• Home
  • Blog
  • ​​BumbleBee: Build, Ship, Run eBPF tools

​​BumbleBee: Build, Ship, Run eBPF tools

Idit Levine | January 05, 2022

Today we are thrilled to announce BumbleBee, an open-source project focused on simplifying the user experience around building eBPF tools. BumbleBee helps to build, run and distribute eBPF programs using OCI images. It allows you to focus on writing eBPF code, while taking care of the user space components – automatically exposing your data as metrics or logs.

eBPF is a powerful technology

Linux has become one of the most dominant operating systems of all time. Yet the very popularity of Linux has made getting changes merged to the upstream Linux kernel a slow and long process and rightly so – the Linux kernel is everywhere, and upstream changes have a broad impact. eBPF fills this gap by allowing customizations of kernel behavior that do not need to be merged into the upstream kernel code. eBPF is a Linux-kernel technology that can run sandboxed programs in an operating system kernel and provides a safe way to enhance the kernel with rapidly evolving network and security (to name a few) technologies. 

eBPF has many use cases in the cloud management and application networking space. eBPF allows users to run custom functions to monitor network communications between services, track latencies, filter and route packets to their endpoints, collect network statistics at the pod level, and more. Running these functions at the kernel level benefits from custom and efficient network logic, event-based invocation, and more.

Challenges of building eBPF tools

eBPF is a binary bytecode format that gets attached to various hooks or probes in the operating system. Users typically build eBPF programs in a higher-level language (like C) and compile it to bytecode. The operating system loads the bytecode, verifies it, JIT (just-in-time) compiles it, and runs it. 

eBPF programs can access data structures in the kernel, whose format may be version specific. This could mean that BPF programs must be compiled on every machine where they run. To avoid this and to allow ‘compile once, run everywhere’ (CO-RE) eBPF utilizes BTF, a common type description format that is portable between Kernel versions. But packaging and sharing these binary programs isn’t very well specified. 

Typically, an eBPF developer is responsible for writing the user-space code, the eBPF code, and left on their own to figure out how to share it or distribute it to other machines or users. Oftentimes, these user-space programs are just boiler-plate code with some specifics to the data types used in the eBPF maps. What if we could use the same BTF typing which provides Kernel portability, to auto-generate all of the user-space code?

Introducing BumbleBee

We have been working with eBPF for over a year to implement enhancements to our enterprise service mesh based on Istio. Along the way, we encountered some repeating challenges in building eBPF programs, which we needed to solve while developing our products. This prompted us to develop BumbleBee, a tool that brings a docker-like experience for automating critical steps in this process. Bumblebee is focused on packaging, distribution, and automatically generating user-space code for any eBPF program. 

Let’s take a quick look. To bootstrap an eBPF based tool, run the `bee` cli like this:

To bootstrap a new eBPF program, run this:

bee init

This command will ask you to make several choices about the eBPF program you plan to build and will autogenerate your code template. At this point, you can add the eBPF code necessary to implement the functionality you need in the Kernel. You can then build the program into an OCI image like this:

bee build probe.c my_probe:v1

This creates an OCI packaged eBPF image, which you can share, put it in your workflow, and deploy it into your environment. 

To run the program, use bee run:

bee run my_probe:v1

Take a look at the steps to building a complete eBPF program including auto-generated user-space code in this short video:

BumbleBee represents a powerful tool for anyone building eBPF programs, including us here at Solo.io. We are open sourcing this tool to reduce the hurdles of building eBPF programs and allow others to build and share powerful networking, observability, and security tools. To learn more about BumbleBee and contribute, check out the GitHub repository.

About the Author
Idit Levine Headshot Transparent Idit Levine
Idit Levine is the founder and CEO of Solo.io. She founded Solo.io with the idea to create tools that help organizations meaningfully adopt cloud-native technologies alongside their existing IT investments. Idit has a long history in cloud, infrastructure and open source in both startup and large enterprise companies. Prior to Solo.io she was CTO of the EMC Cloud Management Division, a member of the global CTO office, and held technical leadership roles at Dynamic Ops, VMware, CloudSwitch, and Verizon.
Additional Resources
infographic
Top 7 API Capabilities to Adopt
View the Infographic
post
Optimize AWS Workloads with Istio’s Ambient Mode

April 16, 2024

Read the Article
post
The Battle of Titans: Apigee vs. Gloo Gateway

April 15, 2024

Read the Article
post
Solo.io: The New Nexus of Istio Expertise and Innovation

April 10, 2024

Read the Article