Facebook, Google, Isovalent, Microsoft and Netflix have joined together to create the eBPF Foundation under the umbrella of the Linux Foundation, giving the eBPF project a vendor-neutral home for its future endeavors.
The Extended Berkeley Packet Filter (eBPF) was originally created in 2014, as a follow-on to the original Berkeley Packet Filter created in 1992. Despite the name, eBPF is more than an extension of the original. eBPF is a fully separate project that provides backward compatibility to BPF, and has been referred to as “Linux’s newest superpower.” eBPF provides a way for the Linux kernel to execute customized operations on the user’s behalf using a just-in-time (JIT) compiler while also providing a fully sandboxed environment. In essence, eBPF allows you to extend the Linux kernel without actually changing it.
Functionality such as this was only previously available to either companies that could employ a kernel team to fork the Linux kernel and maintain their own branch, or to those using Linux kernel modules, explained Graf. While the first option was cost prohibitive, Linux kernel modules posed another problem — any bug could crash the Linux kernel entirely, and eventually, many cloud providers wouldn’t even allow them anymore for certain distributions.
“Unless you could host and maintain and employ your own kernel team, you were kind of stuck with the capabilities that the Linux kernel of your distribution would provide,” said Graf. “eBPF changes this. That’s kind of the third option now. You can make your own changes, you can maintain your own changes, but you don’t have to maintain a downstream fork.”
In recent years, eBPF has seen quite a bit of growth, with the project forming the basis for a variety of tools in the realms of networking, security, application profiling/tracing and performance troubleshooting. Recently, eBPF was ported to Windows, where eBPF for Windows will bring this functionality to Windows 10 and Windows Server 2016, and Graf says that a port to BSD is also in the works. This recent interest, said Graf, is part of the reason behind forming the eBPF Foundation.
“The eBPF foundation brings everybody together and creates a governance structure that allows for safe innovation between everybody,” said Graf. “eBPF is becoming incredibly popular, so there have been more parties that want control over it like we have seen with many other open source technologies. The foundation makes sure that the governance, running things like events, making technical decisions, defining the requirements to be an eBPF certified runtime — all of these decisions are done by a foundation that is steering control by the parties, by the engineers, or by the people that have created eBPF. It is important that everybody feels safe to contribute. That’s the goal.”
At launch, the eBPF Foundation will start with a number of established projects and libraries, including some emerging use cases, and the foundation will be home to future open source eBPF projects and technologies, as well. The foundation will also serve to help host community events and summits, such as the free and virtual eBPF Summit taking place next week on Aug. 18 and 19.
The New Stack is a wholly owned subsidiary of Insight Partners. TNS owner Insight Partners is an investor in the following companies: Bit.
Linux Foundation is a sponsor of The New Stack.