TAC review scheduled for March 9, 2022
L3AF LFN Induction Proposal v2.pdf
Vote is conditioned on L3AF updating governance documentation to reflect the committer promotion process and status prior to the Governing Board induction meeting taking place on
11 Comments
Brian Freeman
A few minor editorial comments.
LJ Illuzzi
Thank you for the review comments.
Ranny Haiby
Excited to see this important eBPF related project inducted to the LFN. A few clarification questions:
Slide #3 - Background - Could you share a sample use case of how L3AF is used by Walmart or any other end user? That may greatly help understand the functionality and value of the project.
Slide #4 - Scope - Could you elaborate on the "eBPF program repository" - Is it merely a GitHub repo, or a full fledged "App Store" type of service? Will the L3AF project create and run a testing and certification program? Who will maintain the program?
Slide #5 - Architecture - The diagram only shows a Daemon running in each node. How are these daemons deployed, especially when there are thousands of nodes as mentioned in slide #3. Is the orchestration of daemons in nodes also part of the project scope?
Slide #8 - Cross project - Could you share your thoughts on how L3AF will co-exist with the other eBPF apps shown here, e.g. Cilium. Will they just run side-by-side, each pushing their own eBPF byte-code to the kernel, or will there be tighter integration?
Karan Dalal
Hey Ranny, thank you for going through the slides and posting your comments here. I have tried to answer your Qs below :-
Slide #3 - eBPF programs have the capability to instrument, inspect and interdict traffic while providing deep visibility into system and network performance. The use-cases of eBPF can broadly be classified into three main areas – networking, observability or tracing, and Security. At Walmart, we have leveraged eBPF and L3AF to develop several eBPF programs, such as flow exporter, rate limiting, traffic mirroring, load-balancing, and many others. These eBPF programs are then orchestrated into the kernel of target nodes using the APIs provided by the L3AF platform.
We have discussed Walmart's use of the eBPF and L3AF in a couple of tech conferences. You can view those here:
https://www.youtube.com/watch?v=wc8_KGh_JfA
https://www.youtube.com/watch?v=thmAcyix8FM
Karan Dalal
Slide #4 - In the initial version spec, the proposal is to simply have a GitHub repository to store eBPF program source code. This is to make sure that all the contributed eBPF programs can be made available in a single repository. The initial version doesn't have automation in place, so all submissions will be manually reviewed and published in this repo. The review process will also ensure that the code submissions conform to L3AF's eBPF program chaining mechanics. Link to initial version: https://github.com/l3af-project/eBPF-Package-Repository.
The idea is to build a future version on top of the initial version and include a fully automated build-release system that can perform reviews and build/upload the package to a storage repo. The proposal for the future version discusses the option of allowing contributors to upload the eBPF package without sharing the source code. It also aims to address various other challenges such as security (vulnerability detection, signing, semantic code analysis) and portability. We have an eBPF Package Repository Committee which meets bi-weekly to discuss the future spec in detail and draw agreements
Proposal : https://github.com/l3af-project/l3af-arch/blob/main/discussions/prog_repo.md
Open Issues with the initial version : https://github.com/l3af-project/eBPF-Package-Repository/issues
Karan Dalal
Slide #5 - We have discussed this a few times internally at Walmart. Since many enterprises may have their own standard set of deployment and configuration management tools, we were unsure if sharing ours would be of significant value. However, we remain open-minded about this and would welcome any contributions while continuing to provide adopters the flexibility to use their own toolsets.
Karan Dalal
Slide #8 - L3AF is a platform to orchestrate and compose multiple, independent eBPF programs. We believe that eBPF users can benefit from the development and open distribution of modular eBPF programs. eBPF program chaining is the procedure of calling multiple eBPF programs in a sequence. In the case of network eBPF programs, only a single eBPF program can be attached to the network interface for each type (i.e., TC and XDP) in a linux kernel. We can, however, sequentially execute multiple eBPF programs per type by having eBPF programs call the next program in the chain. Chaining eBPF programs is a key feature of L3AF that empowers users to compose different, independent programs together to solve those unique business needs.
Any eBPF program can conform to the chaining mechanics of L3AF using the bpf_tail_call. We also have plans to develop an enhanced version of chaining that does not need any chain-specific logic in the eBPF programs. The proposal is available here - https://github.com/l3af-project/l3af-arch/blob/main/discussions/chaining_enhancements.md
Jason Hunt
Thanks to the L3AF team for their induction proposal! A couple feedback items:
LJ Illuzzi
Thank you for your review Jason.
The recently updated Charter is added to Goverance repo: https://github.com/l3af-project/governance/blob/main/L3AF%20Technical%20Charter%20February%2016%2C%202022.pdf
And also on the Wiki: https://wiki.lfnetworking.org/pages/viewpageattachments.action?pageId=62489235&metadataLink=true&preview=/62489235/68786169/L3AF%20Technical%20Charter%20February%2016%2C%202022.pdf
LJ Illuzzi
We'll continue to build out governance as a community. Committers list being top priority.
LJ Illuzzi
Typo's on slides 7 and 10 corrected in L3AF LFN Induction Proposal v2.pdf attached above. Thanks you for todays induction review!