L3AF is an industry-first platform for distributed management and composition of eBPF programs. Composition in L3AF means multiple independent eBPF programs can be dynamically combined or “chained” together to solve unique business problems.
“Chaining” in L3AF means that the eBPF programs can be configured to run sequentially as configured by the user. eBPF programs can be reordered on the fly according to business needs. Chaining is a powerful feature that enables the composition of multiple, independent eBPF programs in order to solve unique problems.
We believe that eBPF users can benefit from the modular development and open distribution of eBPF programs. In this respect, we embrace the Unix philosophy of “write programs that do one thing and do it well.” Our vision is that the L3AF team, open-source community, and other businesses will develop independent eBPF programs that will be shared in a “eBPF program marketplace.” Users can then download a selection of signed eBPF programs and orchestrate them to solve their unique business needs.
Secure APIs are mTLS enabled and allow users to update configs for the eBPF programs on the fly.
eBPF programs may store metrics in eBPF maps. L3AF can be configured to read these metrics and expose them over a web API.
L3AF empowers its users to remove expensive hardware appliances with software-defined networking in the form of eBPF programs. L3AF is currently being used in production to save money and reduce network hops. Real-world examples include the removal of commercial networking packets broker and hardware load balancer solutions.
A L3AF daemon (L3AFD) runs on each machine and exposes a simple web API for configuration. This offers great flexibility in that each machine is able to have a unique configuration if the user wishes.
L3AF is designed to combine multiple, individual eBPF programs into a comprehensive and complementary solution to business problems. Even individual eBPF programs can be configured differently depending on their environment. This composition and configurability of eBPF programs provide great flexibility to the user.
L3AF can be run on any Linux system (>= 4.18). This means L3AF can be leveraged to solve common problems that may exist between cloud environments where other common solutions may not exist.
eBPF Program Marketplace
At L3AF, our vision is to create a marketplace for eBPF programs, where users and developers can share their own signed eBPF programs and download eBPF programs from others. Our L3AF platform can then be used to orchestrate and compose selected eBPF programs from the marketplace to several business needs. In this way, L3AF provides developers with a cloud and vendor-agnostic platform for adding capabilities to an operating system at runtime. We believe that the creation of such a fully integrated software ecosystem around eBPF will unleash its full potential for community adoption.
L3AF v1 – the first major release since open source!
eBPF Summit 2022 Presentations
L3AF: Complete Lifecycle Management of eBPF Programs
Santhosh Fernandes, Walmart
eBPF Summit 2021 Presentations
High Performance Load Balancing at Walmart
Karan Dalal and Kanthi Pavuluri, Walmart
Running and Orchestrating Multiple XDP and TC Programs
Brian G. Merrell, Walmart