eBPF: A New Approach to Cloud-Native Observability, Networking and Security for Current (5G) and Future Mobile Networks (6G and Beyond)

Modern mobile communication networks and new service applications are deployed on cloud-native platforms. Kubernetes (K8s) is the de facto distributed operating system for container orchestration, and the extended version of the Berkeley Packet Filter (eBPF)- in the Linux (and MS Windows) kernel- is fundamentally changing the approach to cloud-native networking, security, and observability. In this paper, we introduce what eBPF is, its potential for Telco cloud, and review some of the most promising pricing and billing models applied to this revolutionary operating system (OS) technology. These models include schemes based on a data source usage model or the number of eBPF agents deployed on the network, linked to specific eBPF modules. These modules encompass network observability, runtime security, and power dissipation monitoring. Next, we present our eBPF platform, named Sauron in this work, and demonstrate how eBPF allows us to write custom code and dynamically load eBPF programs into the kernel. These programs enable us to estimate the energy consumption of cloud-native functions, derive performance counters and gauges for transport networks, 5G applications, and non-access stratum protocols. Additionally, we can detect and respond to unauthorized access to cloud-native resources in real-time using eBPF. Our experimental results demonstrate the technical feasibility of eBPF in achieving highly performant monitoring, observability, and security tooling for current mobile networks (5G, 5G Advanced) as well as future networks (6G and beyond).