At Netflix we have 15 BPF programs running on cloud servers by default; Facebook has 40. These programs are not processes or kernel modules, and don't appear in traditional observability tools. They are a new type of software, and make a fundamental change to a 50-year old kernel model by introducing a new interface for applications to make kernel requests, alongside syscalls.
BPF originally stood for Berkeley Packet Filter, but has been extended in Linux to become a generic kernel execution engine, capable of running a new type of user-defined and kernel-mode applications. This is what BPF is really about, and I described this for the first time in my Ubuntu Masters keynote.
The video is on youtube:
And the slides are here or as a PDF:
My BPF Performance Tools book was just released as an eBook, and covers just one use case of BPF: observability. I'm also speaking about this topic at re:Invent this week as well (see you there).
BPF is the biggest operating systems change I've seen in my career, and it's thrilling to be a part of it. Thanks to Canonical for inviting me to speak about it at the first Ubuntu Masters event.
Click here for Disqus comments (ad supported).