Today, we are announcing the formation of a new eBPF Foundation under the overall umbrella of the Linux Foundation. eBPF, one of the most influential technologies in the infrastructure world, has seen explosive growth in the last few years. We are establishing a foundation around it to help support the growth of the technology and facilitate collaboration among the many eBPF-based open source projects that are evolving.
For many of us in our team who have been involved with eBPF since the early days, this is yet another amazing milestone. We are proud to have played a key role in the creation of the technology and enjoy being heavily involved in the future development of eBPF by co-maintaining the technology in the Linux kernel as well as several major eBPF projects. We are excited to be among giants as we bootstrap the foundation.
Where is eBPF coming from?
eBPF started its journey as a Linux kernel feature in 2014, the same year as the first Kubernetes commit was written. I still remember the Linux Plumbers conference where the proposal of adding eBPF to the Linux kernel was first discussed. It was heated, but it also sparked a fire that would eventually lead to some of us founding an entire company around eBPF and the massive potential we saw in it.
As the name suggests, eBPF shares some roots with BPF which is much older and originates in the BSD community. One of the conditions for eBPF to be merged into the Linux kernel was the requirement not to maintain yet another bytecode language in the kernel. Therefore, eBPF was made capable of also running classic BPF programs and the name eBPF “extended BPF” was born.
Why we created eBPF
Historically, the operating system has always been an ideal place to implement observability, security, and networking functionality due to the kernel’s privileged ability to oversee and control the entire system. At the same time, an operating system kernel is hard to evolve due to its central role and high requirement towards stability and security. The rate of innovation at the operating system level has thus traditionally been lower compared to functionality implemented outside of the operating system.
eBPF changes this formula fundamentally. By allowing sandboxed programs to run within the operating system, eBPF enables developers to create eBPF programs that add capabilities to the operating system at runtime. The operating system then guarantees safety and execution efficiency as if natively compiled with the aid of a Just-In-Time (JIT) compiler and verification engine. This has led to a wave of [eBPF-based projects](https://ebpf.io/projects/) covering a wide array of use cases, including next-generation networking, observability, and security functionality.
Where is eBPF Today?
eBPF quickly found its way into the infrastructure software layer of giant data centers. As an example, Facebook has released its eBPF-based load balancer Katran which has been powering Facebook data centers for several years now. More recently, Facebook engineers also wrote about Encryption at scale with eBPF.
However, eBPF is not just for the hyperscalers out there. eBPF has long found its way into enterprises. Examples include Capital One and Adobe, who both shared their end-user experiences at the eBPF Summit in 2020 of how they leverage eBPF via the Cilium project to drive their networking, security, and observability needs in cloud-native Kubernetes environments. eBPF has even matured to the point that Google has decided to bring eBPF to its managed Kubernetes products GKE and Anthos as the new networking, security, and observability layer. The Google team blogged about this in Bringing eBPF and Cilium to Google Kubernetes Engine.
Why we created the eBPF Foundation
The number of eBPF-based projects has exploded in recent years and many more have been announcing intent to start adopting the technology. eBPF is quickly becoming one of the most influential technologies in the infrastructure software world. As such, the demand is high to optimize collaboration between projects and ensure that the core of eBPF is well maintained and equipped with a clear roadmap and vision for the bright future ahead of eBPF. This is where the eBPF Foundation comes in, and establishes an eBPF steering committee to take care of the technical direction and vision of eBPF. Additionally, with the port of eBPF to the Windows kernel and additional ports to other platforms on the way, the question of eBPF program portability and eBPF runtime requirements becomes more important and requires coordination.
What is Next?
eBPF continues to grow and evolve quickly. An ever-expanding set of eBPF projects can be found in the eBPF projects directory. While eBPF is already widely deployed, we are still at the very beginning of the large wave of innovation it unlocks.
Remember when web browsers became programmable with languages such as JavaScript? All of a sudden users no longer had to install new versions of web browsers in order to benefit from the latest innovations. This unlocked an incredible wave of innovation and the web browser has become the standard platform for the majority of applications. Think of eBPF as making the operating system programmable in the same way as JavaScript and other languages have done this to the web browser. We are therefore looking into an exciting future of innovation ahead of us.
If you want to learn more about eBPF, consider registering for the upcoming virtual eBPF Summit on Aug 18-19. Attendance is free and the registration is still open.
Learn More
- eBPF – Introduction, Tutorials & Community Resources
- Linux Foundation Press Release
- eBPF Summit 2021, Aug 18-19, 2021. Annual community conference.
- What is eBPF?
- eBPF Foundation Members
- eBPF Foundation Charter