 Hi there. Thanks for coming to our virtual demo booth. My name is Brian Merrill, and I'm a software engineer at Walmart Global Tech, where we've just announced the open sourcing of our LEAF project together with the Linux Foundation. LEAF provides complete lifecycle management of EBPF programs in the kernel. LEAF is a platform that does this in a distributed way. We're not just managing a few EBPF programs on a single machine. We're managing multiple EBPF programs in different ways throughout your entire organization in a cloud agnostic way. Individual EBPF programs can be composed and chained together in different ways on different systems according to your business needs. These EBPF programs can be reconfigured on the fly, and LEAF provides out-of-the-box monitoring and metrics so you have better visibility into your network. You can think of LEAF as providing EBPF programs as a service throughout your organization, or as we sometimes call it, kernel functionality as a service. For more information on EBPF or LEAF, you can see our full one-summit conference talk. But for now, let's proceed with the demonstration. Before we actually drop into a terminal and start running commands, I want to give you a quick preview so you have some context going into this demonstration. So if you look at this slide, there's two main boxes. On the right-hand side is our virtual machine on which we'll be running LEAF. This virtual machine is all set up and configured using Vagrant Automation, which is checked into our open source repository. So you can grab this automation, and within just a few minutes, be running the same commands and things that I'll be showing you today. It's a very easy, quick way to get your feet wet with LEAF and give it a try. So on this virtual machine, we're running a couple of Go-based web servers where we can send test traffic. We're hosting a kernel function repository. This is where LEAF can download the EBPF programs that it's going to manage and execute. Then we're also running Prometheus and Grafana to show some of the metrics that LEAF provides for the EBPF programs that it's running. On the left-hand side of the screen, we see our host. From our host, we'll be able to access all of these services on the virtual machine via some ports that we've configured. So let's go ahead and go to our terminal and start running some commands. So, like I said, there's some ports configured on the host machine. We're showing those here. Those are our Go HTTP web servers that we can access to send test traffic to. We have our Prometheus, our Grafana port, Prometheus, and we have a couple of LEAF ports that we're able to run and access APIs on. And then this is showing our LEAF code on the host, which is mounted onto the virtual machine. So we could actually make code updates to LEAFD and quickly test them out on the virtual machine if we wanted to. So to keep things consistent with our slides, the slide that I was just showing, I'm going to keep our host commands running on the left-hand side of the screen and our virtual machine commands running on the right-hand side of the screen. And then you can see which window pane is active because it'll be the black one, and hopefully that'll help you follow along as I move between some of these window panes. So onto our virtual machine, you can see that we've already built a LEAF binary, a LEAFD binary. Let's go ahead and run LEAFD. For that, we need to be root because it's going to be doing some privileged things and loading these EBPF programs into the kernel. We need to provide it a configuration file. This configuration file doesn't tell it which EBPF programs to run or how to run them. This is just an initialization configuration telling you which ports to use, how to log, where to store metrics, things like that. Let's go ahead and start LEAFD. Okay, LEAFD is up and running, but it's not yet running any EBPF programs, but it's ready to be configured to do so. So before we actually start some EBPF programs, let's run some traffic against those test web servers or one and see what the results are. So I'm going to run Hey, which is just a nice, easy program for creating HTTP load. Let's run 200 requests with 20 concurrent workers. And let's run them to just pick one of these web servers. Okay, you see that we got all of those responses back very quickly. It only took 0.01 seconds. Most of them came in within that time and they were all 200 okay responses. So that looks good. Let's say we're in a scenario where we really want to slow down this traffic. Let's see how we could do that with LEAF. So we have a payload here. This is a payload that we can send to our LEAF configuration API. In this payload, we search by sequence ID. We'll see that there's two EBPF programs in this payload. One is a rate limiting program and one is a connection limiting program. Then we have various arguments and things we can send to them. Things we could change are which ports that we want these two, these EBPF programs to monitor and the actual rate limit and connection, max connection value. And these can all be changed on the fly, which is really great. So now that we've seen the payload, let's actually send that into LEAF. You can see we can do this just with a simple HTTP post in our test environment. So let's run that. And in the top right, you should see LEAFD, the LEAFD log load this configuration and start these EBPF programs. So we can see it doing that now and we got a successful response back. To verify that it's actually running the programs we expect, we can look at the LEAF debug API or the NIC that's configured on the virtual machine. So if we run this, we'll see now LEAF is running with our connection limiting EBPF program and our rate limiting EBPF program. So now we should really be slowing down this traffic. Let's rerun our hay command, the same hay command we ran before and see if we've made a difference. You can already see that it's taking longer. In fact, it's going to be taking much longer. We're really going to slow this traffic down. So let's take advantage of this time to kind of take a deeper dive look into some of the things that LEAF is doing under the covers for those that are interested. So as a root, we can run a BPF tool, which is a core BPF program. It's not a LEAF program. It's provided by the kernel team, I believe. And we can show which programs are running. So you can see our XDP programs are running here. We can also show some of the maps that are running. And LEAF uses these maps to do all kinds of things. It's where it provides the configured metrics. It's where we provide the configuration values. These maps are how LEAF is able to chain together programs but be able to reorder them or add and remove them without having to remove the base BPF program from the network interface. There's lots of things that are going on here under the covers that we don't have time to cover right now, but might be interesting for you to dig around in on your own. So our hay program finished. You can see it took much longer. It took about 60 seconds. So we really slowed that traffic down. And LEAF provides metrics into what those BPF programs were doing. So let's take a look at that using a browser and logging into Grafana. I'm going to skip creating a new password. And then I can look at the preconfigured dashboards that are part of our vagrant automation that are already populated here. So the first program that runs in that chain is our rate limiting program. It was sequence ID one. So let's take a look at it and see what it saw. You can see that it saw a big sharp increase in the number of connections received. And you can see that it actually started dropping some of these connections. So any of the requests that got passed rate limiting would go on to the next program in the chain, which would be our connection limiting program, which limits the max number of connections that can be alive at one time. So let's look at what it saw. Again, it saw a sharp increase in connections. And even it was dropping some of those connections that it saw. So it went through two layers of aggressive limiting. And that's why we saw that time for our requests increased so much. This was an extreme case to show sharp increases and dropping the traffic. But these programs are all configurable to fit your business needs and requirements. So that concludes our demonstration. Let's jump back to the slides. We want to give a thank you. The whole entire Leaf team would like to say thanks to all those that have been involved in our journey thus far to get leaf to the point where it is and running in production at Walmart and doing some great things. We're excited that it's now open source and hope to have many, many more collaborators and contributors in the future. We have an exciting roadmap planned ahead for Leaf and lots of things that we'd like to do. So if you're interested in getting involved, we would love to have you and we're excited to answer any questions. You might have about Leaf. We also just want to say thanks to the open source community in general for providing EBPF and answering our questions and helping us get to the point where we are. Thanks very much and have a good day.