eBPF Summit 2024

Dynamically program the kernel for efficient networking, observability, tracing, and security

eBPF diagram
  • Programs are verified to safely execute
  • Hook anywhere in the kernel to modify functionality
  • JIT compiler for near native execution speed
  • Add OS capabilities at runtime

Organizations in every industry use eBPF in production

  • Google

    Google uses eBPF for security auditing, packet processing, and performance monitoring

  • Netflix

    Netflix uses eBPF at scale for network insights

  • Android

    Android uses eBPF to monitor network usage, power, and memory profiling

  • S&P Global

    S&P Global uses eBPF through Cilium for networking across multiple clouds and on-prem

  • Shopify

    Shopify uses eBPF through Falco for intrusion detection

  • Cloudflare

    Cloudflare uses eBPF for network security, performance monitoring, and network observability

More case studies

Why eBPF?

What is eBPF
  • Performance

    eBPF drastically improves processing by being JIT compiled and running directly in the kernel.

  • Security

    eBPF programs are verified to not crash the kernel and can only be modified by privileged users.

  • Flexibility

    Modify or add functionality and use cases to the kernel without having to restart or patch it.


Unlocking the Kernel

The eBPF Documentary provides an in-depth exploration on the origins of eBPF and showcases the stories, challenges, and rewards of this industry changing technology. You will hear from the best and brightest in the open source world, including key stakeholders from Meta, Intel, Isovalent, Google, Red Hat, and Netflix, who helped shape and build the tools that drove the success and adoption of eBPF.

eBPF Documentary Website
eBPF has resulted in a new generation of tooling that allows developers to easily diagnose problems, innovate quickly, and extend operating system functionality.
Mark RussinovichChief Technology Officer at Microsoft Azure, 2021

What’s possible with eBPF?

  • Networking


    Speed packet processing without leaving kernel space. Add additional protocol parsers and easily program any forwarding logic to meet changing requirements.

  • Observability


    Collection and in-kernel aggregation of custom metrics with generation of visibility events and data structures from a wide range of possible sources without having to export samples.

  • Tracing & Profiling

    Tracing & Profiling

    Attach eBPF programs to trace points as well as kernel and user application probe points giving powerful introspection abilities and unique insights to troubleshoot system performance problems.

  • Security


    Combine seeing and understanding all system calls with a packet and socket-level view of all networking to create security systems operating on more context with a better level of control.

eBPF Community Talks