Chapter 6. eBPF Tools
Now that you’ve learned about what eBPF is, and something of how eBPF programs work, let’s turn to exploring some of the tools, built on this technology, that you might make use of in a production deployment today. We’ll consider some examples of eBPF-based open source projects that provide capabilities in three important areas: networking, observability, and security.
Networking
eBPF programs can be attached to network interfaces and to various points in the kernel’s network stack. At each point, they can drop packets, send them to different destinations, or even modify the contents. This enables some very powerful capabilities. Let’s look at a few networking features that are now commonly implemented with eBPF.
Load Balancing
If you have any doubts about the scalability of eBPF for networking, know that it is being used at massive scale at Facebook. They were an early adopter of BPF and introduced Katran in 2018, an open source, layer 4 load balancer.
Another example of a highly scaled load balancer comes from Cloudflare’s Unimog edge load balancer. By running within the kernel, eBPF programs can manipulate network packets and forward them to an appropriate destination, without each packet having to pass through the networking stack and on to user space.
The Cilium project is better known as an eBPF Kubernetes networking plug-in (as I’ll discuss in a moment) but it’s also in use in large telecommunication and on-premises deployments as a standalone ...
Get What Is eBPF? now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
