eBPF, the technology that enables the Linux kernel to more easily be changed, should be considered a great success, according to experts in the industry. Nearly 10 years after its initial release, the eBPF Foundation and the Linux Foundation teamed up to create a qualitative report that shows how far the technology has come.
“Many of the US hyperscalers—Meta, Google, Netflix–use eBPF in production. Every Android phone uses eBPF to monitor traffic,” the report states. “Every single packet that goes in and out of a Meta datacenter is touched by eBPF. Companies in a myriad of industries, including software, cloud services, financial services, telco, media and entertainment, ecommerce, consulting, and security, are increasingly using eBPF technology to do more, faster, saving time and money and increasing performance.”
The technology allows users to run custom programs within the Linux kernel and execute up to 10x faster. In the years since it was first released, the main use cases for eBPF have been observability, networking, and security.
In the past year, Meta has expanded beyond those main use cases and created central processing unit schedules based on eBPF, resulting in 5% CPU bandwidth gains on its largest applications.
“That’s an enormous number because it is basically equivalent to us having 5% more CPUs in our fleet,” says Dan Kelley, director of software engineering at Meta. “We’re right on the precipice of radically increasing what you can do with eBPF.”
The report also highlighted how Microsoft became involved to expand eBPF beyond Linux. In 2021, Microsoft created the eBPF for Windows project, laying the groundwork for eBPF to become a standardized infrastructure language across the industry.
A number of open-source projects have sprung up in the eBPF landscape as well. Cilium is the biggest, and one of the CNCF’s fastest growing projects, with over 100 companies having adopted it, including The New York Times, AWS, Google Cloud, and S&P Global.
Other eBPF-based projects include Bcc, Bpftrace, Falco, Katran, Pixie, Calico, and Tetragon.
Despite initial success, experts say that the technology is still in its beginning. The report concludes: “No doubt, eBPF will become the new layer in the new cloud native infrastructure stack, impacting the observability, performance, reliability, networking, and security of all applications, supporters say. Platform engineers will cobble together eBPF-powered infrastructure building blocks to create platforms that developers then deploy software on, adding business logic to the mix, and replacing aging Linux kernel internals that cannot keep up with today’s digital and, increasingly, cloud native world.”