TAC review scheduled for March 9, 2022

L3AF LFN Induction Proposal v2.pdf

Click for anchor link RESOLVED: The TAC recommends L3AF be inducted as a Sandbox Project to the LFN Governing Board This vote macro is locked

Choices Your Vote Current Result: (10 Total Votes)
+1
10 Votes , 100%
0
0 Votes , 0%
-1
0 Votes , 0%

Vote is conditioned on L3AF updating governance documentation to reflect the committer promotion process and status prior to the Governing Board induction meeting taking place on  

11 Comments

  1. Brian Freeman

    A few minor editorial comments.

    1. hotlink on some of the pages (Image Repository and Workflow links to github) points to XGVela (cut/paste error I suspect)
    2. There is no package under github. For those things that are intent do you want to add “(Future)”. Will there be an actual package / container ? If not then “N/A” is an okay answer as well.
    3. Might want to take a pass through the TSC Charter ( https://wiki.lfnetworking.org/display/L3AF/Governance ) for any open issues
      1. “Selecting maintainers for repositories shall be established by a nomination period, followed by TSC vote (majority). Who is eligiable to send forth a nomintation? Project Commiters?”


    1. LJ Illuzzi

      Thank you for the review comments.

      1. Sticky links corrected
      2. Noted
      3. There are a few governance processes that are in progress. Clarifications made.

  2. Ranny Haiby

    Excited to see this important eBPF related project inducted to the LFN. A few clarification questions:

    Slide #3 - Background - Could you share a sample use case of how L3AF is used by Walmart or any other end user? That may greatly help understand the functionality and value of the project.

    Slide #4 - Scope - Could you elaborate on the "eBPF program repository" - Is it merely a GitHub repo, or a full fledged "App Store" type of service? Will the L3AF project create and run a testing and certification program? Who will maintain the program?

    Slide #5 - Architecture - The diagram only shows a Daemon running in each node. How are these daemons deployed, especially when there are thousands of nodes as mentioned in slide #3. Is the orchestration of daemons in nodes also part of the project scope?

    Slide #8 - Cross project - Could you share your thoughts on how L3AF will co-exist with the other eBPF apps shown here, e.g. Cilium. Will they just run side-by-side, each pushing their own eBPF byte-code to the kernel, or will there be tighter integration?


    1. Karan Dalal

      Hey Ranny, thank you for going through the slides and posting your comments here. I have tried to answer your Qs below :-

      Slide #3 - eBPF programs have the capability to instrument, inspect and interdict traffic while providing deep visibility into system and network performance. The use-cases of eBPF can broadly be classified into three main areas – networking, observability or tracing, and Security. At Walmart, we have leveraged eBPF and L3AF to develop several eBPF programs, such as flow exporter, rate limiting, traffic mirroring, load-balancing, and many others. These eBPF programs are then orchestrated into the kernel of target nodes using the APIs provided by the L3AF platform.

      We have discussed Walmart's use of the eBPF and L3AF in a couple of tech conferences. You can view those here:

      https://www.youtube.com/watch?v=wc8_KGh_JfA 

      https://www.youtube.com/watch?v=thmAcyix8FM 


    2. Karan Dalal

      Slide #4 - In the initial version spec, the proposal is to simply have a GitHub repository to store eBPF program source code. This is to make sure that all the contributed eBPF programs can be made available in a single repository. The initial version doesn't have automation in place, so all submissions will be manually reviewed and published in this repo. The review process will also ensure that the code submissions conform to L3AF's eBPF program chaining mechanics.  Link to initial version: https://github.com/l3af-project/eBPF-Package-Repository

      The idea is to build a future version on top of the initial version and include a fully automated build-release system that can perform reviews and build/upload the package to a storage repo. The proposal for the future version discusses the option of allowing contributors to upload the eBPF package without sharing the source code. It also aims to address various other challenges such as security (vulnerability detection, signing, semantic code analysis) and portability. We have an eBPF Package Repository Committee which meets bi-weekly to discuss the future spec in detail and draw agreements 

      Proposal : https://github.com/l3af-project/l3af-arch/blob/main/discussions/prog_repo.md 

      Open Issues with the initial version : https://github.com/l3af-project/eBPF-Package-Repository/issues 

    3. Karan Dalal

      Slide #5 - We have discussed this a few times internally at Walmart. Since many enterprises may have their own standard set of deployment and configuration management tools, we were unsure if sharing ours would be of significant value. However, we remain open-minded about this and would welcome any contributions while continuing to provide adopters the flexibility to use their own toolsets.

    4. Karan Dalal

      Slide #8 - L3AF is a platform to orchestrate and compose multiple, independent eBPF programs. We believe that eBPF users can benefit from the development and open distribution of modular eBPF programs. eBPF program chaining is the procedure of calling multiple eBPF programs in a sequence. In the case of network eBPF programs, only a single eBPF program can be attached to the network interface for each type (i.e., TC and XDP) in a linux kernel. We can, however, sequentially execute multiple eBPF programs per type by having eBPF programs call the next program in the chain. Chaining eBPF programs is a key feature of L3AF that empowers users to compose different, independent programs together to solve those unique business needs.

      Any eBPF program can conform to the chaining mechanics of L3AF using the bpf_tail_call. We also have plans to develop an enhanced version of chaining that does not need any chain-specific logic in the eBPF programs. The proposal is available here -  https://github.com/l3af-project/l3af-arch/blob/main/discussions/chaining_enhancements.md

  3. Jason Hunt

    Thanks to the L3AF team for their induction proposal!  A couple feedback items:

    • Please publish the technical charter ASAP.  It is not available on the wiki, and there seems to be an issue open for this (https://github.com/l3af-project/governance/issues/2).  It might answer some of the other governance questions.
    • It would be good to have more definition around the TSC.  I know you have current TSC members defined (which I assume map to the "founding participants"), but it'd be great to have definition on ongoing structure, how elections held, how vacancies are filled, etc.
    • I strongly suggest prior to governing board approval that the committers be listed.
    • In general, I recommend fleshing out as much of the governance as you can sooner rather than later, as it will avoid any number of problems down the road.  We have plenty of examples from other LFN projects, so the TAC is happy to help.

  4. LJ Illuzzi

    Thank you for your review Jason.

    The recently updated Charter is added to Goverance repo: https://github.com/l3af-project/governance/blob/main/L3AF%20Technical%20Charter%20February%2016%2C%202022.pdf
    And also on the Wiki: https://wiki.lfnetworking.org/pages/viewpageattachments.action?pageId=62489235&metadataLink=true&preview=/62489235/68786169/L3AF%20Technical%20Charter%20February%2016%2C%202022.pdf

  5. LJ Illuzzi

    We'll continue to build out governance as a community. Committers list being top priority. 

  6. LJ Illuzzi

    Typo's on slides 7 and 10 corrected in L3AF LFN Induction Proposal v2.pdf attached above. Thanks you for todays induction review!