By Santosh Fernandes & originally published in the Walmart Global Tech blog
L3AF embarked on its open-source journey three years ago under the umbrella of the Linux Foundation Network (LFN). Over this time, it has traversed various stages of project maturity, including Sandbox, Incubation, and, hopefully soon, Graduated. Initially launched as a sandbox project, L3AF has enjoyed robust community engagement and multiple releases. Today, we are thrilled to announce that L3AF has progressed to the Incubation stage, marking a significant milestone in its development.
Introducing Release 2.1.0
With great excitement, the L3AF community unveils its third code release, Release 2.1.0. This release promises to be a game-changer in the networking and security domain, introducing a suite of enhancements, new features, and crucial bug fixes. In this post, we’ll delve into what’s new in L3AF Release 2.1.0 and explore how it stands to make a significant impact on the networking landscape.
Key Improvements and Features
Release 2.1.0 marks a significant step forward for L3AF since its initial open-source version 1.0.0. The update simplifies the process of upgrading the L3AF controller, enhancing developer experience and accessibility. L3AF comprises two major components: l3afd and eBPF programs, which are efficiently managed by l3afd.
- Orchestration with l3afd: L3AFD serves as the orchestrator for eBPF programs on nodes, enabling seamless integration and management of networking functionalities.
- eBPF Programs: This release introduces improvements to eBPF programs, which include XDP (eXpress Data Path) and TC (Traffic Control) programs. These are crucial for advanced packet processing and are attached directly to network interfaces.
Highlights of Release 2.1.0
Here are some standout features and enhancements in this release:
- Graceful Restart Functionality for l3afd
This feature facilitates uninterrupted upgrades of the l3af control plane, ensuring no disruption to any managed eBPF programs (data plane). This implies that we can introduce new features without any downtime. This also enhances the system’s robustness within the enterprises.
- Container Support for l3afd
L3AF can now operate within a container, marking our first step toward supporting container technology and aligning with the Cloud Native Computing Foundation. This expands our orchestration capabilities to cloud-native environments.
- BPF CO-RE in the eBPF Package Repository
We have included BPF CO-RE (Compile Once — Run Everywhere) to enhance eBPF compatibility on Linux. This modern approach allows for writing portable BPF applications that run across multiple kernel versions without modifications or runtime source code compilation.
- Support for KProbes and Tracepoints
L3AF now facilitates observability use cases through kprobes and tracepoints, enhancing our monitoring capabilities. It will maintain its support for other types of ebpf programs in upcoming releases. Examples can be found here.
- Dynamically add programs to new interfaces
One of the standout features of the latest L3AF release is its ability to dynamically attach programs to new interfaces as they are provisioned. L3AF now intelligently identifies programs that should be linked or chained to interfaces generated by external systems during run-time, rather than identifying the interface at the daemon’s startup. (i.e. every new network interface on the system requires the restart of the l3afd). This is particularly beneficial for users running L3AF on hypervisors that host multiple virtual machines (VMs). With this capability, eBPF programs can be seamlessly managed, allowing for greater flexibility and control in complex network environments.
- Users can experience alternative ways of managing traffic
In our ongoing commitment to improving traffic management, L3AF now supports attaching eBPF programs to Hierarchy Token Bucket (HTB) queuing discipline (qdisc) hooks. This addition enhances our existing support for new class types of traffic, allowing for more refined traffic shaping and resource allocation. Users can expect improved performance and efficiency when managing network traffic.
- Improved Logging for Easier Debugging
We understand that debugging can be a daunting task, which is why we’ve made significant improvements to our logging system. L3AF now features enhanced error handling logs, making it easier for developers to trace issues and understand system behavior. L3AFD now allows logs to be stored in the local filesystem. This feature enables seamless integration with external centralized log analytic systems, enhancing the overall observability and management of network activities. Users can expect a more cohesive logging strategy, making it simpler to analyze and act on network data.
- L3AF goes to Dockerhub
We’re excited to announce that L3AF has officially made its entry into Docker Hub with the release of the linuxfoundationl3af/l3afd Docker image. Users can now easily download the image using docker pull, simplifying the deployment process within containerized environments. This move makes it easier than ever to integrate L3AF into modern DevOps workflows.
Conclusion
In this post, we’ve highlighted the key features of the recent L3AF release 2.1.0 and shared some of the exciting use cases we’re actively working on. As we continue to explore and tackle more challenging use cases, we invite you to stay connected with us for upcoming blogs on graceful restart. Be sure to visit our website at https://l3af.io to learn more about our ongoing projects, and join the growing L3AF community. For those interested in contributing or exploring the code, check out our GitHub repository at https://github.com/l3af-project. We look forward to collaborating and innovating with you as we push the boundaries of what’s possible.
You can also check out our LFN release announcement blog, available here: LF Network release announcement blog
