TL;DR
New research from the eBPF Foundation highlights how enterprises are achieving measurable cost savings, performance gains, risk reduction, and operational efficiencies with eBPF in production. The eBPF In Production: An Overview of Compelling Enterprise Outcomes Using eBPF report showcases real-world deployments from organizations including Cloudflare, Netflix, ByteDance, and Rakuten, and demonstrates how eBPF has become a foundational technology for modern infrastructure. The report is available now as a free download.
FOR IMMEDIATE RELEASE
Latest research from the eBPF Foundation demonstrates how organizations are achieving measurable ROI with eBPF at global scale
SAN FRANCISCO – February 12, 2026 – The eBPF Foundation, which advances eBPF’s upstream development and community and promotes its secure adoption across platforms, today announced the availability of its newest research report, eBPF In Production.
Designed for executive and senior technical leaders, the report focuses on tangible business outcomes and their associated ROI. It consolidates real-world examples of organizations deploying eBPF in production and documents measurable improvements in performance, infrastructure efficiency, security posture, and operational scale.
As the report, authored by tech journalist Bill Doerrfeld, explains eBPF has evolved into a mature, production-grade infrastructure technology with clear benefits over existing solutions. Embedded within products, projects, and tools spanning networking, observability, runtime security, and application governance, eBPF enables organizations to implement advanced functionality in the Linux kernel without disruptive kernel rewrites, risks of crashing the system, or excessive overhead.
“eBPF has moved decisively from experimentation to enterprise standard,” said Bill Mulligan, eBPF Governing Board Member from Isovalent. “This report demonstrates that leading organizations are not just piloting eBPF, they are standardizing on it to reduce costs, mitigate risk, and improve system performance at massive scale.”
Key Insights From the Report
Drawing on documented case studies and public production benchmarks, the report highlights consistent patterns of success across industries:
Reduced Infrastructure Costs
Organizations are leveraging deep kernel-level visibility to optimize CPU, GPU, and network utilization:
- Datadog reduced CPU usage by 35% using an eBPF-based connection tracker.
- Meta reduced CPU cycles by up to 20% using its eBPF-driven Strobelight profiler.
- Polar Signals cut cross-zone traffic costs by 50% with eBPF-based observability.
Increased Operational Efficiency and Scale
eBPF’s low-overhead execution model enables leaner, more scalable infrastructure:
- LinkedIn reduced Kafka log volume by 70% using an eBPF observability agent.
- Seznam.cz doubled throughput while reducing CPU usage by 72x with eBPF load balancing.
- DoorDash achieved 40% less memory usage, 98% fewer restarts, and 80% faster deployments after migrating to eBPF-based monitoring.
Risk Mitigation and Attack Prevention
Kernel-level enforcement and telemetry enable faster, more precise security controls:
- SentinelOne detects and stops ransomware attempts in under one second using eBPF-based architecture.
- Cloudflare mitigated DDoS attacks peaking above 7 Tbps using eBPF-based XDP programs.
- CoreTech mitigated a 1 Tbps DDoS attack without downtime using eBPF-powered scrubbing.
Improved Developer Velocity
By centralizing observability and policy enforcement at the kernel layer, organizations reduce instrumentation burden, troubleshooting complexity, and compliance friction, enabling faster innovation across platform and security teams.
Featured Enterprise Case Studies
The report takes a deep dive into four global organizations using eBPF as a strategic infrastructure layer:
- Cloudflare, where eBPF underpins networking, observability, and terabit-scale DDoS mitigation.
- Netflix, which uses eBPF for network defense, “noisy neighbor” detection, and large-scale telemetry collection supporting more than 325 million subscribers.
- ByteDance, which improved throughput by 10% across infrastructure supporting approximately one million servers by adopting eBPF-based networking.
- Rakuten Mobile, where eBPF powers anomaly detection, security enforcement, and observability within a cloud-native telecom environment.
Together, these case studies demonstrate that eBPF is no longer an isolated tool for networking or observability, it is becoming a modular foundation that unifies performance, security, and telemetry at the kernel level.
A Strategic Infrastructure Foundation
The report concludes that eBPF is now woven into the fabric of modern Linux-based systems and should be viewed as a strategic infrastructure layer rather than a niche technology. Organizations that treat eBPF as a unified foundation across networking, observability, and security are realizing compound benefits in efficiency, visibility, and risk reduction.
As steward of the eBPF ecosystem, the eBPF Foundation plays a central role in advancing upstream innovation, supporting collaboration across vendors and end users, and accelerating the adoption of secure, programmable infrastructure.
Download the Report
eBPF In Production is available to download for free from the eBPF Foundation.
eBPF Foundation Resources
- Learn about membership opportunities
- Subscribe to the mailing lists
- Access other resources on eBPF’s GitHub or Slack
About the eBPF Foundation
The eBPF Foundation was created to advance eBPF as an open, shared technology for programmable infrastructure. It brings together a cross-platform community of maintainers and organizations working upstream to evolve eBPF’s capabilities while ensuring its safety, security, and performance. Foundation members collaborate on common technical priorities, security best practices, community development, and promotional opportunities supporting eBPF across kernels, operating systems, and enterprise environments. Find further information here: https://www.ebpf.foundation