eBPF summit 2023 Register now

Dynamically program the kernel for efficient networking, observability, tracing, and security

eBPF diagram
  • Programs are verified to safely execute
  • Hook anywhere in the kernel to modify functionality
  • JIT compiler for near native execution speed
  • Add OS capabilities at runtime

Organizations in every industry use eBPF in production

  • Google

    Google uses eBPF for security auditing, packet processing, and performance monitoring.

  • Netflix

    Netflix uses eBPF at scale for network insights.

  • Android

    Android uses eBPF to monitor network usage, power, and memory profiling.

  • S&P Global

    S&P Global uses eBPF through Cilium for networking across multiple clouds and on-prem.

  • Shopify

    Shopify uses eBPF through Falco for intrusion detection.

  • Cloudflare

    Cloudflare uses eBPF for network security, performance monitoring, and network observability.

More case studies

Why eBPF?

What is eBPF
  • Performance

    eBPF drastically improves processing by being JIT compiled and running directly in the kernel.

  • Security

    eBPF programs are verified to not crash the kernel and can only be modified by privileged users.

  • Flexibility

    Modify or add functionality and use cases to the kernel without having to restart or patch it.

eBPF has resulted in a new generation of tooling that allows developers to easily diagnose problems, innovate quickly, and extend operating system functionality.
Mark RussinovichChief Technology Officer at Microsoft Azure, 2021

What’s possible with eBPF?

  • Networking


    Speed packet processing without leaving kernel space. Add additional protocol parsers and easily program any forwarding logic to meet changing requirements.

  • Observability


    Collection and in-kernel aggregation of custom metrics with generation of visibility events and data structures from a wide range of possible sources without having to export samples.

  • Tracing & Profiling

    Tracing & Profiling

    Attach eBPF programs to trace points as well as kernel and user application probe points giving powerful introspection abilities and unique insights to troubleshoot system performance problems.

  • Security


    Combine seeing and understanding all system calls with a packet and socket-level view of all networking to create security systems operating on more context with a better level of control.

eBPF Community Talks