networking, observability, and security functionality.
Today, eBPF is used extensively to drive a wide variety of use cases: Providing high-performance networking and load-balancing in modern data centers and cloud native environments, extracting fine-grained security observability data at low overhead, helping application developers trace applications, providing insights for performance troubleshooting, preventive application and container runtime security enforcement, and much more. The possibilities are endless, and the innovation that eBPF is unlocked has only just begun.
In several parts of the globe, February is traditionally about love, and pancakes. eBPF sure received a lot of love over the last weeks! Blogging, conferencing, and kernel development have resumed full speed after the quiet period at the end of the year. Here are all the latest updates, plus a section focusing on program size limits. Alas, uncertainty remains as for eBPF getting pancakes.