On August 12, 2021 EST, Google, Microsoft, Isovalent, Facebook, and Netflix jointly announced the formation of a new non-profit organization, the eBPF Foundation, under the auspices of the Linux Foundation. The Foundation is dedicated to better promoting the open source project eBPF and supporting the commercial growth of Linux and other open source technologies.
In recent years, the number of eBPF projects has exploded and more and more projects are interested in using eBPF, so it is increasingly important to optimize collaboration between projects, ensure that the core of eBPF is well maintained and configure a clear roadmap for the future of eBPF. At the same time, eBPF is slowly spreading to the Windows kernel and other platforms, and there are a lot of compatibility and portability issues in the process, making it imperative to form an open source organization of technology giants.
What is eBPF?
eBPF is a revolutionary technology that makes it possible to run sandboxed programs in the Linux kernel without changing any source code or loading any kernel modules. eBPF first appeared in the Linux kernel in 2014 as an extension to the BPF (Berkeley Packet Filter). eBPF makes the Linux kernel “programmable”, allowing developers to “reprogram runtime behavior” around current kernel functionality and create a suite of infrastructure tools covering network debugging, tracing, and more without compromising security and efficiency.
Over the next few years, eBPF has grown considerably and has now evolved to cover more use cases in over a dozen projects, laying the foundation for a variety of tools for networking, security, application analysis/tracing, and performance troubleshooting.
Originally designed to serve only the Linux kernel, in May of this year Microsoft launched a new open source project, eBPF for Windows, with the hope that eBPF will run on Windows 10 and Windows Server 2016 and beyond, and a port of BSD is in the works.
Practical application and evaluation of eBPF
eBPF allows developers to effectively sneak programs into any software, including operating system kernels. As a result, eBPF is quickly becoming the preferred method for implementing a wide range of infrastructure use cases. For example, Facebook is using eBPF as the primary software-defined load balancer in its data center, and Google is bringing eBPF-based networking and security to hosted Kubernetes products and Anthos, among others.
Alexei Starovoitov, Facebook kernel developer and co-creator and maintainer of eBPF, said “eBPF is a revolutionary technology that allows us to modify the behavior of the operating system in real time without risking changes to the kernel code. It has had a significant impact on our ability to rapidly iterate from networking to security to containerization.”
“eBPF has redefined the way we think about operating systems and has sparked a massive wave of innovation in networking, security and observability. The adoption of eBPF has been accelerating at a phenomenal rate due to its close relevance in the cloud-native world.” Daniel Borkmann, Isovalent kernel developer and eBPF co-creator and maintainer, said.
Mkie Dolan, General Manager and Senior Vice President of Programs at the Linux Foundation, also said, “ePBF is one of the great examples of what’s happening in the Linux community that represents the future of operating system and microservice delivery, and we look forward to and support the work of the ePBF Foundation and the community.”
Finally, the eBPF Foundation will also be helping to organize the Virtual eBPF Summit next week on August 18-19. Don’t miss it if you’re interested.