Chapter 8. eBPF for Networking

As you saw in Chapter 1, the dynamic nature of eBPF allows us to customize the behavior of the kernel. In the world of networking, there is a huge range of desirable behavior that depends on the application. For example, a telecommunications operator might have to interface with telco-specific protocols like SRv6; a Kubernetes environment might need to be integrated with legacy applications; dedicated hardware load balancers can be replaced with XDP programs running on commodity hardware. eBPF allows programmers to build networking features to meet specific needs, without having to force them on all upstream kernel users.

Network tools based on eBPF are now widely used and have proven to be effective at prolific scale. The CNCF’s Cilium project, for example, uses eBPF as a platform for Kubernetes networking, standalone load balancing, and much more, and it’s used by cloud native adopters in every conceivable industry vertical.¹ Meta has been using eBPF at a vast scale—every packet to and from Facebook since 2017 has been through an XDP program. Another public and hyper-scaled example is Cloudflare’s use of eBPF for DDoS (distributed denial-of-service) protection.

These are complex, production-ready solutions, and their details are far beyond the scope of this book, but by reading the examples in this chapter you can get a feel for how eBPF networking solutions like these are built.