Looking Ahead: the eBPF Innovation Roadmap - Thomas Graf
Summary
TLDRThomas Graf, CTO and co-founder of Isovalent, warmly welcomes attendees to the eBPF Summit, focusing on the technology's roadmap and future. He discusses eBPF's efficiency and security, its role in making the Linux kernel programmable, and the rapid innovation it enables. Graf highlights the expansion of eBPF to Windows, the need for tool compatibility across ecosystems, and the potential for eBPF in specialized hardware like GPUs and DPUs. He envisions a future where eBPF facilitates distributed intelligence, bringing analytics and decision-making closer to data sources for more efficient infrastructure management.
Takeaways
- 👋 Thomas Gra, CTO and co-founder of Isovalent, warmly welcomes attendees to the eBPF Summit and shares his insights on the future of eBPF.
- 🚀 eBPF stands for Extended Berkeley Packet Filter, a technology that allows for efficient and secure execution of bytecode within the operating system, making the OS programmable.
- 🌟 Isovalent has been deeply involved with eBPF since its inception in 2014, contributing to open-source projects like Cilium, Tetragon, and Hubble.
- 🎥 For newcomers, the eBPF documentary on YouTube is recommended for an introductory understanding of eBPF, its history, and its impact on tech giants.
- 🔄 eBPF's primary purpose is to enable rapid innovation, which was a challenge in the Linux kernel's development process due to the need for stability.
- 🌐 eBPF is coming to Windows, expanding its reach and compatibility, which will require porting Linux-based eBPF tooling to the Windows environment.
- 🤝 The eBPF community must ensure tool compatibility and interoperability as the ecosystem grows, which is crucial for user experience and adoption.
- 📚 The open-source code will continue to be the standardizing body for eBPF, with the IETF standardizing eBPF based on the open-source code.
- 💡 Future innovations in eBPF will likely involve specialized hardware like GPUs and DPUs, driving demand for rapid innovation in these areas.
- 🌐 Thomas Gra envisions 'eBPF distributed intelligence', a concept where intelligence is brought to the data rather than streaming data to centralized intelligence, promising more efficient and faster-reacting infrastructure tools.
Q & A
What is the role of Thomas Gra at I Surveillance?
-Thomas Gra is the CTO and co-founder of I Surveillance.
What is the primary focus of the eBPF Summit?
-The eBPF Summit focuses on exploring opportunities and challenges in the eBPF roadmap for the coming years.
How is I Surveillance involved with eBPF?
-I Surveillance has been heavily involved with eBPF since its creation in 2014, launching open-source projects like Cilium, Tetragon, and Hubble.
What does eBPF stand for and what does it enable?
-eBPF stands for Extended Berkeley Packet Filter. It enables the operating system to be programmable in an efficient and secure manner by running eBPF bytecode as part of the OS.
What is the significance of eBPF in terms of security?
-eBPF is significant for security because it allows for the creation of kernel extensions that do not crash the operating system, unlike traditional kernel modules.
How has eBPF impacted the development of networking, security, and observability tools?
-eBPF has enabled the creation of an entire wave of networking, security, and observability tools by leveraging its superpowers to extend Linux capabilities on the fly.
Why was eBPF created and what does it signify for its future?
-eBPF was created to enable rapid innovation by allowing quick development and deployment of new features, which defines its future roadmap.
What is the significance of eBPF coming to Windows?
-The arrival of eBPF on Windows signifies a broader reach and compatibility for eBPF tools, requiring the porting of Linux-based eBPF tooling to the Windows environment.
What challenges does the eBPF ecosystem face with the growth in popularity and tools?
-The eBPF ecosystem faces the challenge of ensuring tool compatibility and interoperability as more tools are developed and deployed across different operating systems.
How does the open-source community play a role in the standardization of eBPF?
-The open-source community plays a crucial role in the standardization of eBPF as the open-source code serves as the source of truth for the evolving standard, with discussions and consensus finding happening within the community.
What is the potential impact of specialized hardware like GPUs and DPUs on eBPF?
-The deployment of specialized hardware like GPUs and DPUs will drive the demand for rapid innovation in that infrastructure, and eBPF will play a role in adapting to these new hardware capabilities.
What is the concept of 'eBPF distributed intelligence' mentioned in the script?
-eBPF distributed intelligence refers to the potential of applying intelligence and analytics closer to the data source, reducing the need for massive data transfer and storage, and enabling more efficient and faster decision-making.
Outlines
🌟 Introduction to eBPF and Its Impact
Thomas Gra, CTO and co-founder of I Surveillance, warmly welcomes attendees to the eBPF Summit. He reflects on the past and future of eBPF, emphasizing its role in rapid innovation since its inception in 2014. Gra highlights the company's significant contributions to the eBPF ecosystem through open-source projects like Cilium, Tetragon, and Hubble. He provides a brief overview of eBPF, describing it as an efficient, secure virtual machine that allows for programmable operating systems. Gra stresses the importance of eBPF's security aspect, especially in light of recent kernel vulnerabilities. The paragraph concludes with an invitation to new users to explore the eBPF documentary on YouTube for more insights into the technology's history and community.
🚀 Rapid Innovation with eBPF
Thomas Gra discusses the transformative impact of eBPF on feature development, reducing the time from months to days. He uses the analogy of eBPF carrying the 'snail' (Linux kernel) to illustrate how it has accelerated innovation. Gra outlines the challenges and opportunities on the eBPF roadmap, including its expansion to Windows. He explains that while the eBPF bytecode language will remain consistent, the hook points may differ, necessitating the porting of Linux-based eBPF tooling to Windows. Gra emphasizes the need for tool compatibility within the eBPF ecosystem to ensure a seamless user experience. He also mentions the ongoing standardization of eBPF through the IETF, based on its open-source code, which will continue to be the source of truth for the evolving standard.
🌐 Future Directions for eBPF
The paragraph delves into future prospects for eBPF, including its application to specialized hardware like GPUs and DPUs, driven by industry investments in AI workloads. Gra suggests that eBPF's capabilities will need to be adapted for this new infrastructure, just as it has for CPUs. He also introduces the concept of 'eBPF distributed intelligence,' which involves bringing intelligence to data rather than streaming data to centralized intelligence. This approach could lead to more efficient, faster-reacting security, networking, and observability tools. Gra expresses excitement about the potential for eBPF to enable smarter, context-aware decision-making at the data source, which could revolutionize infrastructure management.
📢 Closing Remarks and Invitation for Engagement
In his closing remarks, Thomas Gra extends his thanks to the audience and expresses his enthusiasm for continued innovation with the eBPF community. He invites attendees to reach out to him on Slack or LinkedIn to share their thoughts, ideas, and excitement about eBPF. Gra looks forward to answering questions and engaging in further discussions. The paragraph concludes with a wish for a successful and enjoyable eBPF Summit, followed by applause and music, signaling the end of his presentation.
Mindmap
Keywords
💡eBPF
💡CTO
💡Open Source
💡Interoperability
💡Linux
💡Windows
💡Rapid Innovation
💡Distributed Intelligence
💡GPUs and DPUs
💡Observability
Highlights
Introduction to eBPF Summit and the role of I Surveillance in the eBPF ecosystem.
Thomas Graf's perspective on the future roadmap of eBPF, focusing on opportunities and challenges.
A brief overview of eBPF as an efficient and secure virtual machine for running bytecode within the OS.
The significance of eBPF in making the operating system programmable and its impact on networking, security, and observability.
The role of eBPF in enabling rapid innovation and its contrast to the slower pace of traditional Linux kernel development.
The creation of open-source projects like Cilium, Tetragon, and Hubble as part of I Surveillance's commitment to eBPF.
The documentary on eBPF as a resource for newcomers to understand its history and impact.
The announcement of eBPF's expansion to Windows and the implications for compatibility and tooling.
The need for interoperability and compatibility among eBPF-based tools as the ecosystem grows.
The importance of open-source code as the standardizing body for eBPF and its role in community consensus.
The potential for eBPF to drive innovation in new infrastructure with specialized hardware like GPUs and DPUs.
Thomas Graf's vision of eBPF enabling distributed intelligence by bringing intelligence to data rather than streaming data to intelligence.
The call for community engagement and collaboration to address the challenges and opportunities in eBPF's future.
Closing remarks and an invitation for the audience to engage with Thomas Graf and share their thoughts on eBPF.
Acknowledgment of the eBPF Summit's success and anticipation for continued innovation in the eBPF community.
Transcripts
[Music]
hello and welcome my name is Thomas gra
I'm CTO and co-founder of I surveillance
and I would like to give all of you a
very warm welcome to this year's ebpf
Summit this year I would like to take an
opportunity and look ahead and talk
about opportunities and challenges on
ebpf road map in the next couple of
years as co-founder and CTO of is
surveillant or as is surveillant more
broadly we have been very involved in
ebpf since its Creation in 2014 and we
have launched an open- Source projects
like cium tetragon and Hubble so overall
a lot of involvement one could even say
that a lot of our company's mission and
vision was very tightly connected to
ebpf so let's look at what we see what I
see as the future road map of evf in
terms of opportunities it
has if this is your first summit or if
this is the first time you have an
encounter with ebpf what is ebpf so here
is very quick introduction one minute
edpf is an efficient and ex a secure
virtual machine learning edpf bite code
so look at the picture you see assembly
code that can run as part of the
operating system so think about it as a
module code that can run by doing so it
is making the operating system
programable what's important is it can
make that or it does that by in a very
efficient and a very secure fashion in
particular the secure aspect highly
important as we all learned in the last
couple of months where we saw the
devastating effect if a kernel extension
is able to crash the operating system so
with this Engine with this virtual
machine with this
runtime able to run ebpf bite codes an
entire wave of networking security and
observability toolings have been created
leveraging these superpowers of vpf and
throughout this year's Summit you will
hear many many examples of what exactly
uh is it that ebpf unlocked for them
like projects Solutions tools that you
have all created you will hear about a
very very wide set of applications of
ebpf besides the summit if you are new
then I think the ebpf documentary is
also a great way to get a first amount
of information um the documentary
available on YouTube so you can just
Google ebpf documentary or go on ebpf
how the tech Giants came in how it all
worked how how we convinced the Ling
chronal Community to even merge DPF lots
of great and funny stories along the way
it's 30 minutes but it will not feel
like 30 minutes at all definitely a
popcorn popcorn worthy movie before we
now look into the future I want to take
a moment to highlight what was the
single most important aspect of why we
even created eppf and for me that is e
EPF enabling rapid Innovation I think
it's crucial to understand this because
it really defines the future roadmap of
evf as well so think back 2014 10 years
ago Linux had just become the standard
or the designated standard for the new
operating system running on servers like
many of us colel developers we got
excited because all of a sudden all the
development times we built or we put
into our Hobby developing Linux all of a
sudden this software project uh was
destined to run on thousands 10
thousands hundreds of thousands of
servers worldwide so a lot of popularity
a lot of success amazing but it also had
a downside all of these people wanting
to run Linux at scale and in highly
efficient Mission critical environments
obviously wanted Linux to become boring
stable and change is a natural enemy of
stability and Bor boring so Linux became
slower and eventually slow and what took
what used to take days now took months
bringing a concept a new ideas a new
idea and right kernel code getting that
merged into the Upstream Linux kernel
and making that available for end users
or for end users to even adopt these new
Lage col versions took months in
sometime in some extreme cases even
years and obviously that really slowed
down innovation ebpf has fundamentally
re-enabled that rapid feature
development from month back to days
right what what used to take month we
could now write an ebpf program load it
load it dynamically execute it securely
and all of a sudden we have extended the
Linux colel um on the fly on demand and
this really brought a wave of evf based
D Innovation so think about the bees
carrying the snail the snail that got
slower slower slower carrying toks like
ebpf BS carrying the snail and allowing
it to go really really fast again so
that's what got us here that was the
last 10 years and obviously that still
dictates the forward Direction evf is
amazing enabling rapid Innovation for
infrastructure and for tooling at the
operating system level so looking ahead
what else is on the road map what else
can we use as challenges as opportunity
ities the most obvious one and probably
no longer a big secret is that ebpf is
coming to Windows so if you Google for
ebpf for Windows you will find a g
repository that has ebpf code able to
run on the Windows operating system ebpf
was specifically written for Linux and
it evolved inside of the Linux colel the
name suggests that it's coming from the
BSD days and that's accurate there was a
DPF implementation that even made it
into Linux all bstd based ebpf really
was a new implementation from scratch
and then made compatible to Al run
Legacy BPF programs or classic BPF
programs so that Linux specific ebpf
runtime and the ecosystem is now being
ported over to Windows now that will not
not look exactly the same it will bring
compatibility in terms of bite code so
the bite code language will be the same
we'll also of course have a verification
concept and will'll have things like
just in time compilation and so on or
once um ebpf bite code signatures are
common all of these concepts are
identical and the same but the actual
hook points where ebpf programs can
attach may actually be slightly
different depending on the operating
system so that also means that we need
to bring the existing tooling that we
have done ebpf based tooling written for
Linux and also Port that over the
windows so that's exciting it gives us
more reach all the tooling we have
developed for Linux
they will become available or can be
made available on Windows over the
coming years and that will keep many of
us busy from that front that's exciting
lots of reach that popularity that
additional success obviously also comes
at a particular cost so that means that
as an ebpf ecosystem we have to ensure
that all the tools we're writing are
compatible Right End users do not want
to think about whether one tool is
compare compatible to another one or or
I can only use tool a but not with tool
B and so on tools will need to be
compatible like many many tools are
coming to the market or um or published
or open sourced every year based on ebpf
Amazing all of you have so many great
ideas that you implement these tools
often then rely on the same hook points
or they Implement even the same ideas we
need to come together and make sure that
these tools become compatible and we
solve the problem of
interoperability or
compatibility you can also see that
there is um OSS code will continue to be
the standardizing body on the slide here
what do I mean by that by that I mean
that ebpf is a classic example where we
didn't write the standard specification
first and then implemented codes we
actually did the opposite the reverse we
we evolved ebpf as an open-source
project as part of the kernel and the
code became the standard we're now
standardizing ebpf or ebpf is being
standardized as part of the ietf but
it's based on the open- source code and
the open- source code will continue will
remain to be the source of Truth where
the actual standard is evolving where we
have the discussions and the the
consensus finding that will not change
right so but that but that means as a
community we have to come together
figure out how do we make comp tools
compatible to each other how do we make
tools portable from one operating system
to the next so exciting that's a bit of
a challenge we need to solve this it's
something to unlock for the next wave of
ebpf tooling it's a cost of the success
of
ebpf if you look a little bit further
what else is on the horizon and one
topic is very obvious Ai and I'll put an
asteris right there right because I
don't necessarily mean that we need to
use AI for ebpf if you have ideas you
want to explore that go for it I think
can be very exciting but there is even
just a broader industry I would say
movement that is that will happen
completely disconnected to how
successful AI will be there's currently
a large investment into gpus and dpus
and you can see that when you look at
the Nvidia stock for sure right so
instead of just deploying CPUs companies
around the world are now also deploying
gpus graphical processing units and dpus
data processing units specifically to
enable AI workloads in the future and
this investment is happening and it is
happening completely disconnected from
the fact whether the AI wave will
actually produce something really really
meaningful or not the opportunity is so
big that the industry will try so this
will happen it will it will result in an
entire new wave of infrastructure
getting deployed that is not just CPUs
anymore but is more special ized
Hardware with gpus and dpus and that new
infrastructure layer with more
capabilities will drive demand for Rapid
innovation in that infrastructure so all
the goodness that ebpf brought for the
age of CPU only will need to get
reapplied for the age of CPU plus GPU
plus dpu and this is where ebpf will be
able to come in and again illustrate and
demonstrate its superpowers
apply to gpus and
dpus last but not least the Outlook that
keeps me most excited is what I call
ebpf distributed intelligence which is a
completely made up word word I don't
think that's an official term in any way
but um think about it this way so far
any sort of intelligent Behavior or
analytics or even machine learning use
cases anytime we um try to apply some
smartness the typical architecture we
have been using so far is we have
compute with applications running
infrastructure running and then we have
relatively dumb data collectors that
will stream a lot of observability or
Telemetry to an analytics database this
can be an S can be a Time series
database it can be a graph database
whatever it is a lot of data get
streamed into these databases and we
keep a record of the history and then we
look at that data and we make decisions
based on that data we do we run
analytics or we learn right that's the
model that's been dominant so far and
it's a model that works but it will
eventually stop scaling because it
results in a massive amount of data
being able to or being needed to be
transferred and it has massive storage
requirements as well and we're now at
the point where the amount of
intelligence that can be applied is
limited by your budget for data transfer
and storage requirements or just the
scale of scaling abilities of databases
well what if we could turn this around
and we can say instead of bringing the
data to the intelligence we bring the
intelligence to the data so think as
ebpf is giving us the opportunity to not
just have very deep
observability but to also essentially
only extract the observability we need
and then apply logic to make Intelligent
Decisions and react to that ways that
don't require us to stream data some
reals and then react there but to
essentially make a decision an
intelligent smart decision on the Fly
based on the context we have available
at where where the source of the data
actually lies this will not work for all
types of use cases there will be use
cases that do require this completely um
distributed view over observability
sound from all sorts of edge notes and
then so on but for a lot of use cases
bringing the intelligence to this data
will be way more efficient it will lead
to new security networking observability
monitoring tools that are more efficient
a faster reaction times and in the end
result in better infrastructure for all
users so that's what keeps keeps me very
excited for the next coming years I
think this will be an area where ebpf
will really shine and we be we will see
not just rapid Innovation but also
application of ef's logic um
ability and with that I would like to
say I'm really looking forward to
continue innovating with all of you I
would love for you all to reach out to
me ping me on slack ping me on LinkedIn
um I would love to hear are you agreeing
are you disagreeing what are you excited
about what keeps what keeps you excited
about ebpf what are ideas you have I
would love to learn from you and
continue the conversation with that I
would like to thank you all very much
and and I want to wish you a continued
successful funny ebpf Summit and I'm
looking forward to answering questions
on slack thank you very much
[Music]
[Applause]
[Music]
浏览更多相关视频
eBPF’s Abilities and Limitations: The Truth - Liz Rice & John Fastabend, Isovalent
We write our applications in ebpf: A Tale From a Telekom Operator - Nick Zavaritsky
Transformation in Oil and Gas: DocStudio's CTO Perspective | EUGENE SOLOVIOV, ENERGIZE, Episode 6
What runs ChatGPT? Inside Microsoft's AI supercomputer | Featuring Mark Russinovich
The Future of Data | Tiago Santos | TEDxEUBusinessSchoolBarcelona
Big Data Analytics | What Is Big Data Analytics? | Big Data Analytics For Beginners | Simplilearn
5.0 / 5 (0 votes)