A technology recently added to the Linux kernel (fully available since Linux 4.4)

It is a Highly efficient sandboxed VM in the Linux kernel, making the Linux kernel programmable at native execution speed.

It helps you extend Kernel capabilities without actually changing the kernel source code.

For example, where there is a read system call event, you can run a BPF program.

Following are the primary use cases for eBPF.

1. Security

2. Networking Tracing

3. Profiling

4. Observability

5. Monitoring

Companies like Google, Facebook, and Netflix have already implemented eBPF for various use cases for their production system.

When it comes to Kubernetes, the open source Network plugin Cilium uses BPF for Kubernetes networking.

Also, Linux kernel development community announced bpfilter, that will replac in-kernel iptables implementation with high-performance Linux-based BPF network filtering.

BPF Learning resources:

[1]. Getting Started With eBPF

[2]. How to Make Linux Microservice-Aware with Cilium and eBPF — [[Video]

[3]. Brendan Gregg, Senior Performance Engineer, Netflix Performance and OS Team, explores the past, present and future of BPF, and describes use cases.

[4]. BPF Comes to Firewall

[5]. How companies like Facebook and Google use BPF to patch 0-day exploits

[6] Cloudflare Production ready eBPF

[7]. Replacing iptables with eBPF in Kubernetes with Cilium

[8]. Cilium Kubernetes Network Plugin

[9]. eBPF: exploring use case of BPF kernel infrastructure

[10]. BPF - the forgotten bytecode