What is eBPF, and why is it so important?

The Extended Berkeley Packet Filter (eBPF) functions constitute a relatively new and powerful set of capabilities embedded in the Linux kernel. First released in 2014 (w/ Linux 3.18) we are seeing accelerating adoption of eBPF for very good reason.

The access that eBPF provides enables a variety of important use-cases in modern cloud-native environments. Use-cases span across application and network performance monitoring, service mesh, load balancing, continuous discovery, dynamic topology and anomaly detection for a variety of development, systems engineering, operations, cloud infrastructure, 5G / IoT, and cybersecurity applications. We discuss these in more detail further below.

5G network architectures are redefining how resources are deployed, managed and utilized within a communications network. A fair blanket statement regarding these changes is that 5G is taking full advantage of cloud-native and virtualization technologies - even pushing them to the next level. These range from cutting edge, revolutionary 100% cloud native deployments from new entrants such as Rakuten, to the more measured non stand-alone (NSA) and hybrid architectures being deployed by the existing wireless service providers. One thing is clear- the days of capital-intensive dedicated physical infrastructure is meaning less and less as cloud-native technology is used to deploy dynamic, service-oriented, and highly scalable resources to deliver on the promises of 5G.

But, what does this mean for data visibility?

In the beginning, networks and the Internet writ-large were designed with the notion of intrinsic security based on a perimeter wherein a person, application or third-party was verified and subsequently granted an all-inclusive ‘trusted’ status. Suffice to say, this approach has resulted in damages and incalculable losses on a global scale. Trust placed on verification at only of a few points of access has proven to be lacking. To put it mildly, according to the Cloud Security Alliance in their Software-Defined Perimeter Architecture Guide, “Today’s network security architectures, tools and platforms all fall short of meeting the challenges presented by our current security threats.”  With recent (network) technology advances, we are now capable of building continuous verification to enable zero-trust.

We had the pleasure of supporting the Software Engineering Institute at Carnegie Mellon University’s conference, FloCon: Using Data to Defend. The presentations and discussions at the event provided validation that changes are coming to network and cyber security. More mathematical solutions are being developed to fuel machine learning and algorithms to combat malicious and other network traffic of interest. If you missed the event, an overview and video of our presentation is below.

2017 proved to be an explosive year for 100G, as well as for other "high-speed" networking technologies ("high-speed" being anything 25G+). According to Crehan Research, the data center Ethernet switching market saw its strongest growth in five years during 2017.

A new class of highly intelligent Virtual Switches and Next-Generation Packet Brokers (NPB) is on the rise.

Cloud computing and software-defined networking (SDN) have made development and operations teams far more aware of the importance of their networking infrastructure than ever before. In the age of DevOps, private, hybrid, and public cloud computing - the network is the fabric that holds the compute infrastructure together.

While deploying network monitoring tools, IT managers are often faced with questions, such as: "Can we do this and still ensure that we aren't impacting the production network?" or "Can I make sure that I can see 100% of network traffic?" or "What is the best way to get data into my monitoring and test tools?"