Six eBPF trends for 2023

eBPF (extended Berkley Packet Filter) was buzzing all of 2022 🐝. Now that we are deep into 2023, we are looking into what to expect in eBPF. These are the key trends to pay attention to this year:

1. High performance HTTP monitoring with eBPF network tracing
2. Deeper network functionality and sidecar optimizations
3. Security and malware detection
4. Cloud adoption
5. Deeper telco adoption
6. BumbleBee paving the way

eBPF provides a unique approach to creating just-in-time sandboxed applications inside of the operating system, which allows you to extend kernel capabilities without having to recompile to modify the kernel itself.

Building with eBPF furthers our endeavors to build highly scalable networks. We have the ability to revolutionize how we tune and optimize networks, observe and monitor different parts of our application, and go as far as to implement stringent security all the way down to the kernel.

Here’s the official definition from eBPF.io, an open source initiative for eBPF:

eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules.

Historically, the operating system has always been an ideal place to implement observability, security, and networking functionality due to the kernel’s privileged ability to oversee and control the entire system. At the same time, an operating system kernel is hard to evolve due to its central role and high requirement towards stability and security. The rate of innovation at the operating system level has thus traditionally been lower compared to functionality implemented outside of the operating system.

Now… six eBPF trends to look out for in 2023

1. High performance HTTP monitoring with eBPF network tracing

Using eBPF network profiling and tracing, enhanced HTTP communication can be observed with tools like Apache SkyWalking to give platform engineers and operators deeper metrics for how their applications are performing. The biggest consideration is how eBPF network profiling can be paired with Layer 7/HTTP information to paint a clearer picture of requests flowing through applications and where latency may exist. Using tools like Jaegar and Zipkin alongside eBPF network profiling will become much more common in 2023 and beyond.

2. Deeper network functionality and sidecar optimizations

Sidecar optimizations – Instead of using iptables rules to redirect ingress and egress traffic from an app container to the injected Istio sidecar proxy and vice versa, eBPF is used to intercept the traffic and shorten the data path in a service mesh. With eBPF, packets to and from apps can be directly forwarded from one socket to the other. This setup reduces network latency and the necessary packet processing in the kernel. Solo offers this through Gloo Platform!

Network functionality – eBPF can be used to create a “BPF Dplane Provider” for a routing engine like FRR (Free Range Router), which allows for a variety of network routing use cases such as segment routing for IPv6. This is a strong enhancement and use case that allows for telco adoption.

3. Security and malware detection

Malware is a major annoyance and also extremely damaging to our production environments. eBPF will continue to be used as a security profiling tool and used to detect malicious processes that our operating systems can’t seem to pick up. 2023 is the year that security tools start to implement eBPF and further research on how it can be used to detect malware and provide a preventative shield against it.

4. Cloud adoption, de facto for hyperscale

eBPF implemented in Cilium paves the way for hyperscaling. Cloud providers can take advantage of enhanced and optimized packet processing, along with having access to observability data they can then use to tune and optimize various parts of their cloud. They even pass this on to consumers through managed Kubernetes offerings.

5. Deeper telco adoption

With eBPF enhancing the network stack, this allows internet service providers to provide those same enhancements to their telco NFV stacks and allow for resilient eBPF-backed microservices to enhance core provider networks. As mentioned previously, segment routing with IPv6 allows for things like:

1. Reduction of operational complexity
2. Network programmability
3. Data center interconnection
4. Scalable networks
5. A path to move toward modern SDN ISP technologies

6. BumbleBee paving the way for more eBPF programs

In 2022, Solo.io launched BumbleBee, a tool to help build, ship, and run eBPF-based programs. It’s very difficult to build BCC-based programs as you need to build user space with Python and BPF with C, and you have to compile and run every time. 

With Libbpf, you can do this all with C, just compile once, and run everywhere. And to further simplify this, BumbleBee uses Libbpf to help you create the structure for your eBPF-based program. With the need to explore further eBPF use cases, BumbleBee will drive easier adoption for building these eBPF programs!

Where else can we go with eBPF?

That’s not where these trends end. It’s worth reviewing this image to determine where eBPF use cases can be derived. There are plenty of BPF tracing tools that can have user space programs created to drive more observability or deeper intrinsic security.

eBPF and Solo.io

eBPF in the kernel is by far the most impactful open source technology that has redefined the game of networking, security, and observability.

We at Solo.io are driving further eBPF adoption through our technologies like BumbleBee and Gloo Platform, which drive Cilium and eBPF optimizations for sidecars, and we’ll continue to innovate and build with eBPF. Review this blog post to better understand eBPF.

Take our BumbleBee and eBPF workshop. 

Let’s continue the conversation on Slack (slack.solo.io)!