eBPF summit 2022 Watch Recordings


Major Applications

  • bcc


    Toolkit and library for efficient BPF-based kernel tracing

    BCC is a toolkit for creating efficient kernel tracing and manipulation programs built upon eBPF, and includes several useful command-line tools and examples. BCC eases writing of eBPF programs for kernel instrumentation in C, includes a wrapper around LLVM, and front-ends in Python and Lua. It also provides a high-level library for direct integration into applications.

  • Cilium


    eBPF-based Networking, Security, and Observability

    Cilium is an open source project that provides eBPF-powered networking, security and observability. It has been specifically designed from the ground up to bring the advantages of eBPF to the world of Kubernetes and to address the new scalability, security and visibility requirements of container workloads.

  • bpftrace


    High-level tracing language for Linux eBPF

    bpftrace is a high-level tracing language for Linux eBPF. Its language is inspired by awk and C, and predecessor tracers such as DTrace and SystemTap. bpftrace uses LLVM as a backend to compile scripts to eBPF bytecode and makes use of BCC as a library for interacting with the Linux eBPF subsystem as well as existing Linux tracing capabilities and attachment points.

  • Falco


    Cloud Native Runtime Security

    Falco is a behavioral activity monitor designed to detect anomalous activity in applications. Falco audits a system at the Linux kernel layer with the help of eBPF. It enriches gathered data with other input streams such as container runtime metrics and Kubernetes metrics, and allows to continuously monitor and detect container, application, host, and network activity.

  • Katran


    A high performance layer 4 load balancer

    Katran is a C++ library and eBPF program to build a high-performance layer 4 load balancing forwarding plane. Katran leverages the XDP infrastructure from the Linux kernel to provide an in-kernel facility for fast packet processing. Its performance scales linearly with the number of NIC's receive queues and it uses RSS friendly encapsulation for forwarding to L7 load balancers.

  • Pixie


    Scriptable observability for Kubernetes

    Pixie is an open source observability tool for Kubernetes applications. Pixie uses eBPF to automatically capture telemetry data without the need for manual instrumentation. Developers can use Pixie to view the high-level state of their cluster (service maps, cluster resources, application traffic) and also drill down into more detailed views (pod state, flame graphs, individual full body application requests).

  • Calico


    Pluggable eBPF-based networking and security for containers and Kubernetes

    Calico Open Source is designed to simplify, scale, and secure container and Kubernetes networks. Calico's eBPF dataplane utilizes the power, speed, and efficiency of eBPF programs to deliver networking, load-balancing, and in-kernel security enforcement for your environment.


Frequently Asked Questions

  • Are these projects under the eBPF Foundation?

    • This page lists a number of open source projects that use eBPF as the underlying core technology. These projects are not all under the eBPF Foundation but are listed here as a survey of the eBPF project landscape today.
  • Add your project

    1. Make sure that the project is meeting the requirements to be listed. See below.
    2. Open a pull request and provide the required information. Use one of the already listed projects as a template. The ordering of applications is based on the number of Github stars (high to low), updated on a quarterly basis.
    3. The pull request will be reviewed by the community and merged by one of the maintainers. If you have any questions, feel free to ask on Slack.
  • Are you maintaining a listed project?

    • If you are maintaining one of the listed projects and would like to adjust the content. Get in touch on Slack or open a pull request directly.
  • Requirements for a project to be listed

    Projects can be listed on this page as "Major" or "Emerging". The requirements for being listed as "Emerging" are:

    • The project must be open source. All source code must be licensed under an open source license. Any documentation must be licensed under an open license.
    • The project must be using eBPF as its underlying core technology (in other words, a project would lose its purpose if the eBPF parts are removed) or help accelerate the adoption of eBPF in production.
    • The project must be open to collaboration and have a governance model following open source best-practices.

    In order to be listed as a "Major" project, a project must meet all of the requirements above, plus:

    • The project must have more than 50 contributors.
    • The project must be actively maintained.
    • The project must be used in production-like environments with a significant amount of users. Since this information may not be easily discoverable from a link to the project, such information should be included in the pull request description.