Solo.io BumbleBee Expands Access to eBPF Technologies
Solo.io has launched an open source BumbleBee project that makes it simpler for developers to take advantage of extended Berkeley Packet Filter (eBPF) technologies that run within the kernel of an operating system.
Solo.io CEO Idit Levine says the company developed BumbleBee to automatically generate the boilerplate user-space code that is required to access eBPF technologies running at the kernel level. BumbleBee includes a command-line interface (CLI) that automatically generates the user-space code for eBPF programs by automatically exposing maps as logs, metrics and histograms.
Solo.io is using that code to add additional functionality to the open source Istio service mesh created for integrating application programming interfaces (APIs) running on Kubernetes clusters. Other organizations, however, can employ the same boilerplate code to invoke eBPF technologies as they see fit; BumbleBee is packaged as a container that complies with the open container image (OCI) specification, Levine notes.
IT organizations will increasingly be able to run networking and security software as a set of sandboxed programs at the operating system kernel level. That capability will significantly improve the overall performance of networking and security services and will also make the IT environment more secure.
The challenge is that eBPF programs need to be loaded in the form of bytecode, and the kernel has data structures and formats that are specific to each kernel version. Packaging and distributing these binary programs is tedious, time-consuming and error-prone. BumbleBee simplifies the development, packaging and sharing of eBPF tools in a way that will help accelerate the adoption of eBPF, says Levine.
In effect, eBPF changes the way operating systems are designed. It bridges the boundary between kernel and user space by enabling developers to combine and apply logic across multiple subsystems that, historically, were completely independent of one another. That approach enables, for example, a security tool to scale to the point where it can identify threats at much higher levels of throughput. That improvement in overall scale is critical as the volume and frequency of cybersecurity attacks continues to increase.
The biggest benefit of eBPF is simply efficiency. The total cost of processing for security, networking and storage platforms should decline as more vendors take advantage of its capabilities. Currently, eBPF is widely used by web-scale companies such as cloud service providers. Facebook is using it as the primary software-defined load balancer in its data centers while Google is using open source Cilium networking software within its managed Kubernetes offerings. Going forward, however, Levine says it’s now only a matter of time before eBPF is much more widely adopted as more operating systems enable the capability.
Regardless of approach, it’s clear there will soon be a reason to upgrade not just networking, storage and security platforms but also instances of operating systems that don’t yet support eBPF. DevOps teams would be well-advised to plan accordingly because the number of platforms that will ultimately benefit from eBPF spans the entire enterprise.