eBPF wrapped 2023

When it comes to open-source innovation, Red Hat is committed to pushing technological boundaries and enhancing the capabilities of cutting-edge solutions. As we look back at 2023, we’ll discuss Red Hat’s role in advancing Extended Berkeley Packet Filter (eBPF) technology, from collaborative contributions to the Linux kernel to strategic implementations within Red Hat’s portfolio, and explore the intersection of innovation, performance, security capabilities and networking within the evolving landscape of eBPF.

Kernel upstream collaborations

Red Hat engineers actively collaborated with the Linux kernel community to push critical eBPF enhancements to upstream projects. These contributions include optimizations, bug fixes and the introduction of new features, reinforcing Red Hat’s dedication to the open source ecosystem.

Some of the highlights include:

• HID eBPF: Allowing Human Interface Device drivers to be written in eBPF, which will allow for fewer drivers to live in the kernel
• Netfilter eBPF: Enabling the attachment of eBPF programs to Netfilter hooks, adding new use cases for networking eBPF programs
• XDP hints: Providing the foundations for XDP programs to be able to use the hardware offload capabilities of Network Interface Cards (NICs)
• AF_XDP improvements: Adding multi-buffer support and virtual ethernet driver optimizations
• Contributing documentation for eBPF maps

Tooling and framework development

Recognizing the importance of developer tools and frameworks in harnessing the power of eBPF, Red Hat invested in the development of user-friendly tools and frameworks. This helps engineers use eBPF more efficiently for performance monitoring, systems security and networking tasks.

Red Hat Enterprise Linux (RHEL) 9 receives regular updates to its eBPF capabilities, including important tooling like libbpf, bpftool, bcc and bpftrace. In addition, the xdp-tools project has included 3 new utilities to make working with XDP easier:

• xdp-bench for running benchmarks of XDP on the receive side
• xdp-monitor for monitoring XDP errors and statistics using kernel tracepoints
• xdp-trafficgen for generating traffic and sending it out through the XDP driver hook

As the hype around eBPF continues, we’re anticipating an uptake in software that includes eBPF programs. To that end, we’ve focused on providing bpfman, an eBPF program manager that aims to simplify the deployment of eBPF enabled software on Linux and Kubernetes. bpfman has been submitted to the CNCF Sandbox.

Broadened community engagement and support

Red Hat continues to foster a vibrant eBPF community by actively participating in conferences, webinars and meetups. Through these engagements, we share our knowledge and best practices, and collaborate with the broader ecosystem of contributors to help drive the evolution of eBPF.

Here are some highlights of our eBPF talks in 2023:

• eBPF 201: Supercharging Your eBPF Dev Process for Cloud Native Apps - Sanjeev Rampal & Donald Hunter
• Survive eBPF Deployment with Bpfd - Andrew Stoycos, Red Hat & Shane Utt, Kong
• XDP: Past, Present and Future - Netdevconf 0x17 - Toke Høiland-Jørgensen

We maintain xdp-tutorial as a valuable resource for getting started with XDP as well as bpf-examples as a showcase of how eBPF can be used.

Research and development

As eBPF evolves, Red Hat continues to explore the potential of eBPF to enhance and revolutionize networking, security and observability capabilities. Through cutting-edge research initiatives, we aim to push the boundaries of what is possible in this rapidly advancing landscape, enhancing our products to not only meet but exceed the evolving needs of our customers.

One such effort is the Hybrid Networking Stack (HNS), a new approach to high performance cloud native networking which uses in-kernel eBPF technologies advancements, specifically XDP and AF_XDP, as well as the Cloud Native Data Plane (CNDP) framework, to provide a cloud native Linux based alternative to DPDK. Ongoing efforts include Kubernetes integration via the AF_XDP Device Plugin as well as a migration path from DPDK to AF_XDP without having to modify the DPDK application. Additionally, our research project with Karlstad University is entering its third year and has been featured in a number of research papers.

Red Hat’s usage of eBPF

As a leading provider of open-source solutions, in 2023 Red Hat strategically integrated eBPF into its portfolio to address diverse challenges across various domains.

• Performance monitoring and optimization: RHEL has embraced eBPF for performance monitoring, allowing users to gain deeper insights into system behavior. With enhanced profiling capabilities, RHEL users can optimize their applications and infrastructure for peak performance and with the help of Kepler, OpenShift users can better optimize for energy efficiency.
• Systems security and compliance: eBPF’s powerful capabilities for in-kernel programmability have been leveraged by Red Hat to strengthen security measures. Through the use of eBPF programs in Red Hat Advanced Cluster Security (ACS), customers can help protect their Kubernetes workloads on OpenShift.
• Networking innovations: In the networking domain, Red Hat utilized eBPF to introduce innovative solutions for packet filtering, traffic monitoring and network visibility. This led to more efficient and scalable networking solutions for Red Hat customers.

Looking ahead for eBPF

Red Hat envisions a continued evolution of eBPF, with a focus on addressing emerging challenges and unlocking new possibilities.

• We anticipate further advancements in eBPF to enhance performance monitoring and optimization capabilities. This includes refining tooling and frameworks to provide users with even more granular insights into system behavior.
• With an ever-growing threat landscape, we’re also seeking to extend eBPF to apply to more advanced IT security use cases. This includes developing new security modules and integrations that leverage eBPF’s flexibility to adapt to evolving security challenges, along with an eBPF signing solution and privilege controls for programs looking to load eBPF.
• From a Red Hat product portfolio view, we’re looking to further deepen integration of eBPF, providing users with a more seamless and unified experience across the Red Hat ecosystem. This includes tighter integration with Red Hat OpenShift and other key solutions.

As Red Hat looks forward to 2024, we remain committed to pushing the boundaries of eBPF’s capabilities, addressing emerging challenges and delivering innovative solutions to our users.

Dave Tucker is a Senior Principal Software Engineer at Red Hat leading networking projects within the Emerging Technologies group in the Office of the CTO. Starting his career in network engineering, Dave shifted to software development with a focus on Software Defined Networking in 2014. His journey through the tech industry is marked by a unique blend of technical marketing and product management expertise, alongside significant engineering roles. A notable milestone in Dave’s career was his co-founding of Socketplane, a networking startup that was acquired by Docker in 2015. Currently, Dave is the driving force behind the bpfman project at Red Hat, which focuses on enhancing the security and deployment of eBPF programs on Linux and Kubernetes. Dave is an active Rust programmer and a recognized speaker at industry conferences, where he shares his knowledge and insights into network software development.

Read full bio