2024 eBPF and Networking Trends Forecast

1. eBPF

1.1 eBPF will continue exponential growth

In 2023, eBPF‑based networking and security projects grew quickly; the author expects the total number of eBPF projects next year to exceed three digits. The popularity of Learning eBPF [1], eBPF Labs [2], the eBPF Summit [3] and the eBPF documentary (over 50,000 views) all indicate rising interest.

1.2 eBPF application marketplace

The ebpf.io site now lists 41 projects, up from 9 two years ago, covering CNI, high‑performance load balancing, cloud‑native runtime security, and observability. The author predicts an eBPF Store where users can download, install, and detect conflicts between eBPF programs.

1.3 eBPF on mobile devices

Millions of Android users already run eBPF daily, initially for traffic statistics but now for every network packet. Future use cases will expand beyond Android, and Cilium may run on mobile devices. Typical Android eBPF uses include data‑usage accounting, firewall/power‑saving policies, and high‑speed packet processing such as 464xlat.

1.4 Risks of eBPF misuse

Widespread adoption raises misuse concerns. Although the eBPF verifier [6] aims to ensure safe execution, increased usage may expose new vulnerability classes, prompting scrutiny of eBPF‑based applications.

2. Observability

2.1 Observability is the hottest KubeCon topic

Blog statistics [7] show observability as the most popular theme at KubeCon, outpacing platform engineering topics.

2.2 Reducing observability cost

Collecting full‑cluster data generates massive volumes, especially across hundreds of clusters and hundreds of thousands of Pods. In FinOps‑focused environments, engineers will optimise resource‑heavy observability tools, driving the popularity of low‑overhead eBPF monitors like Tetragon [9].

2.3 Context‑aware Kubernetes workloads

Context‑aware security, first proposed over a decade ago, will gain attention as containers hide context (multiple containers share an IP). Integrating Tetragon context with Cilium network policies [10] could be transformative.

2.4 AI‑assisted network troubleshooting

Network tools will embed LLMs for chat‑style interaction, e.g., diagnosing a traffic dip between 10 pm‑11 pm via a conversational Grafana query, generating Terraform snippets, or identifying routing loops.

3. Networking

3.1 Container networking matching host performance

At KubeCon Chicago, Daniel Borkmann presented “Turning up Performance to 11: Cilium, NetKit Devices, and Going Big with TCP” [11], announcing NetKit’s ability to run eBPF programs at the container level, promising host‑level performance once widely available.

3.2 Industry‑wide network transformation

Broadcom’s acquisition of VMware may cause organizations to reconsider VMware stacks, affecting NSX adoption.

Open‑source network automation (Awesome Network Automation repo [16]) and tools like GoBGP [17] and containerlab [18] have surged in popularity.

Performance gains from eBPF and XDP have narrowed the gap with proprietary solutions; a demo shows a 72‑fold CPU improvement [19].

The author expects a fundamental shift in networking over the next few years, possibly the biggest since software‑defined networking.

3.3 Cilium in the home

eCHO episode [20] explains why Cilium may appear in home environments, offering network‑policy protection, BGP, and Gateway API support. Edge adoption in retail and healthcare is already growing.

3.4 Network engineers seeking LLM help

Engineers use ChatGPT for troubleshooting and config generation, but the author cautions against fully delegating decisions to LLMs, noting inevitable minor issues.

4. Cloud‑Native

4.1 Kubernetes users push back on complexity

In 2024, platform and DevOps engineers will devote time to simplifying cloud‑native toolchains, leading to a contraction of the ecosystem.

4.2 IPv6‑only Kubernetes clusters become common

Google’s IPv6 user share rose from 31 % three years ago to 45 % [21]; at this rate IPv6 will dominate by year‑end. While managed services (AKS, GKE, EKS) still favour IPv4, Cilium now offers native NAT46/NAT64 support [22], and cost pressures from rising IPv4 pricing [23] accelerate IPv6 adoption. High‑performance features like BIG TCP [24] further incentivise the shift.

4.3 Rapidly growing Wasm

Wasm, likened to JavaScript in browsers, gains momentum as containerd adds native support [25]; eBPF‑powered Cilium can protect and connect Wasm workloads.

4.4 Heterogeneous networks must not be forgotten

Beyond Kubernetes, millions of VMs (≈85 million on vSphere [26]) and EC2 instances remain. Discussions at CiliumCon highlighted OpenStack [27] and Nomad [28] as important non‑K8s environments. Projects such as Cilium Mesh [29] aim to bridge Kubernetes, VMs, and serverless workloads.

4.5 Platform engineering meets networking

Gartner defines platform engineering as self‑service infrastructure automation that improves developer experience and productivity [30]. While the convergence promises benefits, platform engineers may fear giving developers too much network autonomy, requiring a balance between independence and control.