Successfully reported this slideshow.
Your SlideShare is downloading. ×

Low Overhead System Tracing with eBPF

May. 24, 2018
2 likes 837 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Linux System Monitoring with eBPF
Linux System Monitoring with eBPF
Loading in …3
×

Check these out next

Linux kernel tracing superpowers in the cloud
Andrea Righi
UM2019 Extended BPF: A New Type of Software
Brendan Gregg
Building Network Functions with eBPF & BCC
Kernel TLV
eBPF Perf Tools 2019
Brendan Gregg
BPF / XDP 8월 세미나 KossLab
Taeung Song
BPF Internals (eBPF)
Brendan Gregg
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021
Valeriy Kravchuk
Spying on the Linux kernel for fun and profit
Andrea Righi
1 of 26 Ad

Low Overhead System Tracing with eBPF

May. 24, 2018
2 likes 837 views

Download to read offline

Software

In the Container world, there is a need to build observability around apps and backing services running in containers. The observability should allow to capture on demand low level metrics at a low overhead. The proposal is to use ebpf as the tracing technology to capture details at kernel & user level, and generate on demand flamegraphs, heat maps for applications & backing services. The Linux kernel has a built-in BPF JIT compiler, and an in-kernel verifier which is used to validate eBPF programs. This allows user defined instrumentation on a live kernel image that can never crash, hang or interfere with the kernel negatively. eBPF provides in-kernel implementation of storage maps such as histograms and hash-maps, which helps in efficient copy of summarized monitoring data from kernel to user space with low overhead.

These features make eBPF programs safe to run in production and allow admins and engineers to collect crucial data from systems for performance analysis and monitoring.

In the Container world, there is a need to build observability around apps and backing services running in containers. The observability should allow to capture on demand low level metrics at a low overhead. The proposal is to use ebpf as the tracing technology to capture details at kernel & user level, and generate on demand flamegraphs, heat maps for applications & backing services. The Linux kernel has a built-in BPF JIT compiler, and an in-kernel verifier which is used to validate eBPF programs. This allows user defined instrumentation on a live kernel image that can never crash, hang or interfere with the kernel negatively. eBPF provides in-kernel implementation of storage maps such as histograms and hash-maps, which helps in efficient copy of summarized monitoring data from kernel to user space with low overhead.

These features make eBPF programs safe to run in production and allow admins and engineers to collect crucial data from systems for performance analysis and monitoring.

Software
Advertisement

Recommended

Linux System Monitoring with eBPF
Heinrich Hartmann
961 views
20 slides
LPC2019 BPF Tracing Tools
Brendan Gregg
1.8k views
9 slides
Understanding eBPF in a Hurry!
Ray Jenkins
1.3k views
77 slides
Tracer Evaluation
Qiao Han
339 views
31 slides
eBPF Trace from Kernel to Userspace
SUSE Labs Taipei
8.2k views
74 slides
eBPF Workshop
Michael Kehoe
1.3k views
26 slides
Bpf performance tools chapter 4 bcc
Viller Hsiao
351 views
19 slides
eBPF maps 101
SUSE Labs Taipei
3.9k views
64 slides
Advertisement

More Related Content

Slideshows for you (20)

Linux kernel tracing superpowers in the cloud
Andrea Righi
384 views
UM2019 Extended BPF: A New Type of Software
Brendan Gregg
32.8k views
Building Network Functions with eBPF & BCC
Kernel TLV
2.9k views
eBPF Perf Tools 2019
Brendan Gregg
8.4k views
BPF / XDP 8월 세미나 KossLab
Taeung Song
2.7k views
BPF Internals (eBPF)
Brendan Gregg
15.1k views
Tracing MariaDB server with bpftrace - MariaDB Server Fest 2021
Valeriy Kravchuk
283 views
Spying on the Linux kernel for fun and profit
Andrea Righi
147 views
bcc/BPF tools - Strategy, current tools, future challenges
IO Visor Project
990 views
Linux kernel-rootkit-dev - Wonokaerun
idsecconf
2.5k views
Staring into the eBPF Abyss
Sasha Goldshtein
3k views
Performance Analysis Tools for Linux Kernel
lcplcp1
1.6k views
A Kernel of Truth: Intrusion Detection and Attestation with eBPF
oholiab
564 views
Performance Wins with eBPF: Getting Started (2021)
Brendan Gregg
1.3k views
Kernel development
Nuno Martins
927 views
Performance Wins with BPF: Getting Started
Brendan Gregg
2k views
Linux 4.x Tracing: Performance Analysis with bcc/BPF
Brendan Gregg
10.6k views
LSFMM 2019 BPF Observability
Brendan Gregg
8.2k views
Linux 4.x Tracing Tools: Using BPF Superpowers
Brendan Gregg
209.3k views
Solaris Kernel Debugging V1.0
Jarod Wang
3.8k views
Linux kernel tracing superpowers in the cloud
Andrea Righi
384 views
36 slides
UM2019 Extended BPF: A New Type of Software
Brendan Gregg
32.8k views
48 slides
Building Network Functions with eBPF & BCC
Kernel TLV
2.9k views
32 slides
eBPF Perf Tools 2019
Brendan Gregg
8.4k views
39 slides
BPF / XDP 8월 세미나 KossLab
Taeung Song
2.7k views
137 slides
BPF Internals (eBPF)
Brendan Gregg
15.1k views
122 slides

Similar to Low Overhead System Tracing with eBPF (20)

Efficient System Monitoring in Cloud Native Environments
Gergely Szabó
111 views
The power of linux advanced tracer [POUG18]
Mahmoud Hatem
1.1k views
eBPF Basics
Michael Kehoe
2.1k views
Systems@Scale 2021 BPF Performance Getting Started
Brendan Gregg
1.4k views
Security Monitoring with eBPF
Alex Maestretti
6.9k views
Oracle Basics and Architecture
Sidney Chen
12.2k views
Python on exadata
Rainer Schuettengruber
639 views
Linux Profiling at Netflix
Brendan Gregg
1M views
SF-TAP: Scalable and Flexible Traffic Analysis Platform (USENIX LISA 2015)
Yuuki Takano
1.2k views
BPF - in-kernel virtual machine
Alexei Starovoitov
11.4k views
Porting and Optimization of Numerical Libraries for ARM SVE
Linaro
2.7k views
Building a Router
Hannes Gredler
20.4k views
Make Your Containers Faster: Linux Container Performance Tools
Kernel TLV
1.4k views
CAPI and OpenCAPI Hardware acceleration enablement
Ganesan Narayanasamy
591 views
Package Management via Spack on SJTU π Supercomputer
Jianwen Wei
882 views
Linux BPF Superpowers
Brendan Gregg
401k views
OSSNA 2017 Performance Analysis Superpowers with Linux BPF
Brendan Gregg
5.1k views
Native Support of Prometheus Monitoring in Apache Spark 3.0
Databricks
2.1k views
Experiences building a distributed shared log on RADOS - Noah Watkins
Ceph Community
88 views
How to improve ELK log pipeline performance
Steven Shim
232 views
Efficient System Monitoring in Cloud Native Environments
Gergely Szabó
111 views
56 slides
The power of linux advanced tracer [POUG18]
Mahmoud Hatem
1.1k views
73 slides
eBPF Basics
Michael Kehoe
2.1k views
63 slides
Systems@Scale 2021 BPF Performance Getting Started
Brendan Gregg
1.4k views
30 slides
Security Monitoring with eBPF
Alex Maestretti
6.9k views
27 slides
Oracle Basics and Architecture
Sidney Chen
12.2k views
25 slides
Advertisement

Recently uploaded (20)

AI Pugal.pptx
ARUNPRANESHS
3 views
Let's keep it simple and streaming
Timothy Spann
0 views
Automated Application Integration with FME & Cityworks Webinar
Safe Software
81 views
asset-explorer-overview.pptx
AurelIsaj
0 views
Data Acquisition PCU400 Network Manager rel1.ppt
ZahidNawazAdil
2 views
NodeJS vs Python.pptx
Albiorix Technology
6 views
Application Monitoring using Open Source: VictoriaMetrics - ClickHouse
VictoriaMetrics
6 views
Realise True Business Value .pdf
ThousandEyes
11 views
Why Spring Belongs In Your Data Stream (From Edge to Multi-Cloud)
Timothy Spann
0 views
what is python ?
NetmaxTechnologies1
0 views
The challenge of putting software sustainability research into practice
Green Software Development
7 views
Living the Stream Dream with Pulsar and Spring Boot
Timothy Spann
0 views
Automatic Labeling of the Object-oriented Source Code: The Lotus Approach
Ra'Fat Al-Msie'deen
5 views
Fusion Infotech Ltd _ Oracle ERP training course and certification in Banglad...
Jishan26
0 views
Naming the Identified Feature Implementation Blocks from Software Source Code
Ra'Fat Al-Msie'deen
6 views
Lec 8.pptx.pdf
ssuserbab2f4
0 views
python.pdf
Nambi Nam
5 views
Gated Communities Access Control Solution
philipthomas428223
2 views
idoc.ppt
MuraliMohan305661
4 views
436216225-scm-ppt-apple-1.pptx
KanakapriyaVenkatesa
1 view
AI Pugal.pptx
ARUNPRANESHS
3 views
7 slides
Let's keep it simple and streaming
Timothy Spann
0 views
38 slides
Automated Application Integration with FME & Cityworks Webinar
Safe Software
81 views
58 slides
asset-explorer-overview.pptx
AurelIsaj
0 views
26 slides
Data Acquisition PCU400 Network Manager rel1.ppt
ZahidNawazAdil
2 views
41 slides
NodeJS vs Python.pptx
Albiorix Technology
6 views
16 slides

Low Overhead System Tracing with eBPF

  1. 1. Low-Overhead System Tracing With eBPF May 2018 Akshay Kapoor DevOps Engineer @ SAP Labs
  2. 2. Low-Overhead System Tracing With eBPF
  3. 3. Low-Overhead System Tracing With eBPF
  4. 4. Low-Overhead System Tracing With eBPF
  5. 5. You don't need to know how to operate an X-ray machine, but you do need to know that if you swallow a penny, an X-ray is an option! ~ www.bredangregg.com
  6. 6. ----------------------------------------------------------------------- CLASSIC PKT. FILTERING BPF VIRTUAL MACHINE EXTENDED BPF BPF SYSTEM CALL ADDTL. PROBES 1993 Before 1992 2013 2014 Today EVOLUTION OF BPF STACK BASED KERNEL -> USPACE COPIES REGISTER BASED (2) LESSER COPIES IMPROVED ISA & eBPF MAPS MORE REGISTERS (10) EXPOSED TO USER SPACE KERNEL FILTERS UPROBES, KPROBES USDT, TRACEPOINTS
  7. 7. tcpdump -n "dst host 192.168.1.1 and dst port 23"
  8. 8. # Credits : https://suchakra.wordpress.com/ HOW BPF WORKS ?
  9. 9. BCC (BPF COMPILER COLLECTION) • https://github.com/iovisor/bcc • Lead Developer – Brenden Blanco #Credits : Sasha Goldshtein
  10. 10. BCC Tools [examples…]
  11. 11. BCC Tools [examples…]
  12. 12. BCC Tools [examples…]
  13. 13. BCC Tools [examples…]
  14. 14. Flamegraphs [ BCC/BPF Visualizations ]
  15. 15. Flamegraphs [ BCC/BPF Visualizations] (Source : https://blog.cloudflare.com/tracing-system-cpu-on-debian-stretch/) CallStacks No. of Samples
  16. 16. BPF and Containers
  17. 17. • Namespaces BPF and containers… PID Y PID X CONTAINER HOST Restricts Visibility • mnt • pid • net • . . .
  18. 18. • Namespaces • CGroups BPF and containers… CONTAINER 1 HOST Restricts Quota/Usage • cpu • mem • blkio • . . . CONTAINER 2 CPU SHARES
  19. 19. • Namespaces • CGroups • Analysis from the host • PID Mappings (/sys/fs/cgroup/docker/*) • Symbol file locations BPF and containers… 0x7f82b510ddda 0x7f82b510999d 0x7f82b510f665 0x7f82b510t546
  20. 20. • Namespaces • CGroups • Analysis from the host • PID Mappings (/sys/fs/cgroup*) • Symbol file locations • Deployment Methodologies BPF and containers… APP CONTAINER 1 APP CONTAINER 2 BCC TOOLS ON HOST KERNEL EVENTS
  21. 21. • Namespaces • CGroups • Analysis from the host • PID Mappings (/sys/fs/cgroup*) • Symbol file locations • Deployment Methodologies BPF and containers… APP CONTAINER 1 APP CONTAINER 2 KERNEL EVENTS BCC CONTAINER 3
  22. 22. DEMO OBSERVABILITYNETWORKING SECURITY
  23. 23. BPF Implementations… - Seccomp • Control system calls made by a process - Cilium • Controls Networking, Security and Load Balancing for containers - Weavescope • Observability into containerized application stacks like Docker and Kubernetes - Iptables • Bpfilter implementations to optimize ingress/outgress security rules - Systemtap • BPF backend for optimizations
  24. 24. References Sasha Goldshtein (goldshtn) Brendan Gregg (brendangregg) Suchakra (tuxology) Julia Evans (b0rk) @Follow https://github.com/iovisor/bcc http://man7.org/linux/man-pages/man2/bpf.2.html http://brendangregg.com/ebpf.html https://github.com/goldshtn/linux-tracing-workshop https://suchakra.wordpress.com/ - eBPF https://blog.yadutaf.fr/ - Networking & eBPF https://jvns.ca/blog/2017/07/05/linux-tracing-systems/ https://www.youtube.com/watch?v=aaTQM7wcmfk – Kernel Meetup | eBPF https://cilium.io/blog/2018/04/17/why-is-the-kernel-community-replacing-iptables/ https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/ https://lwn.net/Articles/740157/ - Thorough eBPF intro https://developers.redhat.com/blog/2017/12/13/introducing-stapbpf-systemtaps-new-bpf-backend/ https://lwn.net/Articles/747551/ - BPF comes to firewalls
  25. 25. Thank You ! akshay.kapoor@sap.com akskap akskap akskap

×