The Linux Foundation Projects
Skip to main content


The L3AF community is happy to announce the availability of  its second code release, R2. The L3AF project, a groundbreaking initiative in the world of networking and security, has just unveiled its second major release, bringing a host of exciting improvements, new features, and bug fixes to the table. In this blog post, we’ll take a closer look at what’s new in L3AF Release 2.0.0 and how it is poised to make a significant impact on the networking landscape.

The second major release of L3AF since open source v1.0.0! L3AF makes it simpler to load and run eBPF programs by supporting native loading and management of eBPF programs.  

Previously,  this required users to write a user space program that did the initial loading of an eBPF program.  With L3AF R2 a user space program is now optional, but can still be started by l3afd after loading the eBPF program.  Loading eBPF programs through a user space program is still supported but should be considered deprecated and support will be removed in a future release.

“The introduction of two new parameters (object_file and entry_function_name) in the L3AF R2 request API payload allows for the native loading of ebpf programs by l3afd. This removes the need for user programs to handle the loading process. A sample payload incorporating these changes is provided.If these parameters are not provided, it also allows for loading from user programs.” — Santosh Fernandes, Walmart GTS


L3AF has been on a mission to simplify and enhance networking capabilities, making them more efficient and secure. Since its open-source debut with version 1.0, the project has come a long way, and the release of version 2.0 marks another major milestone.

One of the key highlights of this release is the improved support for eBPF (extended Berkeley Packet Filter) programs, which play a pivotal role in enhancing networking performance and security. With this release, all eBPF programs in the L3AF package repository are now guaranteed to work flawlessly on Linux systems running kernel version 5.15 or newer, providing a solid foundation for network optimization and security enhancement.

Release Highlights

Let’s dive into some of the most exciting features and changes introduced in L3AF Release 2.0:

  1. Improved eBPF Program Loading and Chaining: One of the core strengths of L3AF lies in its support for eBPF programs, and this release takes it a step further. It enhances eBPF program loading and chaining capabilities, making it easier for users to configure and manage these programs for network optimization.
  2. Native Go Chaining: In version 2.0.0, existing eBPF programs have been modified to support native Go chaining, providing a more seamless and efficient way to order and chain programs.
  3. Removal of Hard Coding: A significant improvement is the removal of hard coding of map paths in eBPF programs. This change makes the configuration of eBPF programs more flexible and adaptable to different network environments.
  4. Chaining Across Multiple Network Interfaces: L3AF introduces the ability to chain eBPF programs across multiple network interfaces, allowing for comprehensive network optimization and security strategies.
  5. Monitoring eBPF Program Versions: Users can now monitor the version of eBPF programs running on their nodes, providing greater visibility and control over their network configurations.
  6. Open-Source Traffic Mirroring Program: The release also includes an open-source traffic mirroring program, offering network administrators a powerful tool for monitoring and analyzing network traffic.
  7. CI/CD Improvements: Continuous Integration and Continuous Deployment (CI/CD) processes have been enhanced with end-to-end testing and improved artifact upload capabilities, ensuring a smoother development pipeline.

Breaking Changes

As with any major release, there are some breaking changes to be aware of:

  • Update native loading of root programs
  • Load XDP and TC programs from L3AFD

New Features

Version 2.0.0 introduces several exciting new features:

  • An updated data model to improve chaining enhancements.
  • Enhanced error handling in kfdebug.
  • Introduction of version tags to NFRunning metrics.
  • Upgrade to
  • Configurable scorecard permissions.
  • Improved configuration management from the command line.
  • Updated code owners list.

Future Release

  • Support BPF CO-RE to improve eBPF compatibility on Linux
  • Improve integration of eBPF programs in k8s environment

Bug Fixes and Other Changes

The release also includes bug fixes and various other changes aimed at improving the overall stability and performance of the L3AF framework.

L3AF R2 represents a significant leap forward in the world of open-source networking and eBPF-driven network optimization. With improved program loading, native Go chaining, and support for multiple network interfaces, L3AF continues to empower network administrators and developers to build efficient, secure, and high-performance networks. The addition of an open-source traffic mirroring program and CI/CD enhancements further solidify L3AF’s position as a valuable tool in the networking arsenal.

Helpful Documentation

See Getting Started with L3AF for more information about L3AF and how to engage with the L3AF community. You can also follow LF Networking on LinkedIn for the latest cross-community updates. 

Thanks to the extended L3AF community for making this release a reality!