The L3AF project has achieved significant milestones in 2024, solidifying its role as a vital tool for enhancing eBPF program management and networking capabilities. With its promotion to an Incubation project within LF Networking, L3AF continues to grow in maturity and impact, as highlighted in the LF Networking 2024 Annual Report.
L3AF in Action:
The L3AF platform provides full lifecycle management for running ebpf programs at several hook points to defend against DDoS attacks, it offers deep visibility into network infrastructure, which are usually hidden outside of the Linux kernel, and enables complex functions to be performed directly in the traffic flow within the technology stack of Walmart’s retail and e-commerce platform.
A notable milestone was the release of L3AF R2 in January, which introduced several key improvements, followed by the availability of L3AF 2.1 in the fourth quarter. Collective updates over both releases include:
- Native eBPF Program Loading: L3AF now supports native loading and management of eBPF programs, eliminating the previous necessity for user-space programs to handle initial loading. This streamlines the deployment process and enhances efficiency.
- Enhanced Chaining and Monitoring: The update improved eBPF program chaining across multiple network interfaces and introduced monitoring capabilities for eBPF program versions, providing greater flexibility and control over network configurations.
- Open Source Traffic Mirroring: An open-source traffic mirroring program was added, offering network administrators a powerful tool for monitoring and analyzing network traffic.
- L3AF 2.1 introduces Graceful Restart functionality, allowing seamless upgrades of the L3AF control plane without impacting any running eBPF programs in the data plane.
- Container Support for l3afd: L3AF can now run within a container, equipped to operate in cloud native environments, improving orchestration and scalability for users leveraging Kubernetes and other cloudnative platforms.
- BPF CO-RE in the eBPF Package Repository: L3AF 2.1 now supports BPF CO-RE, enabling portable BPF applications that run across different Linux kernels without modifications.
- Support for KProbes and Tracepoints: Enhanced observability with support for kprobes and tracepoints, providing deeper kernel-level insights for better eBPF troubleshooting.
- Dynamically add programs to new interfaces: L3AF 2.1 allows dynamic program attachment to new interfaces, benefiting complex network environments like multi-VM hypervisors.
- Alternative traffic management options: L3AF now supports attaching eBPF programs to HTB qdisc hooks for refined traffic shaping and resource allocation.
- Enhanced Logging and Storage for Easier Debugging: Improved logging with local filesystem storage simplifies debugging, accelerates issue resolution, and supports integration with centralized log analysis systems for better observability.
- L3AF Goes to Dockerhub: L3AF is now available on Docker Hub, making deployment easier within containerized environments for streamlined DevOps integration.
These advancements have solidified L3AF’s role in simplifying and enhancing networking performance and security. The project’s commitment to open-source collaboration continues to drive innovation in the networking landscape.
Learn More in the Full Report
The LF Networking 2024 Annual Report provides deeper insights into L3AF’s progress and other groundbreaking projects shaping the future of networking. Read the full report here.