Software Engineering Radio - the podcast for professional software developers Episode 445: Thomas Graf on eBPF (extended Berkeley Packet Filter)
Feb 2, 2021
Thomas Graf, Co-Founder of Cilium and CTO of Isovalent, dives deep into the world of eBPF and XDP. He discusses how these technologies revolutionize networking, observability, and security by enabling efficient packet processing and real-time monitoring. Thomas contrasts traditional and modern kernel development practices while exploring the role of eBPF in microservices and Kubernetes. He emphasizes its benefits over conventional methods, such as improved system reliability and performance, along with how major tech companies are investing in this evolving field.
AI Snips
Chapters
Transcript
Episode notes
eBPF Expands Packet Filtering
- eBPF extends the original BPF packet filter to provide a programmable, event-driven kernel interface.
- It allows running custom bytecode programs safely within various kernel hook points to process events like network packets or syscalls.
eBPF Hook Points Explained
- eBPF programs run bytecode attached to kernel hook points triggered by events like packet receipt or syscalls.
- These programs return verdicts to the kernel, influencing further kernel processing on those events.
eBPF Performance and Safety
- eBPF uses just-in-time compilation to translate bytecode into native CPU instructions.
- It runs nearly as fast as compiled kernel code with complexity limits to ensure safety and performance.